]> git.saurik.com Git - apple/xnu.git/blobdiff - osfmk/vm/vm_map.c
projects / apple / xnu.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xnu-3789.70.16.tar.gz
[apple/xnu.git] / osfmk / vm / vm_map.c
diff --git a/osfmk/vm/vm_map.c b/osfmk/vm/vm_map.c
index 604bc202f79afb47653d6f44027974565c72259e..69150e2a77be38abf9a8785fab13b36da2ebed50 100644 (file)
--- a/osfmk/vm/vm_map.c
+++ b/osfmk/vm/vm_map.c
@@ -1,5 +1,5 @@
 /*
 /*
- * Copyright (c) 2000-2009 Apple Inc. All rights reserved.
+ * Copyright (c) 2000-2012 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
@@ -65,6 +65,9 @@
 
 #include <task_swapper.h>
 #include <mach_assert.h>
 
 #include <task_swapper.h>
 #include <mach_assert.h>
+
+#include <vm/vm_options.h>
+
 #include <libkern/OSAtomic.h>
 
 #include <mach/kern_return.h>
 #include <libkern/OSAtomic.h>
 
 #include <mach/kern_return.h>
@@ -79,11 +82,13 @@
 #include <mach/sdt.h>
 
 #include <kern/assert.h>
 #include <mach/sdt.h>
 
 #include <kern/assert.h>
+#include <kern/backtrace.h>
 #include <kern/counters.h>
 #include <kern/kalloc.h>
 #include <kern/zalloc.h>
 
 #include <vm/cpm.h>
 #include <kern/counters.h>
 #include <kern/kalloc.h>
 #include <kern/zalloc.h>
 
 #include <vm/cpm.h>
+#include <vm/vm_compressor_pager.h>
 #include <vm/vm_init.h>
 #include <vm/vm_fault.h>
 #include <vm/vm_map.h>
 #include <vm/vm_init.h>
 #include <vm/vm_fault.h>
 #include <vm/vm_map.h>
@@ -94,7 +99,6 @@
 #include <ipc/ipc_port.h>
 #include <kern/sched_prim.h>
 #include <kern/misc_protos.h>
 #include <ipc/ipc_port.h>
 #include <kern/sched_prim.h>
 #include <kern/misc_protos.h>
-#include <machine/db_machdep.h>
 #include <kern/xpr.h>
 
 #include <mach/vm_map_server.h>
 #include <kern/xpr.h>
 
 #include <mach/vm_map_server.h>
@@ -106,6 +110,17 @@
 #include <vm/vm_shared_region.h>
 #include <vm/vm_map_store.h>
 
 #include <vm/vm_shared_region.h>
 #include <vm/vm_map_store.h>
 
+extern int proc_selfpid(void);
+extern char *proc_name_address(void *p);
+
+#if VM_MAP_DEBUG_APPLE_PROTECT
+int vm_map_debug_apple_protect = 0;
+#endif /* VM_MAP_DEBUG_APPLE_PROTECT */
+#if VM_MAP_DEBUG_FOURK
+int vm_map_debug_fourk = 0;
+#endif /* VM_MAP_DEBUG_FOURK */
+
+extern u_int32_t random(void); /* from <libkern/libkern.h> */
 /* Internal prototypes
  */
 
 /* Internal prototypes
  */
 
@@ -121,7 +136,7 @@ static boolean_t    vm_map_range_check(
        vm_map_entry_t  *entry);
 
 static vm_map_entry_t  _vm_map_entry_create(
        vm_map_entry_t  *entry);
 
 static vm_map_entry_t  _vm_map_entry_create(
-       struct vm_map_header    *map_header);
+       struct vm_map_header    *map_header, boolean_t map_locked);
 
 static void            _vm_map_entry_dispose(
        struct vm_map_header    *map_header,
 
 static void            _vm_map_entry_dispose(
        struct vm_map_header    *map_header,
@@ -160,7 +175,8 @@ static kern_return_t        vm_map_copy_overwrite_unaligned(
        vm_map_t        dst_map,
        vm_map_entry_t  entry,
        vm_map_copy_t   copy,
        vm_map_t        dst_map,
        vm_map_entry_t  entry,
        vm_map_copy_t   copy,
-       vm_map_address_t start);
+       vm_map_address_t start,
+       boolean_t       discard_on_success);
 
 static kern_return_t   vm_map_copy_overwrite_aligned(
        vm_map_t        dst_map,
 
 static kern_return_t   vm_map_copy_overwrite_aligned(
        vm_map_t        dst_map,
@@ -180,7 +196,9 @@ static kern_return_t        vm_map_copyout_kernel_buffer(
        vm_map_t        map,
        vm_map_address_t *addr, /* IN/OUT */
        vm_map_copy_t   copy,
        vm_map_t        map,
        vm_map_address_t *addr, /* IN/OUT */
        vm_map_copy_t   copy,
-       boolean_t       overwrite);
+       vm_map_size_t   copy_size,
+       boolean_t       overwrite,
+       boolean_t       consume_on_success);
 
 static void            vm_map_fork_share(
        vm_map_t        old_map,
 
 static void            vm_map_fork_share(
        vm_map_t        old_map,
@@ -190,7 +208,8 @@ static void         vm_map_fork_share(
 static boolean_t       vm_map_fork_copy(
        vm_map_t        old_map,
        vm_map_entry_t  *old_entry_p,
 static boolean_t       vm_map_fork_copy(
        vm_map_t        old_map,
        vm_map_entry_t  *old_entry_p,
-       vm_map_t        new_map);
+       vm_map_t        new_map,
+       int             vm_map_copyin_flags);
 
 void           vm_map_region_top_walk(
        vm_map_entry_t             entry,
 
 void           vm_map_region_top_walk(
        vm_map_entry_t             entry,
@@ -203,16 +222,18 @@ void              vm_map_region_walk(
        vm_object_offset_t         offset,
        vm_object_size_t           range,
        vm_region_extended_info_t  extended,
        vm_object_offset_t         offset,
        vm_object_size_t           range,
        vm_region_extended_info_t  extended,
-       boolean_t                  look_for_pages);
+       boolean_t                  look_for_pages,
+       mach_msg_type_number_t count);
 
 static kern_return_t   vm_map_wire_nested(
        vm_map_t                   map,
        vm_map_offset_t            start,
        vm_map_offset_t            end,
 
 static kern_return_t   vm_map_wire_nested(
        vm_map_t                   map,
        vm_map_offset_t            start,
        vm_map_offset_t            end,
-       vm_prot_t                  access_type,
+       vm_prot_t                  caller_prot,
        boolean_t                  user_wire,
        pmap_t                     map_pmap, 
        boolean_t                  user_wire,
        pmap_t                     map_pmap, 
-       vm_map_offset_t            pmap_addr);
+       vm_map_offset_t            pmap_addr,
+       ppnum_t                    *physpage_p);
 
 static kern_return_t   vm_map_unwire_nested(
        vm_map_t                   map,
 
 static kern_return_t   vm_map_unwire_nested(
        vm_map_t                   map,
@@ -244,7 +265,8 @@ static kern_return_t        vm_map_remap_extract(
        vm_prot_t               *cur_protection,
        vm_prot_t               *max_protection,
        vm_inherit_t            inheritance,
        vm_prot_t               *cur_protection,
        vm_prot_t               *max_protection,
        vm_inherit_t            inheritance,
-       boolean_t               pageable);
+       boolean_t               pageable,
+       boolean_t               same_map);
 
 static kern_return_t   vm_map_remap_range_allocate(
        vm_map_t                map,
 
 static kern_return_t   vm_map_remap_range_allocate(
        vm_map_t                map,
@@ -261,7 +283,8 @@ static void         vm_map_region_look_for_page(
        vm_object_offset_t         offset,
        int                        max_refcnt,
        int                        depth,
        vm_object_offset_t         offset,
        int                        max_refcnt,
        int                        depth,
-       vm_region_extended_info_t  extended);
+       vm_region_extended_info_t  extended,
+       mach_msg_type_number_t count);
 
 static int             vm_map_region_count_obj_refs(
        vm_map_entry_t             entry,
 
 static int             vm_map_region_count_obj_refs(
        vm_map_entry_t             entry,
@@ -288,11 +311,12 @@ static kern_return_t      vm_map_can_reuse(
        vm_map_offset_t start,
        vm_map_offset_t end);
 
        vm_map_offset_t start,
        vm_map_offset_t end);
 
-#if CONFIG_FREEZE
-struct default_freezer_table;
-__private_extern__ void* default_freezer_mapping_create(vm_object_t, vm_offset_t);
-__private_extern__ void  default_freezer_mapping_free(void**, boolean_t all);  
-#endif
+#if MACH_ASSERT
+static kern_return_t   vm_map_pageout(
+       vm_map_t        map,
+       vm_map_offset_t start,
+       vm_map_offset_t end);
+#endif /* MACH_ASSERT */
 
 /*
  * Macros to copy a vm_map_entry. We must be careful to correctly
 
 /*
  * Macros to copy a vm_map_entry. We must be careful to correctly
@@ -303,8 +327,10 @@ __private_extern__ void  default_freezer_mapping_free(void**, boolean_t all);
  * wire count; it's used for map splitting and zone changing in
  * vm_map_copyout.
  */
  * wire count; it's used for map splitting and zone changing in
  * vm_map_copyout.
  */
-#define vm_map_entry_copy(NEW,OLD) \
-MACRO_BEGIN                                     \
+
+#define vm_map_entry_copy(NEW,OLD)     \
+MACRO_BEGIN                            \
+boolean_t _vmec_reserved = (NEW)->from_reserved_zone;  \
        *(NEW) = *(OLD);                \
        (NEW)->is_shared = FALSE;       \
        (NEW)->needs_wakeup = FALSE;    \
        *(NEW) = *(OLD);                \
        (NEW)->is_shared = FALSE;       \
        (NEW)->needs_wakeup = FALSE;    \
@@ -312,9 +338,20 @@ MACRO_BEGIN                                     \
        (NEW)->wired_count = 0;         \
        (NEW)->user_wired_count = 0;    \
        (NEW)->permanent = FALSE;       \
        (NEW)->wired_count = 0;         \
        (NEW)->user_wired_count = 0;    \
        (NEW)->permanent = FALSE;       \
+       (NEW)->used_for_jit = FALSE;    \
+       (NEW)->from_reserved_zone = _vmec_reserved;     \
+       (NEW)->iokit_acct = FALSE;      \
+       (NEW)->vme_resilient_codesign = FALSE; \
+       (NEW)->vme_resilient_media = FALSE;     \
+       (NEW)->vme_atomic = FALSE;      \
 MACRO_END
 
 MACRO_END
 
-#define vm_map_entry_copy_full(NEW,OLD)        (*(NEW) = *(OLD))
+#define vm_map_entry_copy_full(NEW,OLD)                        \
+MACRO_BEGIN                                            \
+boolean_t _vmecf_reserved = (NEW)->from_reserved_zone; \
+(*(NEW) = *(OLD));                                     \
+(NEW)->from_reserved_zone = _vmecf_reserved;                   \
+MACRO_END
 
 /*
  *     Decide if we want to allow processes to execute from their data or stack areas.
 
 /*
  *     Decide if we want to allow processes to execute from their data or stack areas.
@@ -353,6 +390,8 @@ override_nx(vm_map_t map, uint32_t user_tag) /* map unused on arm */
 {
        int current_abi;
 
 {
        int current_abi;
 
+       if (map->pmap == kernel_pmap) return FALSE;
+
        /*
         * Determine if the app is running in 32 or 64 bit mode.
         */
        /*
         * Determine if the app is running in 32 or 64 bit mode.
         */
@@ -419,8 +458,10 @@ override_nx(vm_map_t map, uint32_t user_tag) /* map unused on arm */
 
 static zone_t  vm_map_zone;            /* zone for vm_map structures */
 static zone_t  vm_map_entry_zone;      /* zone for vm_map_entry structures */
 
 static zone_t  vm_map_zone;            /* zone for vm_map structures */
 static zone_t  vm_map_entry_zone;      /* zone for vm_map_entry structures */
-static zone_t  vm_map_kentry_zone;     /* zone for kernel entry structures */
+zone_t vm_map_entry_reserved_zone;     /* zone with reserve for non-blocking
+                                        * allocations */
 static zone_t  vm_map_copy_zone;       /* zone for vm_map_copy structures */
 static zone_t  vm_map_copy_zone;       /* zone for vm_map_copy structures */
+zone_t         vm_map_holes_zone;      /* zone for vm map holes (vm_map_links) structures */
 
 
 /*
 
 
 /*
@@ -435,13 +476,10 @@ static void               *map_data;
 static vm_size_t       map_data_size;
 static void            *kentry_data;
 static vm_size_t       kentry_data_size;
 static vm_size_t       map_data_size;
 static void            *kentry_data;
 static vm_size_t       kentry_data_size;
-static int             kentry_count = 2048;            /* to init kentry_data_size */
+static void            *map_holes_data;
+static vm_size_t       map_holes_data_size;
 
 
-#if CONFIG_EMBEDDED
-#define                NO_COALESCE_LIMIT  0
-#else
 #define         NO_COALESCE_LIMIT  ((1024 * 128) - 1)
 #define         NO_COALESCE_LIMIT  ((1024 * 128) - 1)
-#endif
 
 /* Skip acquiring locks if we're in the midst of a kernel core dump */
 unsigned int not_in_kdp = 1;
 
 /* Skip acquiring locks if we're in the midst of a kernel core dump */
 unsigned int not_in_kdp = 1;
@@ -467,7 +505,7 @@ vm_map_set_cache_attr(
                kr = KERN_INVALID_ARGUMENT;
                goto done;
        }
                kr = KERN_INVALID_ARGUMENT;
                goto done;
        }
-       object = map_entry->object.vm_object;
+       object = VME_OBJECT(map_entry);
 
        if (object == VM_OBJECT_NULL) {
                /*
 
        if (object == VM_OBJECT_NULL) {
                /*
@@ -499,86 +537,180 @@ done:
  */
 kern_return_t
 vm_map_apple_protected(
  */
 kern_return_t
 vm_map_apple_protected(
-       vm_map_t        map,
-       vm_map_offset_t start,
-       vm_map_offset_t end,
+       vm_map_t                map,
+       vm_map_offset_t         start,
+       vm_map_offset_t         end,
+       vm_object_offset_t      crypto_backing_offset,
        struct pager_crypt_info *crypt_info)
 {
        boolean_t       map_locked;
        kern_return_t   kr;
        vm_map_entry_t  map_entry;
        struct pager_crypt_info *crypt_info)
 {
        boolean_t       map_locked;
        kern_return_t   kr;
        vm_map_entry_t  map_entry;
-       memory_object_t protected_mem_obj;
+       struct vm_map_entry tmp_entry;
+       memory_object_t unprotected_mem_obj;
        vm_object_t     protected_object;
        vm_map_offset_t map_addr;
        vm_object_t     protected_object;
        vm_map_offset_t map_addr;
+       vm_map_offset_t start_aligned, end_aligned;
+       vm_object_offset_t      crypto_start, crypto_end;
+       int             vm_flags;
 
 
-       vm_map_lock_read(map);
-       map_locked = TRUE;
+       map_locked = FALSE;
+       unprotected_mem_obj = MEMORY_OBJECT_NULL;
 
 
-       /* lookup the protected VM object */
-       if (!vm_map_lookup_entry(map,
-                                start,
-                                &map_entry) ||
-           map_entry->vme_end < end ||
-           map_entry->is_sub_map) {
-               /* that memory is not properly mapped */
-               kr = KERN_INVALID_ARGUMENT;
-               goto done;
-       }
-       protected_object = map_entry->object.vm_object;
-       if (protected_object == VM_OBJECT_NULL) {
-               /* there should be a VM object here at this point */
-               kr = KERN_INVALID_ARGUMENT;
-               goto done;
-       }
+       start_aligned = vm_map_trunc_page(start, PAGE_MASK_64);
+       end_aligned = vm_map_round_page(end, PAGE_MASK_64);
+       start_aligned = vm_map_trunc_page(start_aligned, VM_MAP_PAGE_MASK(map));
+       end_aligned = vm_map_round_page(end_aligned, VM_MAP_PAGE_MASK(map));
 
 
-       /* make sure protected object stays alive while map is unlocked */
-       vm_object_reference(protected_object);
+       assert(start_aligned == start);
+       assert(end_aligned == end);
 
 
-       vm_map_unlock_read(map);
-       map_locked = FALSE;
+       map_addr = start_aligned;
+       for (map_addr = start_aligned;
+            map_addr < end;
+            map_addr = tmp_entry.vme_end) {
+               vm_map_lock(map);
+               map_locked = TRUE;
 
 
-       /*
-        * Lookup (and create if necessary) the protected memory object
-        * matching that VM object.
-        * If successful, this also grabs a reference on the memory object,
-        * to guarantee that it doesn't go away before we get a chance to map
-        * it.
-        */
-       protected_mem_obj = apple_protect_pager_setup(protected_object, crypt_info);
+               /* lookup the protected VM object */
+               if (!vm_map_lookup_entry(map,
+                                        map_addr,
+                                        &map_entry) ||
+                   map_entry->is_sub_map ||
+                   VME_OBJECT(map_entry) == VM_OBJECT_NULL ||
+                   !(map_entry->protection & VM_PROT_EXECUTE)) {
+                       /* that memory is not properly mapped */
+                       kr = KERN_INVALID_ARGUMENT;
+                       goto done;
+               }
 
 
-       /* release extra ref on protected object */
-       vm_object_deallocate(protected_object);
+               /* get the protected object to be decrypted */
+               protected_object = VME_OBJECT(map_entry);
+               if (protected_object == VM_OBJECT_NULL) {
+                       /* there should be a VM object here at this point */
+                       kr = KERN_INVALID_ARGUMENT;
+                       goto done;
+               }
+               /* ensure protected object stays alive while map is unlocked */
+               vm_object_reference(protected_object);
 
 
-       if (protected_mem_obj == NULL) {
-               kr = KERN_FAILURE;
-               goto done;
-       }
+               /* limit the map entry to the area we want to cover */
+               vm_map_clip_start(map, map_entry, start_aligned);
+               vm_map_clip_end(map, map_entry, end_aligned);
+
+               tmp_entry = *map_entry;
+               map_entry = VM_MAP_ENTRY_NULL; /* not valid after unlocking map */
+               vm_map_unlock(map);
+               map_locked = FALSE;
+
+               /*
+                * This map entry might be only partially encrypted
+                * (if not fully "page-aligned").
+                */
+               crypto_start = 0;
+               crypto_end = tmp_entry.vme_end - tmp_entry.vme_start;
+               if (tmp_entry.vme_start < start) {
+                       if (tmp_entry.vme_start != start_aligned) {
+                               kr = KERN_INVALID_ADDRESS;
+                       }
+                       crypto_start += (start - tmp_entry.vme_start);
+               }
+               if (tmp_entry.vme_end > end) {
+                       if (tmp_entry.vme_end != end_aligned) {
+                               kr = KERN_INVALID_ADDRESS;
+                       }
+                       crypto_end -= (tmp_entry.vme_end - end);
+               }
+
+               /*
+                * This "extra backing offset" is needed to get the decryption
+                * routine to use the right key.  It adjusts for the possibly
+                * relative offset of an interposed "4K" pager...
+                */
+               if (crypto_backing_offset == (vm_object_offset_t) -1) {
+                       crypto_backing_offset = VME_OFFSET(&tmp_entry);
+               }
+
+               /*
+                * Lookup (and create if necessary) the protected memory object
+                * matching that VM object.
+                * If successful, this also grabs a reference on the memory object,
+                * to guarantee that it doesn't go away before we get a chance to map
+                * it.
+                */
+               unprotected_mem_obj = apple_protect_pager_setup(
+                       protected_object,
+                       VME_OFFSET(&tmp_entry),
+                       crypto_backing_offset,
+                       crypt_info,
+                       crypto_start,
+                       crypto_end);
+
+               /* release extra ref on protected object */
+               vm_object_deallocate(protected_object);
+
+               if (unprotected_mem_obj == NULL) {
+                       kr = KERN_FAILURE;
+                       goto done;
+               }
+
+               vm_flags = VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE;
+
+               /* map this memory object in place of the current one */
+               map_addr = tmp_entry.vme_start;
+               kr = vm_map_enter_mem_object(map,
+                                            &map_addr,
+                                            (tmp_entry.vme_end -
+                                             tmp_entry.vme_start),
+                                            (mach_vm_offset_t) 0,
+                                            vm_flags,
+                                            (ipc_port_t) unprotected_mem_obj,
+                                            0,
+                                            TRUE,
+                                            tmp_entry.protection,
+                                            tmp_entry.max_protection,
+                                            tmp_entry.inheritance);
+               assert(kr == KERN_SUCCESS);
+               assert(map_addr == tmp_entry.vme_start);
+
+#if VM_MAP_DEBUG_APPLE_PROTECT
+               if (vm_map_debug_apple_protect) {
+                       printf("APPLE_PROTECT: map %p [0x%llx:0x%llx] pager %p:"
+                              " backing:[object:%p,offset:0x%llx,"
+                              "crypto_backing_offset:0x%llx,"
+                              "crypto_start:0x%llx,crypto_end:0x%llx]\n",
+                              map,
+                              (uint64_t) map_addr,
+                              (uint64_t) (map_addr + (tmp_entry.vme_end -
+                                                      tmp_entry.vme_start)),
+                              unprotected_mem_obj,
+                              protected_object,
+                              VME_OFFSET(&tmp_entry),
+                              crypto_backing_offset,
+                              crypto_start,
+                              crypto_end);
+               }
+#endif /* VM_MAP_DEBUG_APPLE_PROTECT */
+                      
+               /*
+                * Release the reference obtained by
+                * apple_protect_pager_setup().
+                * The mapping (if it succeeded) is now holding a reference on
+                * the memory object.
+                */
+               memory_object_deallocate(unprotected_mem_obj);
+               unprotected_mem_obj = MEMORY_OBJECT_NULL;
 
 
-       /* map this memory object in place of the current one */
-       map_addr = start;
-       kr = vm_map_enter_mem_object(map,
-                                    &map_addr,
-                                    end - start,
-                                    (mach_vm_offset_t) 0,
-                                    VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE,
-                                    (ipc_port_t) protected_mem_obj,
-                                    (map_entry->offset +
-                                     (start - map_entry->vme_start)),
-                                    TRUE,
-                                    map_entry->protection,
-                                    map_entry->max_protection,
-                                    map_entry->inheritance);
-       assert(map_addr == start);
-       /*
-        * Release the reference obtained by apple_protect_pager_setup().
-        * The mapping (if it succeeded) is now holding a reference on the
-        * memory object.
-        */
-       memory_object_deallocate(protected_mem_obj);
+               /* continue with next map entry */
+               crypto_backing_offset += (tmp_entry.vme_end -
+                                         tmp_entry.vme_start);
+               crypto_backing_offset -= crypto_start;
+       }
+       kr = KERN_SUCCESS;
 
 done:
        if (map_locked) {
 
 done:
        if (map_locked) {
-               vm_map_unlock_read(map);
+               vm_map_unlock(map);
        }
        return kr;
 }
        }
        return kr;
 }
@@ -588,6 +720,7 @@ done:
 lck_grp_t              vm_map_lck_grp;
 lck_grp_attr_t vm_map_lck_grp_attr;
 lck_attr_t             vm_map_lck_attr;
 lck_grp_t              vm_map_lck_grp;
 lck_grp_attr_t vm_map_lck_grp_attr;
 lck_attr_t             vm_map_lck_attr;
+lck_attr_t             vm_map_lck_rw_attr;
 
 
 /*
 
 
 /*
@@ -603,7 +736,7 @@ lck_attr_t          vm_map_lck_attr;
  *
  *     vm_map_zone:            used to allocate maps.
  *     vm_map_entry_zone:      used to allocate map entries.
  *
  *     vm_map_zone:            used to allocate maps.
  *     vm_map_entry_zone:      used to allocate map entries.
- *     vm_map_kentry_zone:     used to allocate map entries for the kernel.
+ *     vm_map_entry_reserved_zone:     fallback zone for kernel map entries
  *
  *     The kernel allocates map entries from a special zone that is initially
  *     "crammed" with memory.  It would be difficult (perhaps impossible) for
  *
  *     The kernel allocates map entries from a special zone that is initially
  *     "crammed" with memory.  It would be difficult (perhaps impossible) for
@@ -615,65 +748,163 @@ void
 vm_map_init(
        void)
 {
 vm_map_init(
        void)
 {
+       vm_size_t entry_zone_alloc_size;
+       const char *mez_name = "VM map entries";
+
        vm_map_zone = zinit((vm_map_size_t) sizeof(struct _vm_map), 40*1024,
                            PAGE_SIZE, "maps");
        zone_change(vm_map_zone, Z_NOENCRYPT, TRUE);
        vm_map_zone = zinit((vm_map_size_t) sizeof(struct _vm_map), 40*1024,
                            PAGE_SIZE, "maps");
        zone_change(vm_map_zone, Z_NOENCRYPT, TRUE);
-
+#if    defined(__LP64__)
+       entry_zone_alloc_size = PAGE_SIZE * 5;
+#else
+       entry_zone_alloc_size = PAGE_SIZE * 6;
+#endif
        vm_map_entry_zone = zinit((vm_map_size_t) sizeof(struct vm_map_entry),
        vm_map_entry_zone = zinit((vm_map_size_t) sizeof(struct vm_map_entry),
-                                 1024*1024, PAGE_SIZE*5,
-                                 "non-kernel map entries");
+                                 1024*1024, entry_zone_alloc_size,
+                                 mez_name);
        zone_change(vm_map_entry_zone, Z_NOENCRYPT, TRUE);
        zone_change(vm_map_entry_zone, Z_NOENCRYPT, TRUE);
+       zone_change(vm_map_entry_zone, Z_NOCALLOUT, TRUE);
+       zone_change(vm_map_entry_zone, Z_GZALLOC_EXEMPT, TRUE);
 
 
-       vm_map_kentry_zone = zinit((vm_map_size_t) sizeof(struct vm_map_entry),
-                                  kentry_data_size, kentry_data_size,
-                                  "kernel map entries");
-       zone_change(vm_map_kentry_zone, Z_NOENCRYPT, TRUE);
+       vm_map_entry_reserved_zone = zinit((vm_map_size_t) sizeof(struct vm_map_entry),
+                                  kentry_data_size * 64, kentry_data_size,
+                                  "Reserved VM map entries");
+       zone_change(vm_map_entry_reserved_zone, Z_NOENCRYPT, TRUE);
 
        vm_map_copy_zone = zinit((vm_map_size_t) sizeof(struct vm_map_copy),
 
        vm_map_copy_zone = zinit((vm_map_size_t) sizeof(struct vm_map_copy),
-                                16*1024, PAGE_SIZE, "map copies");
+                                16*1024, PAGE_SIZE, "VM map copies");
        zone_change(vm_map_copy_zone, Z_NOENCRYPT, TRUE);
 
        zone_change(vm_map_copy_zone, Z_NOENCRYPT, TRUE);
 
+       vm_map_holes_zone = zinit((vm_map_size_t) sizeof(struct vm_map_links),
+                                16*1024, PAGE_SIZE, "VM map holes");
+       zone_change(vm_map_holes_zone, Z_NOENCRYPT, TRUE);
+
        /*
         *      Cram the map and kentry zones with initial data.
        /*
         *      Cram the map and kentry zones with initial data.
-        *      Set kentry_zone non-collectible to aid zone_gc().
+        *      Set reserved_zone non-collectible to aid zone_gc().
         */
        zone_change(vm_map_zone, Z_COLLECT, FALSE);
         */
        zone_change(vm_map_zone, Z_COLLECT, FALSE);
-       zone_change(vm_map_kentry_zone, Z_COLLECT, FALSE);
-       zone_change(vm_map_kentry_zone, Z_EXPAND, FALSE);
-       zone_change(vm_map_kentry_zone, Z_FOREIGN, TRUE);
-       zone_change(vm_map_kentry_zone, Z_CALLERACCT, FALSE); /* don't charge caller */
+       zone_change(vm_map_zone, Z_FOREIGN, TRUE);
+
+       zone_change(vm_map_entry_reserved_zone, Z_COLLECT, FALSE);
+       zone_change(vm_map_entry_reserved_zone, Z_EXPAND, FALSE);
+       zone_change(vm_map_entry_reserved_zone, Z_FOREIGN, TRUE);
+       zone_change(vm_map_entry_reserved_zone, Z_NOCALLOUT, TRUE);
+       zone_change(vm_map_entry_reserved_zone, Z_CALLERACCT, FALSE); /* don't charge caller */
        zone_change(vm_map_copy_zone, Z_CALLERACCT, FALSE); /* don't charge caller */
        zone_change(vm_map_copy_zone, Z_CALLERACCT, FALSE); /* don't charge caller */
+       zone_change(vm_map_entry_reserved_zone, Z_GZALLOC_EXEMPT, TRUE);
+
+       zone_change(vm_map_holes_zone, Z_COLLECT, TRUE);
+       zone_change(vm_map_holes_zone, Z_EXPAND, TRUE);
+       zone_change(vm_map_holes_zone, Z_FOREIGN, TRUE);
+       zone_change(vm_map_holes_zone, Z_NOCALLOUT, TRUE);
+       zone_change(vm_map_holes_zone, Z_CALLERACCT, TRUE);
+       zone_change(vm_map_holes_zone, Z_GZALLOC_EXEMPT, TRUE);
+
+       /* 
+        * Add the stolen memory to zones, adjust zone size and stolen counts.
+        */
+       zcram(vm_map_zone, (vm_offset_t)map_data, map_data_size);
+       zcram(vm_map_entry_reserved_zone, (vm_offset_t)kentry_data, kentry_data_size);
+       zcram(vm_map_holes_zone, (vm_offset_t)map_holes_data, map_holes_data_size);
+       VM_PAGE_MOVE_STOLEN(atop_64(map_data_size) + atop_64(kentry_data_size) + atop_64(map_holes_data_size));
 
 
-       zcram(vm_map_zone, map_data, map_data_size);
-       zcram(vm_map_kentry_zone, kentry_data, kentry_data_size);
-       
        lck_grp_attr_setdefault(&vm_map_lck_grp_attr);
        lck_grp_init(&vm_map_lck_grp, "vm_map", &vm_map_lck_grp_attr);
        lck_attr_setdefault(&vm_map_lck_attr);  
        lck_grp_attr_setdefault(&vm_map_lck_grp_attr);
        lck_grp_init(&vm_map_lck_grp, "vm_map", &vm_map_lck_grp_attr);
        lck_attr_setdefault(&vm_map_lck_attr);  
+
+       lck_attr_setdefault(&vm_map_lck_rw_attr);
+       lck_attr_cleardebug(&vm_map_lck_rw_attr);
+
+#if VM_MAP_DEBUG_APPLE_PROTECT
+       PE_parse_boot_argn("vm_map_debug_apple_protect",
+                          &vm_map_debug_apple_protect,
+                          sizeof(vm_map_debug_apple_protect));
+#endif /* VM_MAP_DEBUG_APPLE_PROTECT */
+#if VM_MAP_DEBUG_APPLE_FOURK
+       PE_parse_boot_argn("vm_map_debug_fourk",
+                          &vm_map_debug_fourk,
+                          sizeof(vm_map_debug_fourk));
+#endif /* VM_MAP_DEBUG_FOURK */
 }
 
 void
 vm_map_steal_memory(
        void)
 {
 }
 
 void
 vm_map_steal_memory(
        void)
 {
+       uint32_t kentry_initial_pages;
+
        map_data_size = round_page(10 * sizeof(struct _vm_map));
        map_data = pmap_steal_memory(map_data_size);
 
        map_data_size = round_page(10 * sizeof(struct _vm_map));
        map_data = pmap_steal_memory(map_data_size);
 
-#if 0
        /*
        /*
-        * Limiting worst case: vm_map_kentry_zone needs to map each "available"
-        * physical page (i.e. that beyond the kernel image and page tables)
-        * individually; we guess at most one entry per eight pages in the
-        * real world. This works out to roughly .1 of 1% of physical memory,
-        * or roughly 1900 entries (64K) for a 64M machine with 4K pages.
+        * kentry_initial_pages corresponds to the number of kernel map entries
+        * required during bootstrap until the asynchronous replenishment
+        * scheme is activated and/or entries are available from the general
+        * map entry pool.
         */
         */
+#if    defined(__LP64__)
+       kentry_initial_pages = 10;
+#else
+       kentry_initial_pages = 6;
 #endif
 #endif
-       kentry_count = pmap_free_pages() / 8;
 
 
+#if CONFIG_GZALLOC
+       /* If using the guard allocator, reserve more memory for the kernel
+        * reserved map entry pool.
+       */
+       if (gzalloc_enabled())
+               kentry_initial_pages *= 1024;
+#endif
 
 
-       kentry_data_size =
-               round_page(kentry_count * sizeof(struct vm_map_entry));
+       kentry_data_size = kentry_initial_pages * PAGE_SIZE;
        kentry_data = pmap_steal_memory(kentry_data_size);
        kentry_data = pmap_steal_memory(kentry_data_size);
+
+       map_holes_data_size = kentry_data_size;
+       map_holes_data = pmap_steal_memory(map_holes_data_size);
+}
+
+void
+vm_kernel_reserved_entry_init(void) {
+       zone_prio_refill_configure(vm_map_entry_reserved_zone, (6*PAGE_SIZE)/sizeof(struct vm_map_entry));
+       zone_prio_refill_configure(vm_map_holes_zone, (6*PAGE_SIZE)/sizeof(struct vm_map_links));
+}
+
+void
+vm_map_disable_hole_optimization(vm_map_t map)
+{
+       vm_map_entry_t  head_entry, hole_entry, next_hole_entry;
+
+       if (map->holelistenabled) {
+
+               head_entry = hole_entry = (vm_map_entry_t) map->holes_list;
+
+               while (hole_entry != NULL) {
+
+                       next_hole_entry = hole_entry->vme_next;
+
+                       hole_entry->vme_next = NULL;
+                       hole_entry->vme_prev = NULL;
+                       zfree(vm_map_holes_zone, hole_entry);
+
+                       if (next_hole_entry == head_entry) {
+                               hole_entry = NULL;
+                       } else {
+                               hole_entry = next_hole_entry;
+                       }
+               }
+
+               map->holes_list = NULL;
+               map->holelistenabled = FALSE;
+
+               map->first_free = vm_map_first_entry(map);
+               SAVE_HINT_HOLE_WRITE(map, NULL);
+       }
+}
+
+boolean_t
+vm_kernel_map_is_kernel(vm_map_t map) {
+       return (map->pmap == kernel_pmap);
 }
 
 /*
 }
 
 /*
@@ -683,6 +914,9 @@ vm_map_steal_memory(
  *     the given physical map structure, and having
  *     the given lower and upper address bounds.
  */
  *     the given physical map structure, and having
  *     the given lower and upper address bounds.
  */
+
+boolean_t vm_map_supports_hole_optimization = TRUE;
+
 vm_map_t
 vm_map_create(
        pmap_t                  pmap,
 vm_map_t
 vm_map_create(
        pmap_t                  pmap,
@@ -691,7 +925,8 @@ vm_map_create(
        boolean_t               pageable)
 {
        static int              color_seed = 0;
        boolean_t               pageable)
 {
        static int              color_seed = 0;
-       register vm_map_t       result;
+       vm_map_t        result;
+       struct vm_map_links     *hole_entry = NULL;
 
        result = (vm_map_t) zalloc(vm_map_zone);
        if (result == VM_MAP_NULL)
 
        result = (vm_map_t) zalloc(vm_map_zone);
        if (result == VM_MAP_NULL)
@@ -704,6 +939,8 @@ vm_map_create(
 
        vm_map_store_init( &(result->hdr) );
        
 
        vm_map_store_init( &(result->hdr) );
        
+       result->hdr.page_shift = PAGE_SHIFT;
+
        result->size = 0;
        result->user_wire_limit = MACH_VM_MAX_ADDRESS;  /* default limit is unlimited */
        result->user_wire_size  = 0;
        result->size = 0;
        result->user_wire_limit = MACH_VM_MAX_ADDRESS;  /* default limit is unlimited */
        result->user_wire_size  = 0;
@@ -717,19 +954,32 @@ vm_map_create(
        result->max_offset = max;
        result->wiring_required = FALSE;
        result->no_zero_fill = FALSE;
        result->max_offset = max;
        result->wiring_required = FALSE;
        result->no_zero_fill = FALSE;
-       result->mapped = FALSE;
+       result->mapped_in_other_pmaps = FALSE;
        result->wait_for_space = FALSE;
        result->switch_protect = FALSE;
        result->disable_vmentry_reuse = FALSE;
        result->map_disallow_data_exec = FALSE;
        result->wait_for_space = FALSE;
        result->switch_protect = FALSE;
        result->disable_vmentry_reuse = FALSE;
        result->map_disallow_data_exec = FALSE;
+       result->is_nested_map = FALSE;
        result->highest_entry_end = 0;
        result->first_free = vm_map_to_entry(result);
        result->hint = vm_map_to_entry(result);
        result->color_rr = (color_seed++) & vm_color_mask;
        result->jit_entry_exists = FALSE;
        result->highest_entry_end = 0;
        result->first_free = vm_map_to_entry(result);
        result->hint = vm_map_to_entry(result);
        result->color_rr = (color_seed++) & vm_color_mask;
        result->jit_entry_exists = FALSE;
-#if CONFIG_FREEZE
-       result->default_freezer_toc = NULL;
-#endif
+
+       if (vm_map_supports_hole_optimization && pmap != kernel_pmap) {
+               hole_entry = zalloc(vm_map_holes_zone);
+
+               hole_entry->start = min;
+               hole_entry->end = (max > (vm_map_offset_t)MACH_VM_MAX_ADDRESS) ? max : (vm_map_offset_t)MACH_VM_MAX_ADDRESS;
+               result->holes_list = result->hole_hint = hole_entry;
+               hole_entry->prev = hole_entry->next = (vm_map_entry_t) hole_entry;
+               result->holelistenabled = TRUE;
+
+       } else {
+
+               result->holelistenabled = FALSE;
+       }
+
        vm_map_lock_init(result);
        lck_mtx_init_ext(&result->s_lock, &result->s_lock_ext, &vm_map_lck_grp, &vm_map_lck_attr);
        
        vm_map_lock_init(result);
        lck_mtx_init_ext(&result->s_lock, &result->s_lock_ext, &vm_map_lck_grp, &vm_map_lck_attr);
        
@@ -742,29 +992,47 @@ vm_map_create(
  *     Allocates a VM map entry for insertion in the
  *     given map (or map copy).  No fields are filled.
  */
  *     Allocates a VM map entry for insertion in the
  *     given map (or map copy).  No fields are filled.
  */
-#define        vm_map_entry_create(map) \
-       _vm_map_entry_create(&(map)->hdr)
+#define        vm_map_entry_create(map, map_locked)    _vm_map_entry_create(&(map)->hdr, map_locked)
 
 
-#define        vm_map_copy_entry_create(copy) \
-       _vm_map_entry_create(&(copy)->cpy_hdr)
+#define        vm_map_copy_entry_create(copy, map_locked)                                      \
+       _vm_map_entry_create(&(copy)->cpy_hdr, map_locked)
+unsigned reserved_zalloc_count, nonreserved_zalloc_count;
 
 static vm_map_entry_t
 _vm_map_entry_create(
 
 static vm_map_entry_t
 _vm_map_entry_create(
-       register struct vm_map_header   *map_header)
+       struct vm_map_header    *map_header, boolean_t __unused map_locked)
 {
 {
-       register zone_t zone;
-       register vm_map_entry_t entry;
+       zone_t  zone;
+       vm_map_entry_t  entry;
 
 
-       if (map_header->entries_pageable)
-               zone = vm_map_entry_zone;
-       else
-               zone = vm_map_kentry_zone;
+       zone = vm_map_entry_zone;
+
+       assert(map_header->entries_pageable ? !map_locked : TRUE);
+
+       if (map_header->entries_pageable) {
+               entry = (vm_map_entry_t) zalloc(zone);
+       }
+       else {
+               entry = (vm_map_entry_t) zalloc_canblock(zone, FALSE);
+
+               if (entry == VM_MAP_ENTRY_NULL) {
+                       zone = vm_map_entry_reserved_zone;
+                       entry = (vm_map_entry_t) zalloc(zone);
+                       OSAddAtomic(1, &reserved_zalloc_count);
+               } else
+                       OSAddAtomic(1, &nonreserved_zalloc_count);
+       }
 
 
-       entry = (vm_map_entry_t) zalloc(zone);
        if (entry == VM_MAP_ENTRY_NULL)
                panic("vm_map_entry_create");
        if (entry == VM_MAP_ENTRY_NULL)
                panic("vm_map_entry_create");
-       vm_map_store_update( (vm_map_t) NULL, entry, VM_MAP_ENTRY_CREATE);
+       entry->from_reserved_zone = (zone == vm_map_entry_reserved_zone);
 
 
+       vm_map_store_update( (vm_map_t) NULL, entry, VM_MAP_ENTRY_CREATE);
+#if    MAP_ENTRY_CREATION_DEBUG
+       entry->vme_creation_maphdr = map_header;
+       backtrace(&entry->vme_creation_bt[0],
+                 (sizeof(entry->vme_creation_bt)/sizeof(uintptr_t)));
+#endif
        return(entry);
 }
 
        return(entry);
 }
 
@@ -778,7 +1046,6 @@ _vm_map_entry_create(
  *     of the stores
  */
 #define        vm_map_entry_dispose(map, entry)                        \
  *     of the stores
  */
 #define        vm_map_entry_dispose(map, entry)                        \
-       vm_map_store_update( map, entry, VM_MAP_ENTRY_DELETE);  \
        _vm_map_entry_dispose(&(map)->hdr, (entry))
 
 #define        vm_map_copy_entry_dispose(map, entry) \
        _vm_map_entry_dispose(&(map)->hdr, (entry))
 
 #define        vm_map_copy_entry_dispose(map, entry) \
@@ -786,15 +1053,22 @@ _vm_map_entry_create(
 
 static void
 _vm_map_entry_dispose(
 
 static void
 _vm_map_entry_dispose(
-       register struct vm_map_header   *map_header,
-       register vm_map_entry_t         entry)
+       struct vm_map_header    *map_header,
+       vm_map_entry_t          entry)
 {
 {
-       register zone_t         zone;
+       zone_t          zone;
 
 
-       if (map_header->entries_pageable)
+       if (map_header->entries_pageable || !(entry->from_reserved_zone))
                zone = vm_map_entry_zone;
        else
                zone = vm_map_entry_zone;
        else
-               zone = vm_map_kentry_zone;
+               zone = vm_map_entry_reserved_zone;
+
+       if (!map_header->entries_pageable) {
+               if (zone == vm_map_entry_zone)
+                       OSAddAtomic(-1, &nonreserved_zalloc_count);
+               else
+                       OSAddAtomic(-1, &reserved_zalloc_count);
+       }
 
        zfree(zone, entry);
 }
 
        zfree(zone, entry);
 }
@@ -829,7 +1103,7 @@ first_free_is_valid(
  *     vm_map_swapin.
  *
  */
  *     vm_map_swapin.
  *
  */
-void vm_map_res_reference(register vm_map_t map)
+void vm_map_res_reference(vm_map_t map)
 {
        /* assert map is locked */
        assert(map->res_count >= 0);
 {
        /* assert map is locked */
        assert(map->res_count >= 0);
@@ -853,7 +1127,7 @@ void vm_map_res_reference(register vm_map_t map)
  *     The map may not be in memory (i.e. zero residence count).
  *
  */
  *     The map may not be in memory (i.e. zero residence count).
  *
  */
-void vm_map_reference_swap(register vm_map_t map)
+void vm_map_reference_swap(vm_map_t map)
 {
        assert(map != VM_MAP_NULL);
        lck_mtx_lock(&map->s_lock);
 {
        assert(map != VM_MAP_NULL);
        lck_mtx_lock(&map->s_lock);
@@ -874,7 +1148,7 @@ void vm_map_reference_swap(register vm_map_t map)
  *     The map is locked, so this function is callable from vm_map_deallocate.
  *
  */
  *     The map is locked, so this function is callable from vm_map_deallocate.
  *
  */
-void vm_map_res_deallocate(register vm_map_t map)
+void vm_map_res_deallocate(vm_map_t map)
 {
        assert(map->res_count > 0);
        if (--map->res_count == 0) {
 {
        assert(map->res_count > 0);
        if (--map->res_count == 0) {
@@ -900,6 +1174,9 @@ vm_map_destroy(
 {      
        vm_map_lock(map);
 
 {      
        vm_map_lock(map);
 
+       /* final cleanup: no need to unnest shared region */
+       flags |= VM_MAP_REMOVE_NO_UNNESTING;
+
        /* clean up regular map entries */
        (void) vm_map_delete(map, map->min_offset, map->max_offset,
                             flags, VM_MAP_NULL);
        /* clean up regular map entries */
        (void) vm_map_delete(map, map->min_offset, map->max_offset,
                             flags, VM_MAP_NULL);
@@ -907,11 +1184,7 @@ vm_map_destroy(
        (void) vm_map_delete(map, 0x0, 0xFFFFFFFFFFFFF000ULL,
                             flags, VM_MAP_NULL);
 
        (void) vm_map_delete(map, 0x0, 0xFFFFFFFFFFFFF000ULL,
                             flags, VM_MAP_NULL);
 
-#if CONFIG_FREEZE
-       if (map->default_freezer_toc){
-               default_freezer_mapping_free( &(map->default_freezer_toc), TRUE);
-       }
-#endif
+       vm_map_disable_hole_optimization(map);
        vm_map_unlock(map);
 
        assert(map->hdr.nentries == 0);
        vm_map_unlock(map);
 
        assert(map->hdr.nentries == 0);
@@ -919,6 +1192,28 @@ vm_map_destroy(
        if(map->pmap)
                pmap_destroy(map->pmap);
 
        if(map->pmap)
                pmap_destroy(map->pmap);
 
+       if (vm_map_lck_attr.lck_attr_val & LCK_ATTR_DEBUG) {
+               /*
+                * If lock debugging is enabled the mutexes get tagged as LCK_MTX_TAG_INDIRECT.
+                * And this is regardless of whether the lck_mtx_ext_t is embedded in the
+                * structure or kalloc'ed via lck_mtx_init.
+                * An example is s_lock_ext within struct _vm_map.
+                *
+                * A lck_mtx_destroy on such a mutex will attempt a kfree and panic. We
+                * can add another tag to detect embedded vs alloc'ed indirect external
+                * mutexes but that'll be additional checks in the lock path and require
+                * updating dependencies for the old vs new tag.
+                *
+                * Since the kfree() is for LCK_MTX_TAG_INDIRECT mutexes and that tag is applied
+                * just when lock debugging is ON, we choose to forego explicitly destroying
+                * the vm_map mutex and rw lock and, as a consequence, will overflow the reference
+                * count on vm_map_lck_grp, which has no serious side-effect.
+                */
+       } else {
+               lck_rw_destroy(&(map)->lock, &vm_map_lck_grp);
+               lck_mtx_destroy(&(map)->s_lock, &vm_map_lck_grp);
+       }
+
        zfree(vm_map_zone, map);
 }
 
        zfree(vm_map_zone, map);
 }
 
@@ -974,7 +1269,7 @@ int vm_map_swap_enable = 1;
 
 void vm_map_swapin (vm_map_t map)
 {
 
 void vm_map_swapin (vm_map_t map)
 {
-       register vm_map_entry_t entry;
+       vm_map_entry_t entry;
 
        if (!vm_map_swap_enable)        /* debug */
                return;
 
        if (!vm_map_swap_enable)        /* debug */
                return;
@@ -1017,14 +1312,14 @@ void vm_map_swapin (vm_map_t map)
        entry = vm_map_first_entry(map);
 
        while (entry != vm_map_to_entry(map)) {
        entry = vm_map_first_entry(map);
 
        while (entry != vm_map_to_entry(map)) {
-               if (entry->object.vm_object != VM_OBJECT_NULL) {
+               if (VME_OBJECT(entry) != VM_OBJECT_NULL) {
                        if (entry->is_sub_map) {
                        if (entry->is_sub_map) {
-                               vm_map_t lmap = entry->object.sub_map;
+                               vm_map_t lmap = VME_SUBMAP(entry);
                                lck_mtx_lock(&lmap->s_lock);
                                vm_map_res_reference(lmap);
                                lck_mtx_unlock(&lmap->s_lock);
                        } else {
                                lck_mtx_lock(&lmap->s_lock);
                                vm_map_res_reference(lmap);
                                lck_mtx_unlock(&lmap->s_lock);
                        } else {
-                               vm_object_t object = entry->object.vm_object;
+                               vm_object_t object = VME_OBEJCT(entry);
                                vm_object_lock(object);
                                /*
                                 * This call may iterate through the
                                vm_object_lock(object);
                                /*
                                 * This call may iterate through the
@@ -1042,7 +1337,7 @@ void vm_map_swapin (vm_map_t map)
 
 void vm_map_swapout(vm_map_t map)
 {
 
 void vm_map_swapout(vm_map_t map)
 {
-       register vm_map_entry_t entry;
+       vm_map_entry_t entry;
        
        /*
         * Map is locked
        
        /*
         * Map is locked
@@ -1078,14 +1373,14 @@ void vm_map_swapout(vm_map_t map)
        entry = vm_map_first_entry(map);
 
        while (entry != vm_map_to_entry(map)) {
        entry = vm_map_first_entry(map);
 
        while (entry != vm_map_to_entry(map)) {
-               if (entry->object.vm_object != VM_OBJECT_NULL) {
+               if (VME_OBJECT(entry) != VM_OBJECT_NULL) {
                        if (entry->is_sub_map) {
                        if (entry->is_sub_map) {
-                               vm_map_t lmap = entry->object.sub_map;
+                               vm_map_t lmap = VME_SUBMAP(entry);
                                lck_mtx_lock(&lmap->s_lock);
                                vm_map_res_deallocate(lmap);
                                lck_mtx_unlock(&lmap->s_lock);
                        } else {
                                lck_mtx_lock(&lmap->s_lock);
                                vm_map_res_deallocate(lmap);
                                lck_mtx_unlock(&lmap->s_lock);
                        } else {
-                               vm_object_t object = entry->object.vm_object;
+                               vm_object_t object = VME_OBJECT(entry);
                                vm_object_lock(object);
                                /*
                                 * This call may take a long time, 
                                vm_object_lock(object);
                                /*
                                 * This call may take a long time, 
@@ -1117,8 +1412,8 @@ void vm_map_swapout(vm_map_t map)
  */
 boolean_t
 vm_map_lookup_entry(
  */
 boolean_t
 vm_map_lookup_entry(
-       register vm_map_t               map,
-       register vm_map_offset_t        address,
+       vm_map_t                map,
+       vm_map_offset_t address,
        vm_map_entry_t          *entry)         /* OUT */
 {
        return ( vm_map_store_lookup_entry( map, address, entry ));
        vm_map_entry_t          *entry)         /* OUT */
 {
        return ( vm_map_store_lookup_entry( map, address, entry ));
@@ -1139,16 +1434,17 @@ vm_map_lookup_entry(
  */
 kern_return_t
 vm_map_find_space(
  */
 kern_return_t
 vm_map_find_space(
-       register vm_map_t       map,
+       vm_map_t        map,
        vm_map_offset_t         *address,       /* OUT */
        vm_map_size_t           size,
        vm_map_offset_t         mask,
        int                     flags,
        vm_map_entry_t          *o_entry)       /* OUT */
 {
        vm_map_offset_t         *address,       /* OUT */
        vm_map_size_t           size,
        vm_map_offset_t         mask,
        int                     flags,
        vm_map_entry_t          *o_entry)       /* OUT */
 {
-       register vm_map_entry_t entry, new_entry;
-       register vm_map_offset_t        start;
-       register vm_map_offset_t        end;
+       vm_map_entry_t                  entry, new_entry;
+       vm_map_offset_t start;
+       vm_map_offset_t end;
+       vm_map_entry_t                  hole_entry;
 
        if (size == 0) {
                *address = 0;
 
        if (size == 0) {
                *address = 0;
@@ -1157,10 +1453,10 @@ vm_map_find_space(
 
        if (flags & VM_FLAGS_GUARD_AFTER) {
                /* account for the back guard page in the size */
 
        if (flags & VM_FLAGS_GUARD_AFTER) {
                /* account for the back guard page in the size */
-               size += PAGE_SIZE_64;
+               size += VM_MAP_PAGE_SIZE(map);
        }
 
        }
 
-       new_entry = vm_map_entry_create(map);
+       new_entry = vm_map_entry_create(map, FALSE);
 
        /*
         *      Look for the first possible address; if there's already
 
        /*
         *      Look for the first possible address; if there's already
@@ -1172,11 +1468,27 @@ vm_map_find_space(
        if( map->disable_vmentry_reuse == TRUE) {
                VM_MAP_HIGHEST_ENTRY(map, entry, start);
        } else {
        if( map->disable_vmentry_reuse == TRUE) {
                VM_MAP_HIGHEST_ENTRY(map, entry, start);
        } else {
-               assert(first_free_is_valid(map));
-               if ((entry = map->first_free) == vm_map_to_entry(map))
-                       start = map->min_offset;
-               else
-                       start = entry->vme_end;
+               if (map->holelistenabled) {
+                       hole_entry = (vm_map_entry_t)map->holes_list;
+
+                       if (hole_entry == NULL) {
+                               /*
+                                * No more space in the map?
+                                */
+                               vm_map_entry_dispose(map, new_entry);
+                               vm_map_unlock(map);
+                               return(KERN_NO_SPACE);
+                       }
+
+                       entry = hole_entry;
+                       start = entry->vme_start;
+               } else {
+                       assert(first_free_is_valid(map));
+                       if ((entry = map->first_free) == vm_map_to_entry(map))
+                               start = map->min_offset;
+                       else
+                               start = entry->vme_end;
+               }
        }
 
        /*
        }
 
        /*
@@ -1185,7 +1497,7 @@ vm_map_find_space(
         */
 
        while (TRUE) {
         */
 
        while (TRUE) {
-               register vm_map_entry_t next;
+               vm_map_entry_t  next;
 
                /*
                 *      Find the end of the proposed new region.
 
                /*
                 *      Find the end of the proposed new region.
@@ -1195,7 +1507,7 @@ vm_map_find_space(
 
                if (flags & VM_FLAGS_GUARD_BEFORE) {
                        /* reserve space for the front guard page */
 
                if (flags & VM_FLAGS_GUARD_BEFORE) {
                        /* reserve space for the front guard page */
-                       start += PAGE_SIZE_64;
+                       start += VM_MAP_PAGE_SIZE(map);
                }
                end = ((start + mask) & ~mask);
                        
                }
                end = ((start + mask) & ~mask);
                        
@@ -1213,28 +1525,53 @@ vm_map_find_space(
                        return(KERN_NO_SPACE);
                }
 
                        return(KERN_NO_SPACE);
                }
 
-               /*
-                *      If there are no more entries, we must win.
-                */
-
                next = entry->vme_next;
                next = entry->vme_next;
-               if (next == vm_map_to_entry(map))
-                       break;
 
 
-               /*
-                *      If there is another entry, it must be
-                *      after the end of the potential new region.
-                */
+               if (map->holelistenabled) {
+                       if (entry->vme_end >= end)
+                               break;
+               } else {
+                       /*
+                        *      If there are no more entries, we must win.
+                        *
+                        *      OR
+                        *
+                        *      If there is another entry, it must be
+                        *      after the end of the potential new region.
+                        */
 
 
-               if (next->vme_start >= end)
-                       break;
+                       if (next == vm_map_to_entry(map))
+                               break;
+
+                       if (next->vme_start >= end)
+                               break;
+               }
 
                /*
                 *      Didn't fit -- move to the next entry.
                 */
 
                entry = next;
 
                /*
                 *      Didn't fit -- move to the next entry.
                 */
 
                entry = next;
-               start = entry->vme_end;
+
+               if (map->holelistenabled) {
+                       if (entry == (vm_map_entry_t) map->holes_list) {
+                               /*
+                                * Wrapped around
+                                */
+                               vm_map_entry_dispose(map, new_entry);
+                               vm_map_unlock(map);
+                               return(KERN_NO_SPACE);
+                       }
+                       start = entry->vme_start;
+               } else {
+                       start = entry->vme_end;
+               }
+       }
+
+       if (map->holelistenabled) {
+               if (vm_map_lookup_entry(map, entry->vme_start, &entry)) {
+                       panic("Found an existing entry (%p) instead of potential hole at address: 0x%llx.\n", entry, (unsigned long long)entry->vme_start);
+               }
        }
 
        /*
        }
 
        /*
@@ -1249,7 +1586,7 @@ vm_map_find_space(
 
        if (flags & VM_FLAGS_GUARD_BEFORE) {
                /* go back for the front guard page */
 
        if (flags & VM_FLAGS_GUARD_BEFORE) {
                /* go back for the front guard page */
-               start -= PAGE_SIZE_64;
+               start -= VM_MAP_PAGE_SIZE(map);
        }
        *address = start;
 
        }
        *address = start;
 
@@ -1258,12 +1595,16 @@ vm_map_find_space(
        new_entry->vme_end = end;
        assert(page_aligned(new_entry->vme_start));
        assert(page_aligned(new_entry->vme_end));
        new_entry->vme_end = end;
        assert(page_aligned(new_entry->vme_start));
        assert(page_aligned(new_entry->vme_end));
+       assert(VM_MAP_PAGE_ALIGNED(new_entry->vme_start,
+                                  VM_MAP_PAGE_MASK(map)));
+       assert(VM_MAP_PAGE_ALIGNED(new_entry->vme_end,
+                                  VM_MAP_PAGE_MASK(map)));
 
        new_entry->is_shared = FALSE;
        new_entry->is_sub_map = FALSE;
 
        new_entry->is_shared = FALSE;
        new_entry->is_sub_map = FALSE;
-       new_entry->use_pmap = FALSE;
-       new_entry->object.vm_object = VM_OBJECT_NULL;
-       new_entry->offset = (vm_object_offset_t) 0;
+       new_entry->use_pmap = TRUE;
+       VME_OBJECT_SET(new_entry, VM_OBJECT_NULL);
+       VME_OFFSET_SET(new_entry, (vm_object_offset_t) 0);
 
        new_entry->needs_copy = FALSE;
 
 
        new_entry->needs_copy = FALSE;
 
@@ -1278,12 +1619,26 @@ vm_map_find_space(
        new_entry->needs_wakeup = FALSE;
        new_entry->no_cache = FALSE;
        new_entry->permanent = FALSE;
        new_entry->needs_wakeup = FALSE;
        new_entry->no_cache = FALSE;
        new_entry->permanent = FALSE;
-       new_entry->superpage_size = 0;
+       new_entry->superpage_size = FALSE;
+       if (VM_MAP_PAGE_SHIFT(map) != PAGE_SHIFT) {
+               new_entry->map_aligned = TRUE;
+       } else {
+               new_entry->map_aligned = FALSE;
+       }
 
 
-       new_entry->alias = 0;
+       new_entry->used_for_jit = FALSE;
        new_entry->zero_wired_pages = FALSE;
        new_entry->zero_wired_pages = FALSE;
+       new_entry->iokit_acct = FALSE;
+       new_entry->vme_resilient_codesign = FALSE;
+       new_entry->vme_resilient_media = FALSE;
+       if (flags & VM_FLAGS_ATOMIC_ENTRY)      
+               new_entry->vme_atomic = TRUE;
+       else
+               new_entry->vme_atomic = FALSE;
 
 
-       VM_GET_FLAGS_ALIAS(flags, new_entry->alias);
+       int alias;
+       VM_GET_FLAGS_ALIAS(flags, alias);
+       VME_ALIAS_SET(new_entry, alias);
 
        /*
         *      Insert the new entry into the list
 
        /*
         *      Insert the new entry into the list
@@ -1319,12 +1674,12 @@ int vm_map_pmap_enter_enable = FALSE;
  *     In/out conditions:
  *             The source map should not be locked on entry.
  */
  *     In/out conditions:
  *             The source map should not be locked on entry.
  */
-static void
+__unused static void
 vm_map_pmap_enter(
        vm_map_t                map,
 vm_map_pmap_enter(
        vm_map_t                map,
-       register vm_map_offset_t        addr,
-       register vm_map_offset_t        end_addr,
-       register vm_object_t    object,
+       vm_map_offset_t         addr,
+       vm_map_offset_t         end_addr,
+       vm_object_t             object,
        vm_object_offset_t      offset,
        vm_prot_t               protection)
 {
        vm_object_offset_t      offset,
        vm_prot_t               protection)
 {
@@ -1335,7 +1690,18 @@ vm_map_pmap_enter(
                return;
 
        while (addr < end_addr) {
                return;
 
        while (addr < end_addr) {
-               register vm_page_t      m;
+               vm_page_t       m;
+
+
+               /*
+                * TODO:
+                * From vm_map_enter(), we come into this function without the map
+                * lock held or the object lock held.
+                * We haven't taken a reference on the object either.
+                * We should do a proper lookup on the map to make sure
+                * that things are sane before we go locking objects that
+                * could have been deallocated from under us.
+                */
 
                vm_object_lock(object);
 
 
                vm_object_lock(object);
 
@@ -1360,6 +1726,9 @@ vm_map_pmap_enter(
                type_of_fault = DBG_CACHE_HIT_FAULT;
                kr = vm_fault_enter(m, map->pmap, addr, protection, protection,
                                    VM_PAGE_WIRED(m), FALSE, FALSE, FALSE,
                type_of_fault = DBG_CACHE_HIT_FAULT;
                kr = vm_fault_enter(m, map->pmap, addr, protection, protection,
                                    VM_PAGE_WIRED(m), FALSE, FALSE, FALSE,
+                                   0, /* XXX need user tag / alias? */
+                                   0, /* alternate accounting? */
+                                   NULL,
                                    &type_of_fault);
 
                vm_object_unlock(object);
                                    &type_of_fault);
 
                vm_object_unlock(object);
@@ -1404,6 +1773,59 @@ boolean_t vm_map_pmap_is_empty(
 #endif /* MACHINE_PMAP_IS_EMPTY */
 }
 
 #endif /* MACHINE_PMAP_IS_EMPTY */
 }
 
+#define MAX_TRIES_TO_GET_RANDOM_ADDRESS        1000
+kern_return_t
+vm_map_random_address_for_size(
+       vm_map_t        map,
+       vm_map_offset_t *address,
+       vm_map_size_t   size)
+{
+       kern_return_t   kr = KERN_SUCCESS;
+       int             tries = 0;
+       vm_map_offset_t random_addr = 0;
+       vm_map_offset_t hole_end;
+
+       vm_map_entry_t  next_entry = VM_MAP_ENTRY_NULL;
+       vm_map_entry_t  prev_entry = VM_MAP_ENTRY_NULL;
+       vm_map_size_t   vm_hole_size = 0;
+       vm_map_size_t   addr_space_size;
+
+       addr_space_size = vm_map_max(map) - vm_map_min(map);
+
+       assert(page_aligned(size));
+
+       while (tries < MAX_TRIES_TO_GET_RANDOM_ADDRESS) {
+               random_addr = ((vm_map_offset_t)random()) << PAGE_SHIFT;
+               random_addr = vm_map_trunc_page(
+                       vm_map_min(map) +(random_addr % addr_space_size),
+                       VM_MAP_PAGE_MASK(map));
+
+               if (vm_map_lookup_entry(map, random_addr, &prev_entry) == FALSE) {
+                       if (prev_entry == vm_map_to_entry(map)) {
+                               next_entry = vm_map_first_entry(map);
+                       } else {
+                               next_entry = prev_entry->vme_next;
+                       }
+                       if (next_entry == vm_map_to_entry(map)) {
+                               hole_end = vm_map_max(map);
+                       } else {
+                               hole_end = next_entry->vme_start;
+                       }
+                       vm_hole_size = hole_end - random_addr;
+                       if (vm_hole_size >= size) {
+                               *address = random_addr;
+                               break;
+                       }
+               }
+               tries++;
+       }
+
+       if (tries == MAX_TRIES_TO_GET_RANDOM_ADDRESS) {
+               kr = KERN_NO_SPACE;
+       }
+       return kr;
+}
+
 /*
  *     Routine:        vm_map_enter
  *
 /*
  *     Routine:        vm_map_enter
  *
@@ -1442,16 +1864,24 @@ vm_map_enter(
        boolean_t               map_locked = FALSE;
        boolean_t               pmap_empty = TRUE;
        boolean_t               new_mapping_established = FALSE;
        boolean_t               map_locked = FALSE;
        boolean_t               pmap_empty = TRUE;
        boolean_t               new_mapping_established = FALSE;
+       boolean_t               keep_map_locked = ((flags & VM_FLAGS_KEEP_MAP_LOCKED) != 0);
        boolean_t               anywhere = ((flags & VM_FLAGS_ANYWHERE) != 0);
        boolean_t               purgable = ((flags & VM_FLAGS_PURGABLE) != 0);
        boolean_t               overwrite = ((flags & VM_FLAGS_OVERWRITE) != 0);
        boolean_t               no_cache = ((flags & VM_FLAGS_NO_CACHE) != 0);
        boolean_t               is_submap = ((flags & VM_FLAGS_SUBMAP) != 0);
        boolean_t               permanent = ((flags & VM_FLAGS_PERMANENT) != 0);
        boolean_t               anywhere = ((flags & VM_FLAGS_ANYWHERE) != 0);
        boolean_t               purgable = ((flags & VM_FLAGS_PURGABLE) != 0);
        boolean_t               overwrite = ((flags & VM_FLAGS_OVERWRITE) != 0);
        boolean_t               no_cache = ((flags & VM_FLAGS_NO_CACHE) != 0);
        boolean_t               is_submap = ((flags & VM_FLAGS_SUBMAP) != 0);
        boolean_t               permanent = ((flags & VM_FLAGS_PERMANENT) != 0);
+       boolean_t               entry_for_jit = ((flags & VM_FLAGS_MAP_JIT) != 0);
+       boolean_t               iokit_acct = ((flags & VM_FLAGS_IOKIT_ACCT) != 0);
+       boolean_t               resilient_codesign = ((flags & VM_FLAGS_RESILIENT_CODESIGN) != 0);
+       boolean_t               resilient_media = ((flags & VM_FLAGS_RESILIENT_MEDIA) != 0);
+       boolean_t               random_address = ((flags & VM_FLAGS_RANDOM_ADDR) != 0);
        unsigned int            superpage_size = ((flags & VM_FLAGS_SUPERPAGE_MASK) >> VM_FLAGS_SUPERPAGE_SHIFT);
        unsigned int            superpage_size = ((flags & VM_FLAGS_SUPERPAGE_MASK) >> VM_FLAGS_SUPERPAGE_SHIFT);
-       char                    alias;
+       vm_tag_t                alias, user_alias;
        vm_map_offset_t         effective_min_offset, effective_max_offset;
        kern_return_t           kr;
        vm_map_offset_t         effective_min_offset, effective_max_offset;
        kern_return_t           kr;
+       boolean_t               clear_map_aligned = FALSE;
+       vm_map_entry_t          hole_entry;
 
        if (superpage_size) {
                switch (superpage_size) {
 
        if (superpage_size) {
                switch (superpage_size) {
@@ -1479,14 +1909,13 @@ vm_map_enter(
        }
 
 
        }
 
 
-#if CONFIG_EMBEDDED
-       if (cur_protection & VM_PROT_WRITE){
-               if ((cur_protection & VM_PROT_EXECUTE) && !(flags & VM_FLAGS_MAP_JIT)){
-                       printf("EMBEDDED: %s curprot cannot be write+execute. turning off execute\n", __PRETTY_FUNCTION__);
-                       cur_protection &= ~VM_PROT_EXECUTE;
+
+       if (resilient_codesign || resilient_media) {
+               if ((cur_protection & (VM_PROT_WRITE | VM_PROT_EXECUTE)) ||
+                   (max_protection & (VM_PROT_WRITE | VM_PROT_EXECUTE))) {
+                       return KERN_PROTECTION_FAILURE;
                }
        }
                }
        }
-#endif /* CONFIG_EMBEDDED */
 
        if (is_submap) {
                if (purgable) {
 
        if (is_submap) {
                if (purgable) {
@@ -1533,12 +1962,41 @@ vm_map_enter(
        }
 
        VM_GET_FLAGS_ALIAS(flags, alias);
        }
 
        VM_GET_FLAGS_ALIAS(flags, alias);
+       if (map->pmap == kernel_pmap) {
+               user_alias = VM_KERN_MEMORY_NONE;
+       } else {
+               user_alias = alias;
+       }
 
 #define        RETURN(value)   { result = value; goto BailOut; }
 
        assert(page_aligned(*address));
        assert(page_aligned(size));
 
 
 #define        RETURN(value)   { result = value; goto BailOut; }
 
        assert(page_aligned(*address));
        assert(page_aligned(size));
 
+       if (!VM_MAP_PAGE_ALIGNED(size, VM_MAP_PAGE_MASK(map))) {
+               /*
+                * In most cases, the caller rounds the size up to the
+                * map's page size.
+                * If we get a size that is explicitly not map-aligned here,
+                * we'll have to respect the caller's wish and mark the
+                * mapping as "not map-aligned" to avoid tripping the
+                * map alignment checks later.
+                */
+               clear_map_aligned = TRUE;
+       }
+       if (!anywhere && 
+           !VM_MAP_PAGE_ALIGNED(*address, VM_MAP_PAGE_MASK(map))) {
+               /*
+                * We've been asked to map at a fixed address and that
+                * address is not aligned to the map's specific alignment.
+                * The caller should know what it's doing (i.e. most likely
+                * mapping some fragmented copy map, transferring memory from
+                * a VM map with a different alignment), so clear map_aligned
+                * for this new VM map entry and proceed.
+                */
+               clear_map_aligned = TRUE;
+       }
+
        /*
         * Only zero-fill objects are allowed to be purgable.
         * LP64todo - limit purgable objects to 32-bits for now
        /*
         * Only zero-fill objects are allowed to be purgable.
         * LP64todo - limit purgable objects to 32-bits for now
@@ -1565,6 +2023,8 @@ vm_map_enter(
                                            *address,
                                            *address + size,
                                            map->hdr.entries_pageable);
                                            *address,
                                            *address + size,
                                            map->hdr.entries_pageable);
+               vm_map_set_page_shift(zap_old_map, VM_MAP_PAGE_SHIFT(map));
+               vm_map_disable_hole_optimization(zap_old_map);
        }
 
 StartAgain: ;
        }
 
 StartAgain: ;
@@ -1575,12 +2035,27 @@ StartAgain: ;
                vm_map_lock(map);
                map_locked = TRUE;
                
                vm_map_lock(map);
                map_locked = TRUE;
                
-               if ((flags & VM_FLAGS_MAP_JIT) && (map->jit_entry_exists)){
-                       result = KERN_INVALID_ARGUMENT;
-                       goto BailOut;
+               if (entry_for_jit) {
+                       if (map->jit_entry_exists) {
+                               result = KERN_INVALID_ARGUMENT;
+                               goto BailOut;
+                       }
+                       random_address = TRUE;
                }
 
                }
 
-               /*
+               if (random_address) {
+                       /*
+                        * Get a random start address.
+                        */
+                       result = vm_map_random_address_for_size(map, address, size);
+                       if (result != KERN_SUCCESS) {
+                               goto BailOut;
+                       }
+                       start = *address;
+               }
+
+
+               /*
                 *      Calculate the first possible address.
                 */
 
                 *      Calculate the first possible address.
                 */
 
@@ -1598,35 +2073,82 @@ StartAgain: ;
                if( map->disable_vmentry_reuse == TRUE) {
                        VM_MAP_HIGHEST_ENTRY(map, entry, start);
                } else {
                if( map->disable_vmentry_reuse == TRUE) {
                        VM_MAP_HIGHEST_ENTRY(map, entry, start);
                } else {
-                       assert(first_free_is_valid(map));
 
 
-                       entry = map->first_free;
+                       if (map->holelistenabled) {
+                               hole_entry = (vm_map_entry_t)map->holes_list;
+
+                               if (hole_entry == NULL) {
+                                       /*
+                                        * No more space in the map?
+                                        */
+                                       result = KERN_NO_SPACE;
+                                       goto BailOut;
+                               } else {
+
+                                       boolean_t found_hole = FALSE;
+
+                                       do {
+                                               if (hole_entry->vme_start >= start) {
+                                                       start = hole_entry->vme_start;
+                                                       found_hole = TRUE;
+                                                       break;
+                                               }
+
+                                               if (hole_entry->vme_end > start) {
+                                                       found_hole = TRUE;
+                                                       break;
+                                               }
+                                               hole_entry = hole_entry->vme_next;
+
+                                       } while (hole_entry != (vm_map_entry_t) map->holes_list);
+
+                                       if (found_hole == FALSE) {
+                                               result = KERN_NO_SPACE;
+                                               goto BailOut;
+                                       }
+
+                                       entry = hole_entry;
 
 
-                       if (entry == vm_map_to_entry(map)) {
-                               entry = NULL;
+                                       if (start == 0)
+                                               start += PAGE_SIZE_64;
+                               }
                        } else {
                        } else {
-                              if (entry->vme_next == vm_map_to_entry(map)){
-                                      /*
-                                       * Hole at the end of the map.
-                                       */
+                               assert(first_free_is_valid(map));
+
+                               entry = map->first_free;
+
+                               if (entry == vm_map_to_entry(map)) {
                                        entry = NULL;
                                        entry = NULL;
-                              } else {
-                                       if (start < (entry->vme_next)->vme_start ) {
-                                               start = entry->vme_end;
-                                       } else {
-                                               /*
-                                                * Need to do a lookup.
-                                                */
+                               } else {
+                                      if (entry->vme_next == vm_map_to_entry(map)){
+                                              /*
+                                               * Hole at the end of the map.
+                                               */
                                                entry = NULL;
                                                entry = NULL;
-                                       }
-                              }
-                       }
+                                      } else {
+                                               if (start < (entry->vme_next)->vme_start ) {
+                                                       start = entry->vme_end;
+                                                       start = vm_map_round_page(start,
+                                                                                 VM_MAP_PAGE_MASK(map));
+                                               } else {
+                                                       /*
+                                                        * Need to do a lookup.
+                                                        */
+                                                       entry = NULL;
+                                               }
+                                      }
+                               }
 
 
-                       if (entry == NULL) {
-                               vm_map_entry_t  tmp_entry;
-                               if (vm_map_lookup_entry(map, start, &tmp_entry))
-                                       start = tmp_entry->vme_end;
-                               entry = tmp_entry;
+                               if (entry == NULL) {
+                                       vm_map_entry_t  tmp_entry;
+                                       if (vm_map_lookup_entry(map, start, &tmp_entry)) {
+                                               assert(!entry_for_jit);
+                                               start = tmp_entry->vme_end;
+                                               start = vm_map_round_page(start,
+                                                                         VM_MAP_PAGE_MASK(map));
+                                       }
+                                       entry = tmp_entry;
+                               }
                        }
                }
 
                        }
                }
 
@@ -1637,7 +2159,7 @@ StartAgain: ;
                 */
 
                while (TRUE) {
                 */
 
                while (TRUE) {
-                       register vm_map_entry_t next;
+                       vm_map_entry_t  next;
 
                        /*
                         *      Find the end of the proposed new region.
 
                        /*
                         *      Find the end of the proposed new region.
@@ -1646,13 +2168,18 @@ StartAgain: ;
                         */
 
                        end = ((start + mask) & ~mask);
                         */
 
                        end = ((start + mask) & ~mask);
+                       end = vm_map_round_page(end,
+                                               VM_MAP_PAGE_MASK(map));
                        if (end < start)
                                RETURN(KERN_NO_SPACE);
                        start = end;
                        if (end < start)
                                RETURN(KERN_NO_SPACE);
                        start = end;
+                       assert(VM_MAP_PAGE_ALIGNED(start,
+                                                  VM_MAP_PAGE_MASK(map)));
                        end += size;
 
                        if ((end > effective_max_offset) || (end < start)) {
                                if (map->wait_for_space) {
                        end += size;
 
                        if ((end > effective_max_offset) || (end < start)) {
                                if (map->wait_for_space) {
+                                       assert(!keep_map_locked);
                                        if (size <= (effective_max_offset -
                                                     effective_min_offset)) {
                                                assert_wait((event_t)map,
                                        if (size <= (effective_max_offset -
                                                     effective_min_offset)) {
                                                assert_wait((event_t)map,
@@ -1666,30 +2193,60 @@ StartAgain: ;
                                RETURN(KERN_NO_SPACE);
                        }
 
                                RETURN(KERN_NO_SPACE);
                        }
 
-                       /*
-                        *      If there are no more entries, we must win.
-                        */
-
                        next = entry->vme_next;
                        next = entry->vme_next;
-                       if (next == vm_map_to_entry(map))
-                               break;
 
 
-                       /*
-                        *      If there is another entry, it must be
-                        *      after the end of the potential new region.
-                        */
+                       if (map->holelistenabled) {
+                               if (entry->vme_end >= end)
+                                       break;
+                       } else {
+                               /*
+                                *      If there are no more entries, we must win.
+                                *
+                                *      OR
+                                *
+                                *      If there is another entry, it must be
+                                *      after the end of the potential new region.
+                                */
 
 
-                       if (next->vme_start >= end)
-                               break;
+                               if (next == vm_map_to_entry(map))
+                                       break;
+
+                               if (next->vme_start >= end)
+                                       break;
+                       }
 
                        /*
                         *      Didn't fit -- move to the next entry.
                         */
 
                        entry = next;
 
                        /*
                         *      Didn't fit -- move to the next entry.
                         */
 
                        entry = next;
-                       start = entry->vme_end;
+
+                       if (map->holelistenabled) {
+                               if (entry == (vm_map_entry_t) map->holes_list) {
+                                       /*
+                                        * Wrapped around
+                                        */
+                                       result = KERN_NO_SPACE;
+                                       goto BailOut;
+                               }
+                               start = entry->vme_start;
+                       } else {
+                               start = entry->vme_end;
+                       }
+
+                       start = vm_map_round_page(start,
+                                                 VM_MAP_PAGE_MASK(map));
+               }
+
+               if (map->holelistenabled) {
+                       if (vm_map_lookup_entry(map, entry->vme_start, &entry)) {
+                               panic("Found an existing entry (%p) instead of potential hole at address: 0x%llx.\n", entry, (unsigned long long)entry->vme_start);
+                       }
                }
                }
+
                *address = start;
                *address = start;
+               assert(VM_MAP_PAGE_ALIGNED(*address,
+                                          VM_MAP_PAGE_MASK(map)));
        } else {
                /*
                 *      Verify that:
        } else {
                /*
                 *      Verify that:
@@ -1721,7 +2278,8 @@ StartAgain: ;
                         * address range, saving them in our "zap_old_map".
                         */
                        (void) vm_map_delete(map, start, end,
                         * address range, saving them in our "zap_old_map".
                         */
                        (void) vm_map_delete(map, start, end,
-                                            VM_MAP_REMOVE_SAVE_ENTRIES,
+                                            (VM_MAP_REMOVE_SAVE_ENTRIES |
+                                             VM_MAP_REMOVE_NO_MAP_ALIGN),
                                             zap_old_map);
                }
 
                                             zap_old_map);
                }
 
@@ -1752,12 +2310,13 @@ StartAgain: ;
                                if (entry == vm_map_to_entry(map) ||
                                    entry->vme_start != tmp_start ||
                                    entry->is_sub_map != is_submap ||
                                if (entry == vm_map_to_entry(map) ||
                                    entry->vme_start != tmp_start ||
                                    entry->is_sub_map != is_submap ||
-                                   entry->offset != tmp_offset ||
+                                   VME_OFFSET(entry) != tmp_offset ||
                                    entry->needs_copy != needs_copy ||
                                    entry->protection != cur_protection ||
                                    entry->max_protection != max_protection ||
                                    entry->inheritance != inheritance ||
                                    entry->needs_copy != needs_copy ||
                                    entry->protection != cur_protection ||
                                    entry->max_protection != max_protection ||
                                    entry->inheritance != inheritance ||
-                                   entry->alias != alias) {
+                                   entry->iokit_acct != iokit_acct ||
+                                   VME_ALIAS(entry) != alias) {
                                        /* not the same mapping ! */
                                        RETURN(KERN_NO_SPACE);
                                }
                                        /* not the same mapping ! */
                                        RETURN(KERN_NO_SPACE);
                                }
@@ -1765,17 +2324,17 @@ StartAgain: ;
                                 * Check if the same object is being mapped.
                                 */
                                if (is_submap) {
                                 * Check if the same object is being mapped.
                                 */
                                if (is_submap) {
-                                       if (entry->object.sub_map !=
+                                       if (VME_SUBMAP(entry) !=
                                            (vm_map_t) object) {
                                                /* not the same submap */
                                                RETURN(KERN_NO_SPACE);
                                        }
                                } else {
                                            (vm_map_t) object) {
                                                /* not the same submap */
                                                RETURN(KERN_NO_SPACE);
                                        }
                                } else {
-                                       if (entry->object.vm_object != object) {
+                                       if (VME_OBJECT(entry) != object) {
                                                /* not the same VM object... */
                                                vm_object_t obj2;
 
                                                /* not the same VM object... */
                                                vm_object_t obj2;
 
-                                               obj2 = entry->object.vm_object;
+                                               obj2 = VME_OBJECT(entry);
                                                if ((obj2 == VM_OBJECT_NULL ||
                                                     obj2->internal) &&
                                                    (object == VM_OBJECT_NULL ||
                                                if ((obj2 == VM_OBJECT_NULL ||
                                                     obj2->internal) &&
                                                    (object == VM_OBJECT_NULL ||
@@ -1831,11 +2390,36 @@ StartAgain: ;
         *      semantics.
         */
 
         *      semantics.
         */
 
-       if (purgable) {
+       if (purgable || entry_for_jit) {
                if (object == VM_OBJECT_NULL) {
                if (object == VM_OBJECT_NULL) {
+
                        object = vm_object_allocate(size);
                        object->copy_strategy = MEMORY_OBJECT_COPY_NONE;
                        object = vm_object_allocate(size);
                        object->copy_strategy = MEMORY_OBJECT_COPY_NONE;
-                       object->purgable = VM_PURGABLE_NONVOLATILE;
+                       object->true_share = TRUE;
+                       if (purgable) {
+                               task_t owner;
+                               object->purgable = VM_PURGABLE_NONVOLATILE;
+                               if (map->pmap == kernel_pmap) {
+                                       /*
+                                        * Purgeable mappings made in a kernel
+                                        * map are "owned" by the kernel itself
+                                        * rather than the current user task
+                                        * because they're likely to be used by
+                                        * more than this user task (see
+                                        * execargs_purgeable_allocate(), for
+                                        * example).
+                                        */
+                                       owner = kernel_task;
+                               } else {
+                                       owner = current_task();
+                               }
+                               assert(object->vo_purgeable_owner == NULL);
+                               assert(object->resident_page_count == 0);
+                               assert(object->wired_page_count == 0);
+                               vm_object_lock(object);
+                               vm_purgeable_nonvolatile_enqueue(object, owner);
+                               vm_object_unlock(object);
+                       }
                        offset = (vm_object_offset_t)0;
                }
        } else if ((is_submap == FALSE) &&
                        offset = (vm_object_offset_t)0;
                }
        } else if ((is_submap == FALSE) &&
@@ -1844,21 +2428,38 @@ StartAgain: ;
                   (entry->vme_end == start) &&
                   (!entry->is_shared) &&
                   (!entry->is_sub_map) &&
                   (entry->vme_end == start) &&
                   (!entry->is_shared) &&
                   (!entry->is_sub_map) &&
-                  ((alias == VM_MEMORY_REALLOC) || (entry->alias == alias)) &&
-                  (entry->inheritance == inheritance) &&
+                  (!entry->in_transition) &&
+                  (!entry->needs_wakeup) &&
+                  (entry->behavior == VM_BEHAVIOR_DEFAULT) &&
                   (entry->protection == cur_protection) &&
                   (entry->max_protection == max_protection) &&
                   (entry->protection == cur_protection) &&
                   (entry->max_protection == max_protection) &&
-                  (entry->behavior == VM_BEHAVIOR_DEFAULT) &&
-                  (entry->in_transition == 0) &&
+                  (entry->inheritance == inheritance) &&
+                  ((user_alias == VM_MEMORY_REALLOC) ||
+                   (VME_ALIAS(entry) == alias)) &&
                   (entry->no_cache == no_cache) &&
                   (entry->no_cache == no_cache) &&
+                  (entry->permanent == permanent) &&
+                  (!entry->superpage_size && !superpage_size) &&
+                  /*
+                   * No coalescing if not map-aligned, to avoid propagating
+                   * that condition any further than needed:
+                   */
+                  (!entry->map_aligned || !clear_map_aligned) &&
+                  (!entry->zero_wired_pages) &&
+                  (!entry->used_for_jit && !entry_for_jit) &&
+                  (entry->iokit_acct == iokit_acct) &&
+                  (!entry->vme_resilient_codesign) &&
+                  (!entry->vme_resilient_media) &&
+                  (!entry->vme_atomic) &&
+
                   ((entry->vme_end - entry->vme_start) + size <=
                   ((entry->vme_end - entry->vme_start) + size <=
-                   (alias == VM_MEMORY_REALLOC ?
+                   (user_alias == VM_MEMORY_REALLOC ?
                     ANON_CHUNK_SIZE :
                     NO_COALESCE_LIMIT)) &&
                     ANON_CHUNK_SIZE :
                     NO_COALESCE_LIMIT)) &&
+
                   (entry->wired_count == 0)) { /* implies user_wired_count == 0 */
                   (entry->wired_count == 0)) { /* implies user_wired_count == 0 */
-               if (vm_object_coalesce(entry->object.vm_object,
+               if (vm_object_coalesce(VME_OBJECT(entry),
                                       VM_OBJECT_NULL,
                                       VM_OBJECT_NULL,
-                                      entry->offset,
+                                      VME_OFFSET(entry),
                                       (vm_object_offset_t) 0,
                                       (vm_map_size_t)(entry->vme_end - entry->vme_start),
                                       (vm_map_size_t)(end - entry->vme_end))) {
                                       (vm_object_offset_t) 0,
                                       (vm_map_size_t)(entry->vme_end - entry->vme_start),
                                       (vm_map_size_t)(end - entry->vme_end))) {
@@ -1870,8 +2471,17 @@ StartAgain: ;
                         */
                        map->size += (end - entry->vme_end);
                        assert(entry->vme_start < end);
                         */
                        map->size += (end - entry->vme_end);
                        assert(entry->vme_start < end);
+                       assert(VM_MAP_PAGE_ALIGNED(end,
+                                                  VM_MAP_PAGE_MASK(map)));
+                       if (__improbable(vm_debug_events))
+                               DTRACE_VM5(map_entry_extend, vm_map_t, map, vm_map_entry_t, entry, vm_address_t, entry->vme_start, vm_address_t, entry->vme_end, vm_address_t, end);
                        entry->vme_end = end;
                        entry->vme_end = end;
-                       vm_map_store_update_first_free(map, map->first_free);
+                       if (map->holelistenabled) {
+                               vm_map_store_update_first_free(map, entry, TRUE);
+                       } else {
+                               vm_map_store_update_first_free(map, map->first_free, TRUE);
+                       }
+                       new_mapping_established = TRUE;
                        RETURN(KERN_SUCCESS);
                }
        }
                        RETURN(KERN_SUCCESS);
                }
        }
@@ -1910,30 +2520,88 @@ StartAgain: ;
                                                        FALSE, FALSE,
                                                        cur_protection, max_protection,
                                                        VM_BEHAVIOR_DEFAULT,
                                                        FALSE, FALSE,
                                                        cur_protection, max_protection,
                                                        VM_BEHAVIOR_DEFAULT,
-                                                       (flags & VM_FLAGS_MAP_JIT)? VM_INHERIT_NONE: inheritance, 
+                                                       (entry_for_jit)? VM_INHERIT_NONE: inheritance, 
                                                        0, no_cache,
                                                        0, no_cache,
-                                                       permanent, superpage_size);
-                       new_entry->alias = alias;
-                       if (flags & VM_FLAGS_MAP_JIT){
+                                                       permanent,
+                                                       superpage_size,
+                                                       clear_map_aligned,
+                                                       is_submap);
+
+                       assert((object != kernel_object) || (VM_KERN_MEMORY_NONE != alias));
+                       VME_ALIAS_SET(new_entry, alias);
+
+                       if (entry_for_jit){
                                if (!(map->jit_entry_exists)){
                                        new_entry->used_for_jit = TRUE;
                                        map->jit_entry_exists = TRUE;
                                }
                        }
 
                                if (!(map->jit_entry_exists)){
                                        new_entry->used_for_jit = TRUE;
                                        map->jit_entry_exists = TRUE;
                                }
                        }
 
+                       if (resilient_codesign &&
+                           ! ((cur_protection | max_protection) &
+                              (VM_PROT_WRITE | VM_PROT_EXECUTE))) {
+                               new_entry->vme_resilient_codesign = TRUE;
+                       }
+
+                       if (resilient_media &&
+                           ! ((cur_protection | max_protection) &
+                              (VM_PROT_WRITE | VM_PROT_EXECUTE))) {
+                               new_entry->vme_resilient_media = TRUE;
+                       }
+
+                       assert(!new_entry->iokit_acct);
+                       if (!is_submap &&
+                           object != VM_OBJECT_NULL &&
+                           object->purgable != VM_PURGABLE_DENY) {
+                               assert(new_entry->use_pmap);
+                               assert(!new_entry->iokit_acct);
+                               /*
+                                * Turn off pmap accounting since
+                                * purgeable objects have their
+                                * own ledgers.
+                                */
+                               new_entry->use_pmap = FALSE;
+                       } else if (!is_submap &&
+                                  iokit_acct &&
+                                  object != VM_OBJECT_NULL &&
+                                  object->internal) {
+                               /* alternate accounting */
+                               assert(!new_entry->iokit_acct);
+                               assert(new_entry->use_pmap);
+                               new_entry->iokit_acct = TRUE;
+                               new_entry->use_pmap = FALSE;
+                               DTRACE_VM4(
+                                       vm_map_iokit_mapped_region,
+                                       vm_map_t, map,
+                                       vm_map_offset_t, new_entry->vme_start,
+                                       vm_map_offset_t, new_entry->vme_end,
+                                       int, VME_ALIAS(new_entry));
+                               vm_map_iokit_mapped_region(
+                                       map,
+                                       (new_entry->vme_end -
+                                        new_entry->vme_start));
+                       } else if (!is_submap) {
+                               assert(!new_entry->iokit_acct);
+                               assert(new_entry->use_pmap);
+                       }
+
                        if (is_submap) {
                                vm_map_t        submap;
                                boolean_t       submap_is_64bit;
                                boolean_t       use_pmap;
 
                        if (is_submap) {
                                vm_map_t        submap;
                                boolean_t       submap_is_64bit;
                                boolean_t       use_pmap;
 
-                               new_entry->is_sub_map = TRUE;
+                               assert(new_entry->is_sub_map);
+                               assert(!new_entry->use_pmap);
+                               assert(!new_entry->iokit_acct);
                                submap = (vm_map_t) object;
                                submap_is_64bit = vm_map_is_64bit(submap);
                                submap = (vm_map_t) object;
                                submap_is_64bit = vm_map_is_64bit(submap);
-                               use_pmap = (alias == VM_MEMORY_SHARED_PMAP);
-       #ifndef NO_NESTED_PMAP 
+                               use_pmap = (user_alias == VM_MEMORY_SHARED_PMAP);
+#ifndef NO_NESTED_PMAP
                                if (use_pmap && submap->pmap == NULL) {
                                if (use_pmap && submap->pmap == NULL) {
+                                       ledger_t ledger = map->pmap->ledger;
                                        /* we need a sub pmap to nest... */
                                        /* we need a sub pmap to nest... */
-                                       submap->pmap = pmap_create(0, submap_is_64bit);
+                                       submap->pmap = pmap_create(ledger, 0,
+                                           submap_is_64bit);
                                        if (submap->pmap == NULL) {
                                                /* let's proceed without nesting... */
                                        }
                                        if (submap->pmap == NULL) {
                                                /* let's proceed without nesting... */
                                        }
@@ -1957,7 +2625,7 @@ StartAgain: ;
                                                pmap_empty = FALSE;
                                        }
                                }
                                                pmap_empty = FALSE;
                                        }
                                }
-       #endif /* NO_NESTED_PMAP */
+#endif /* NO_NESTED_PMAP */
                        }
                        entry = new_entry;
 
                        }
                        entry = new_entry;
 
@@ -1965,29 +2633,33 @@ StartAgain: ;
                                vm_page_t pages, m;
                                vm_object_t sp_object;
 
                                vm_page_t pages, m;
                                vm_object_t sp_object;
 
-                               entry->offset = 0;
+                               VME_OFFSET_SET(entry, 0);
 
                                /* allocate one superpage */
                                kr = cpm_allocate(SUPERPAGE_SIZE, &pages, 0, SUPERPAGE_NBASEPAGES-1, TRUE, 0);
                                if (kr != KERN_SUCCESS) {
 
                                /* allocate one superpage */
                                kr = cpm_allocate(SUPERPAGE_SIZE, &pages, 0, SUPERPAGE_NBASEPAGES-1, TRUE, 0);
                                if (kr != KERN_SUCCESS) {
-                                       new_mapping_established = TRUE; /* will cause deallocation of whole range */
+                                       /* deallocate whole range... */
+                                       new_mapping_established = TRUE;
+                                       /* ... but only up to "tmp_end" */
+                                       size -= end - tmp_end;
                                        RETURN(kr);
                                }
 
                                /* create one vm_object per superpage */
                                sp_object = vm_object_allocate((vm_map_size_t)(entry->vme_end - entry->vme_start));
                                sp_object->phys_contiguous = TRUE;
                                        RETURN(kr);
                                }
 
                                /* create one vm_object per superpage */
                                sp_object = vm_object_allocate((vm_map_size_t)(entry->vme_end - entry->vme_start));
                                sp_object->phys_contiguous = TRUE;
-                               sp_object->vo_shadow_offset = (vm_object_offset_t)pages->phys_page*PAGE_SIZE;
-                               entry->object.vm_object = sp_object;
+                               sp_object->vo_shadow_offset = (vm_object_offset_t)VM_PAGE_GET_PHYS_PAGE(pages)*PAGE_SIZE;
+                               VME_OBJECT_SET(entry, sp_object);
+                               assert(entry->use_pmap);
 
                                /* enter the base pages into the object */
                                vm_object_lock(sp_object);
                                for (offset = 0; offset < SUPERPAGE_SIZE; offset += PAGE_SIZE) {
                                        m = pages;
 
                                /* enter the base pages into the object */
                                vm_object_lock(sp_object);
                                for (offset = 0; offset < SUPERPAGE_SIZE; offset += PAGE_SIZE) {
                                        m = pages;
-                                       pmap_zero_page(m->phys_page);
+                                       pmap_zero_page(VM_PAGE_GET_PHYS_PAGE(m));
                                        pages = NEXT_PAGE(m);
                                        *(NEXT_PAGE_PTR(m)) = VM_PAGE_NULL;
                                        pages = NEXT_PAGE(m);
                                        *(NEXT_PAGE_PTR(m)) = VM_PAGE_NULL;
-                                       vm_page_insert(m, sp_object, offset);
+                                       vm_page_insert_wired(m, sp_object, offset, VM_KERN_MEMORY_OSFMK);
                                }
                                vm_object_unlock(sp_object);
                        }
                                }
                                vm_object_unlock(sp_object);
                        }
@@ -1997,46 +2669,23 @@ StartAgain: ;
                          tmp_end + (vm_map_size_t)ANON_CHUNK_SIZE : tmp2_end));
        }
 
                          tmp_end + (vm_map_size_t)ANON_CHUNK_SIZE : tmp2_end));
        }
 
-       vm_map_unlock(map);
-       map_locked = FALSE;
-
        new_mapping_established = TRUE;
 
        new_mapping_established = TRUE;
 
-       /*      Wire down the new entry if the user
-        *      requested all new map entries be wired.
-        */
-       if ((map->wiring_required)||(superpage_size)) {
-               pmap_empty = FALSE; /* pmap won't be empty */
-               result = vm_map_wire(map, start, end,
-                                    new_entry->protection, TRUE);
-               RETURN(result);
-       }
-
-       if ((object != VM_OBJECT_NULL) &&
-           (vm_map_pmap_enter_enable) &&
-           (!anywhere)  &&
-           (!needs_copy) && 
-           (size < (128*1024))) {
-               pmap_empty = FALSE; /* pmap won't be empty */
+BailOut:
+       assert(map_locked == TRUE);
 
 
-               if (override_nx(map, alias) && cur_protection)
-                       cur_protection |= VM_PROT_EXECUTE;
-
-               vm_map_pmap_enter(map, start, end, 
-                                 object, offset, cur_protection);
-       }
-
-BailOut: ;
        if (result == KERN_SUCCESS) {
                vm_prot_t pager_prot;
                memory_object_t pager;
 
        if (result == KERN_SUCCESS) {
                vm_prot_t pager_prot;
                memory_object_t pager;
 
+#if DEBUG
                if (pmap_empty &&
                    !(flags & VM_FLAGS_NO_PMAP_CHECK)) {
                        assert(vm_map_pmap_is_empty(map,
                                                    *address,
                                                    *address+size));
                }
                if (pmap_empty &&
                    !(flags & VM_FLAGS_NO_PMAP_CHECK)) {
                        assert(vm_map_pmap_is_empty(map,
                                                    *address,
                                                    *address+size));
                }
+#endif /* DEBUG */
 
                /*
                 * For "named" VM objects, let the pager know that the
 
                /*
                 * For "named" VM objects, let the pager know that the
@@ -2076,7 +2725,36 @@ BailOut: ;
                        }
                        vm_object_unlock(object);
                }
                        }
                        vm_object_unlock(object);
                }
-       } else {
+       }
+
+       assert(map_locked == TRUE);
+
+       if (!keep_map_locked) {
+               vm_map_unlock(map);
+               map_locked = FALSE;
+       }
+
+       /*
+        * We can't hold the map lock if we enter this block.
+        */
+
+       if (result == KERN_SUCCESS) {
+
+               /*      Wire down the new entry if the user
+                *      requested all new map entries be wired.
+                */
+               if ((map->wiring_required)||(superpage_size)) {
+                       assert(!keep_map_locked);
+                       pmap_empty = FALSE; /* pmap won't be empty */
+                       kr = vm_map_wire(map, start, end,
+                                            new_entry->protection | VM_PROT_MEMORY_TAG_MAKE(VM_KERN_MEMORY_MLOCK),
+                                            TRUE);
+                       result = kr;
+               }
+
+       }
+
+       if (result != KERN_SUCCESS) {
                if (new_mapping_established) {
                        /*
                         * We have to get rid of the new mappings since we
                if (new_mapping_established) {
                        /*
                         * We have to get rid of the new mappings since we
@@ -2088,12 +2766,17 @@ BailOut: ;
                                                    *address,
                                                    *address + size,
                                                    map->hdr.entries_pageable);
                                                    *address,
                                                    *address + size,
                                                    map->hdr.entries_pageable);
+                       vm_map_set_page_shift(zap_new_map,
+                                             VM_MAP_PAGE_SHIFT(map));
+                       vm_map_disable_hole_optimization(zap_new_map);
+
                        if (!map_locked) {
                                vm_map_lock(map);
                                map_locked = TRUE;
                        }
                        (void) vm_map_delete(map, *address, *address+size,
                        if (!map_locked) {
                                vm_map_lock(map);
                                map_locked = TRUE;
                        }
                        (void) vm_map_delete(map, *address, *address+size,
-                                            VM_MAP_REMOVE_SAVE_ENTRIES,
+                                            (VM_MAP_REMOVE_SAVE_ENTRIES |
+                                             VM_MAP_REMOVE_NO_MAP_ALIGN),
                                             zap_new_map);
                }
                if (zap_old_map != VM_MAP_NULL &&
                                             zap_new_map);
                }
                if (zap_old_map != VM_MAP_NULL &&
@@ -2152,7 +2835,11 @@ BailOut: ;
                }
        }
 
                }
        }
 
-       if (map_locked) {
+       /*
+        * The caller is responsible for releasing the lock if it requested to
+        * keep the map locked.
+        */
+       if (map_locked && !keep_map_locked) {
                vm_map_unlock(map);
        }
 
                vm_map_unlock(map);
        }
 
@@ -2174,8 +2861,15 @@ BailOut: ;
 #undef RETURN
 }
 
 #undef RETURN
 }
 
-kern_return_t
-vm_map_enter_mem_object(
+
+/*
+ * Counters for the prefault optimization.
+ */
+int64_t vm_prefault_nb_pages = 0;
+int64_t vm_prefault_nb_bailout = 0;
+
+static kern_return_t
+vm_map_enter_mem_object_helper(
        vm_map_t                target_map,
        vm_map_offset_t         *address,
        vm_map_size_t           initial_size,
        vm_map_t                target_map,
        vm_map_offset_t         *address,
        vm_map_size_t           initial_size,
@@ -2186,7 +2880,9 @@ vm_map_enter_mem_object(
        boolean_t               copy,
        vm_prot_t               cur_protection,
        vm_prot_t               max_protection,
        boolean_t               copy,
        vm_prot_t               cur_protection,
        vm_prot_t               max_protection,
-       vm_inherit_t            inheritance)
+       vm_inherit_t            inheritance,
+       upl_page_list_ptr_t     page_list,
+       unsigned int            page_list_count)
 {
        vm_map_address_t        map_addr;
        vm_map_size_t           map_size;
 {
        vm_map_address_t        map_addr;
        vm_map_size_t           map_size;
@@ -2194,6 +2890,8 @@ vm_map_enter_mem_object(
        vm_object_size_t        size;
        kern_return_t           result;
        boolean_t               mask_cur_protection, mask_max_protection;
        vm_object_size_t        size;
        kern_return_t           result;
        boolean_t               mask_cur_protection, mask_max_protection;
+       boolean_t               try_prefault = (page_list_count != 0);
+       vm_map_offset_t         offset_in_mapping = 0;
 
        mask_cur_protection = cur_protection & VM_PROT_IS_MASK;
        mask_max_protection = max_protection & VM_PROT_IS_MASK;
 
        mask_cur_protection = cur_protection & VM_PROT_IS_MASK;
        mask_max_protection = max_protection & VM_PROT_IS_MASK;
@@ -2207,12 +2905,18 @@ vm_map_enter_mem_object(
            (cur_protection & ~VM_PROT_ALL) ||
            (max_protection & ~VM_PROT_ALL) ||
            (inheritance > VM_INHERIT_LAST_VALID) ||
            (cur_protection & ~VM_PROT_ALL) ||
            (max_protection & ~VM_PROT_ALL) ||
            (inheritance > VM_INHERIT_LAST_VALID) ||
-           initial_size == 0)
+           (try_prefault && (copy || !page_list)) ||
+           initial_size == 0) {
                return KERN_INVALID_ARGUMENT;
                return KERN_INVALID_ARGUMENT;
+       }
        
        
-       map_addr = vm_map_trunc_page(*address);
-       map_size = vm_map_round_page(initial_size);
-       size = vm_object_round_page(initial_size);      
+       {
+               map_addr = vm_map_trunc_page(*address,
+                                            VM_MAP_PAGE_MASK(target_map));
+               map_size = vm_map_round_page(initial_size,
+                                            VM_MAP_PAGE_MASK(target_map));
+       }
+       size = vm_object_round_page(initial_size);
 
        /*
         * Find the vm object (if any) corresponding to this port.
 
        /*
         * Find the vm object (if any) corresponding to this port.
@@ -2225,6 +2929,12 @@ vm_map_enter_mem_object(
                vm_named_entry_t        named_entry;
 
                named_entry = (vm_named_entry_t) port->ip_kobject;
                vm_named_entry_t        named_entry;
 
                named_entry = (vm_named_entry_t) port->ip_kobject;
+
+               if (flags & (VM_FLAGS_RETURN_DATA_ADDR |
+                            VM_FLAGS_RETURN_4K_DATA_ADDR)) {
+                       offset += named_entry->data_offset;
+               }
+               
                /* a few checks to make sure user is obeying rules */
                if (size == 0) {
                        if (offset >= named_entry->size)
                /* a few checks to make sure user is obeying rules */
                if (size == 0) {
                        if (offset >= named_entry->size)
@@ -2243,17 +2953,62 @@ vm_map_enter_mem_object(
                if ((named_entry->protection & cur_protection) !=
                    cur_protection)
                        return KERN_INVALID_RIGHT;
                if ((named_entry->protection & cur_protection) !=
                    cur_protection)
                        return KERN_INVALID_RIGHT;
-               if (named_entry->size < (offset + size))
+               if (offset + size < offset) {
+                       /* overflow */
                        return KERN_INVALID_ARGUMENT;
                        return KERN_INVALID_ARGUMENT;
+               }
+               if (named_entry->size < (offset + initial_size)) {
+                       return KERN_INVALID_ARGUMENT;
+               }
+
+               if (named_entry->is_copy) {
+                       /* for a vm_map_copy, we can only map it whole */
+                       if ((size != named_entry->size) &&
+                           (vm_map_round_page(size,
+                                              VM_MAP_PAGE_MASK(target_map)) ==
+                            named_entry->size)) {
+                               /* XXX FBDP use the rounded size... */
+                               size = vm_map_round_page(
+                                       size,
+                                       VM_MAP_PAGE_MASK(target_map));
+                       }
+                               
+                       if (!(flags & VM_FLAGS_ANYWHERE) &&
+                           (offset != 0 ||
+                            size != named_entry->size)) {
+                               /*
+                                * XXX for a mapping at a "fixed" address,
+                                * we can't trim after mapping the whole
+                                * memory entry, so reject a request for a
+                                * partial mapping.
+                                */
+                               return KERN_INVALID_ARGUMENT;
+                       }
+               }
 
                /* the callers parameter offset is defined to be the */
                /* offset from beginning of named entry offset in object */
                offset = offset + named_entry->offset;
                
 
                /* the callers parameter offset is defined to be the */
                /* offset from beginning of named entry offset in object */
                offset = offset + named_entry->offset;
                
+               if (! VM_MAP_PAGE_ALIGNED(size,
+                                         VM_MAP_PAGE_MASK(target_map))) {
+                       /*
+                        * Let's not map more than requested;
+                        * vm_map_enter() will handle this "not map-aligned"
+                        * case.
+                        */
+                       map_size = size;
+               }
+
                named_entry_lock(named_entry);
                if (named_entry->is_sub_map) {
                        vm_map_t                submap;
 
                named_entry_lock(named_entry);
                if (named_entry->is_sub_map) {
                        vm_map_t                submap;
 
+                       if (flags & (VM_FLAGS_RETURN_DATA_ADDR |
+                                    VM_FLAGS_RETURN_4K_DATA_ADDR)) {
+                               panic("VM_FLAGS_RETURN_DATA_ADDR not expected for submap.");
+                       }
+
                        submap = named_entry->backing.map;
                        vm_map_lock(submap);
                        vm_map_reference(submap);
                        submap = named_entry->backing.map;
                        vm_map_lock(submap);
                        vm_map_reference(submap);
@@ -2280,16 +3035,20 @@ vm_map_enter_mem_object(
                                 * once it's been set and if we race, we'll
                                 * just end up setting it twice, which is OK.
                                 */
                                 * once it's been set and if we race, we'll
                                 * just end up setting it twice, which is OK.
                                 */
-                               if (submap->mapped == FALSE) {
+                               if (submap->mapped_in_other_pmaps == FALSE &&
+                                   vm_map_pmap(submap) != PMAP_NULL &&
+                                   vm_map_pmap(submap) !=
+                                   vm_map_pmap(target_map)) {
                                        /*
                                        /*
-                                        * This submap has never been mapped.
-                                        * Set its "mapped" flag now that it
-                                        * has been mapped.
-                                        * This happens only for the first ever
-                                        * mapping of a "submap".
+                                        * This submap is being mapped in a map
+                                        * that uses a different pmap.
+                                        * Set its "mapped_in_other_pmaps" flag
+                                        * to indicate that we now need to 
+                                        * remove mappings from all pmaps rather
+                                        * than just the submap's pmap.
                                         */
                                        vm_map_lock(submap);
                                         */
                                        vm_map_lock(submap);
-                                       submap->mapped = TRUE;
+                                       submap->mapped_in_other_pmaps = TRUE;
                                        vm_map_unlock(submap);
                                }
                                *address = map_addr;
                                        vm_map_unlock(submap);
                                }
                                *address = map_addr;
@@ -2304,6 +3063,11 @@ vm_map_enter_mem_object(
                        protections = named_entry->protection & VM_PROT_ALL;
                        access = GET_MAP_MEM(named_entry->protection);
 
                        protections = named_entry->protection & VM_PROT_ALL;
                        access = GET_MAP_MEM(named_entry->protection);
 
+                       if (flags & (VM_FLAGS_RETURN_DATA_ADDR|
+                                    VM_FLAGS_RETURN_4K_DATA_ADDR)) {
+                               panic("VM_FLAGS_RETURN_DATA_ADDR not expected for submap.");
+                       }
+
                        object = vm_object_enter(named_entry->backing.pager, 
                                                 named_entry->size, 
                                                 named_entry->internal, 
                        object = vm_object_enter(named_entry->backing.pager, 
                                                 named_entry->size, 
                                                 named_entry->internal, 
@@ -2329,6 +3093,8 @@ vm_map_enter_mem_object(
                                wimg_mode = VM_WIMG_IO;
                        } else if (access == MAP_MEM_COPYBACK) {
                                wimg_mode = VM_WIMG_USE_DEFAULT;
                                wimg_mode = VM_WIMG_IO;
                        } else if (access == MAP_MEM_COPYBACK) {
                                wimg_mode = VM_WIMG_USE_DEFAULT;
+                       } else if (access == MAP_MEM_INNERWBACK) {
+                               wimg_mode = VM_WIMG_INNERWBACK;
                        } else if (access == MAP_MEM_WTHRU) {
                                wimg_mode = VM_WIMG_WTHRU;
                        } else if (access == MAP_MEM_WCOMB) {
                        } else if (access == MAP_MEM_WTHRU) {
                                wimg_mode = VM_WIMG_WTHRU;
                        } else if (access == MAP_MEM_WCOMB) {
@@ -2349,11 +3115,272 @@ vm_map_enter_mem_object(
                        if (object->wimg_bits != wimg_mode)
                                vm_object_change_wimg_mode(object, wimg_mode);
 
                        if (object->wimg_bits != wimg_mode)
                                vm_object_change_wimg_mode(object, wimg_mode);
 
+#if VM_OBJECT_TRACKING_OP_TRUESHARE
+                       if (!object->true_share &&
+                           vm_object_tracking_inited) {
+                               void *bt[VM_OBJECT_TRACKING_BTDEPTH];
+                               int num = 0;
+
+                               num = OSBacktrace(bt,
+                                                 VM_OBJECT_TRACKING_BTDEPTH);
+                               btlog_add_entry(vm_object_tracking_btlog,
+                                               object,
+                                               VM_OBJECT_TRACKING_OP_TRUESHARE,
+                                               bt,
+                                               num);
+                       }
+#endif /* VM_OBJECT_TRACKING_OP_TRUESHARE */
+
                        object->true_share = TRUE;
 
                        if (object->copy_strategy == MEMORY_OBJECT_COPY_SYMMETRIC)
                                object->copy_strategy = MEMORY_OBJECT_COPY_DELAY;
                        vm_object_unlock(object);
                        object->true_share = TRUE;
 
                        if (object->copy_strategy == MEMORY_OBJECT_COPY_SYMMETRIC)
                                object->copy_strategy = MEMORY_OBJECT_COPY_DELAY;
                        vm_object_unlock(object);
+
+               } else if (named_entry->is_copy) {
+                       kern_return_t   kr;
+                       vm_map_copy_t   copy_map;
+                       vm_map_entry_t  copy_entry;
+                       vm_map_offset_t copy_addr;
+
+                       if (flags & ~(VM_FLAGS_FIXED |
+                                     VM_FLAGS_ANYWHERE |
+                                     VM_FLAGS_OVERWRITE |
+                                     VM_FLAGS_IOKIT_ACCT |
+                                     VM_FLAGS_RETURN_4K_DATA_ADDR |
+                                     VM_FLAGS_RETURN_DATA_ADDR |
+                                     VM_FLAGS_ALIAS_MASK)) {
+                               named_entry_unlock(named_entry);
+                               return KERN_INVALID_ARGUMENT;
+                       }
+
+                       if (flags & (VM_FLAGS_RETURN_DATA_ADDR |
+                                    VM_FLAGS_RETURN_4K_DATA_ADDR)) {
+                               offset_in_mapping = offset - vm_object_trunc_page(offset);
+                               if (flags & VM_FLAGS_RETURN_4K_DATA_ADDR)
+                                       offset_in_mapping &= ~((signed)(0xFFF));
+                               offset = vm_object_trunc_page(offset);
+                               map_size = vm_object_round_page(offset + offset_in_mapping + initial_size) - offset;
+                       }
+
+                       copy_map = named_entry->backing.copy;
+                       assert(copy_map->type == VM_MAP_COPY_ENTRY_LIST);
+                       if (copy_map->type != VM_MAP_COPY_ENTRY_LIST) {
+                               /* unsupported type; should not happen */
+                               printf("vm_map_enter_mem_object: "
+                                      "memory_entry->backing.copy "
+                                      "unsupported type 0x%x\n",
+                                      copy_map->type);
+                               named_entry_unlock(named_entry);
+                               return KERN_INVALID_ARGUMENT;
+                       }
+
+                       /* reserve a contiguous range */
+                       kr = vm_map_enter(target_map,
+                                         &map_addr,
+                                         /* map whole mem entry, trim later: */
+                                         named_entry->size,
+                                         mask,
+                                         flags & (VM_FLAGS_ANYWHERE |
+                                                  VM_FLAGS_OVERWRITE |
+                                                  VM_FLAGS_IOKIT_ACCT |
+                                                  VM_FLAGS_RETURN_4K_DATA_ADDR |
+                                                  VM_FLAGS_RETURN_DATA_ADDR |
+                                                  VM_FLAGS_ALIAS_MASK),
+                                         VM_OBJECT_NULL,
+                                         0,
+                                         FALSE, /* copy */
+                                         cur_protection,
+                                         max_protection,
+                                         inheritance);
+                       if (kr != KERN_SUCCESS) {
+                               named_entry_unlock(named_entry);
+                               return kr;
+                       }
+
+                       copy_addr = map_addr;
+
+                       for (copy_entry = vm_map_copy_first_entry(copy_map);
+                            copy_entry != vm_map_copy_to_entry(copy_map);
+                            copy_entry = copy_entry->vme_next) {
+                               int                     remap_flags = 0;
+                               vm_map_t                copy_submap;
+                               vm_object_t             copy_object;
+                               vm_map_size_t           copy_size;
+                               vm_object_offset_t      copy_offset;
+                               int                     copy_vm_alias;
+
+                               copy_object = VME_OBJECT(copy_entry);
+                               copy_offset = VME_OFFSET(copy_entry);
+                               copy_size = (copy_entry->vme_end -
+                                            copy_entry->vme_start);
+                               VM_GET_FLAGS_ALIAS(flags, copy_vm_alias);
+                               if (copy_vm_alias == 0) {
+                                       /*
+                                        * Caller does not want a specific
+                                        * alias for this new mapping:  use
+                                        * the alias of the original mapping.
+                                        */
+                                       copy_vm_alias = VME_ALIAS(copy_entry);
+                               }
+
+                               /* sanity check */
+                               if ((copy_addr + copy_size) >
+                                   (map_addr +
+                                    named_entry->size /* XXX full size */ )) {
+                                       /* over-mapping too much !? */
+                                       kr = KERN_INVALID_ARGUMENT;
+                                       /* abort */
+                                       break;
+                               }
+
+                               /* take a reference on the object */
+                               if (copy_entry->is_sub_map) {
+                                       remap_flags |= VM_FLAGS_SUBMAP;
+                                       copy_submap = VME_SUBMAP(copy_entry);
+                                       vm_map_lock(copy_submap);
+                                       vm_map_reference(copy_submap);
+                                       vm_map_unlock(copy_submap);
+                                       copy_object = (vm_object_t) copy_submap;
+                               } else if (!copy &&
+                                          copy_object != VM_OBJECT_NULL &&
+                                          (copy_entry->needs_copy ||
+                                           copy_object->shadowed ||
+                                           (!copy_object->true_share &&
+                                            !copy_entry->is_shared &&
+                                            copy_object->vo_size > copy_size))) {
+                                       /*
+                                        * We need to resolve our side of this
+                                        * "symmetric" copy-on-write now; we
+                                        * need a new object to map and share,
+                                        * instead of the current one which
+                                        * might still be shared with the
+                                        * original mapping.
+                                        *
+                                        * Note: A "vm_map_copy_t" does not
+                                        * have a lock but we're protected by
+                                        * the named entry's lock here.
+                                        */
+                                       // assert(copy_object->copy_strategy == MEMORY_OBJECT_COPY_SYMMETRIC);
+                                       VME_OBJECT_SHADOW(copy_entry, copy_size);
+                                       if (!copy_entry->needs_copy &&
+                                           copy_entry->protection & VM_PROT_WRITE) {
+                                               vm_prot_t prot;
+
+                                               prot = copy_entry->protection & ~VM_PROT_WRITE;
+                                               vm_object_pmap_protect(copy_object,
+                                                                      copy_offset,
+                                                                      copy_size,
+                                                                      PMAP_NULL,
+                                                                      0,
+                                                                      prot);
+                                       }
+
+                                       copy_entry->needs_copy = FALSE;
+                                       copy_entry->is_shared = TRUE;
+                                       copy_object = VME_OBJECT(copy_entry);
+                                       copy_offset = VME_OFFSET(copy_entry);
+                                       vm_object_lock(copy_object);
+                                       vm_object_reference_locked(copy_object);
+                                       if (copy_object->copy_strategy == MEMORY_OBJECT_COPY_SYMMETRIC) {
+                                               /* we're about to make a shared mapping of this object */
+                                               copy_object->copy_strategy = MEMORY_OBJECT_COPY_DELAY;
+                                               copy_object->true_share = TRUE;
+                                       }
+                                       vm_object_unlock(copy_object);
+                               } else {
+                                       /*
+                                        * We already have the right object
+                                        * to map.
+                                        */
+                                       copy_object = VME_OBJECT(copy_entry);
+                                       vm_object_reference(copy_object);
+                               }
+
+                               /* over-map the object into destination */
+                               remap_flags |= flags;
+                               remap_flags |= VM_FLAGS_FIXED;
+                               remap_flags |= VM_FLAGS_OVERWRITE;
+                               remap_flags &= ~VM_FLAGS_ANYWHERE;
+                               remap_flags |= VM_MAKE_TAG(copy_vm_alias);
+                               if (!copy && !copy_entry->is_sub_map) {
+                                       /*
+                                        * copy-on-write should have been
+                                        * resolved at this point, or we would
+                                        * end up sharing instead of copying.
+                                        */
+                                       assert(!copy_entry->needs_copy);
+                               }
+                               kr = vm_map_enter(target_map,
+                                                 &copy_addr,
+                                                 copy_size,
+                                                 (vm_map_offset_t) 0,
+                                                 remap_flags,
+                                                 copy_object,
+                                                 copy_offset,
+                                                 copy,
+                                                 cur_protection,
+                                                 max_protection,
+                                                 inheritance);
+                               if (kr != KERN_SUCCESS) {
+                                       if (copy_entry->is_sub_map) {
+                                               vm_map_deallocate(copy_submap);
+                                       } else {
+                                               vm_object_deallocate(copy_object);
+                                       }
+                                       /* abort */
+                                       break;
+                               }
+
+                               /* next mapping */
+                               copy_addr += copy_size;
+                       }
+                       
+                       if (kr == KERN_SUCCESS) {
+                               if (flags & (VM_FLAGS_RETURN_DATA_ADDR |
+                                            VM_FLAGS_RETURN_4K_DATA_ADDR)) {
+                                       *address = map_addr + offset_in_mapping;
+                               } else {
+                                       *address = map_addr;
+                               }
+
+                               if (offset) {
+                                       /*
+                                        * Trim in front, from 0 to "offset".
+                                        */
+                                       vm_map_remove(target_map,
+                                                     map_addr,
+                                                     map_addr + offset,
+                                                     0);
+                                       *address += offset;
+                               }
+                               if (offset + map_size < named_entry->size) {
+                                       /*
+                                        * Trim in back, from
+                                        * "offset + map_size" to
+                                        * "named_entry->size".
+                                        */
+                                       vm_map_remove(target_map,
+                                                     (map_addr +
+                                                      offset + map_size),
+                                                     (map_addr +
+                                                      named_entry->size),
+                                                     0);
+                               }
+                       }
+                       named_entry_unlock(named_entry);
+
+                       if (kr != KERN_SUCCESS) {
+                               if (! (flags & VM_FLAGS_OVERWRITE)) {
+                                       /* deallocate the contiguous range */
+                                       (void) vm_deallocate(target_map,
+                                                            map_addr,
+                                                            map_size);
+                               }
+                       }
+
+                       return kr;
+                       
                } else {
                        /* This is the case where we are going to map */
                        /* an already mapped object.  If the object is */
                } else {
                        /* This is the case where we are going to map */
                        /* an already mapped object.  If the object is */
@@ -2361,6 +3388,15 @@ vm_map_enter_mem_object(
                        /* object cannot be mapped until it is ready  */
                        /* we can therefore avoid the ready check     */
                        /* in this case.  */
                        /* object cannot be mapped until it is ready  */
                        /* we can therefore avoid the ready check     */
                        /* in this case.  */
+                       if (flags & (VM_FLAGS_RETURN_DATA_ADDR |
+                                    VM_FLAGS_RETURN_4K_DATA_ADDR)) {
+                               offset_in_mapping = offset - vm_object_trunc_page(offset);
+                               if (flags & VM_FLAGS_RETURN_4K_DATA_ADDR)
+                                       offset_in_mapping &= ~((signed)(0xFFF));
+                               offset = vm_object_trunc_page(offset);
+                               map_size = vm_object_round_page(offset + offset_in_mapping + initial_size) - offset;
+                       } 
+
                        object = named_entry->backing.object;
                        assert(object != VM_OBJECT_NULL);
                        named_entry_unlock(named_entry);
                        object = named_entry->backing.object;
                        assert(object != VM_OBJECT_NULL);
                        named_entry_unlock(named_entry);
@@ -2375,7 +3411,11 @@ vm_map_enter_mem_object(
                 * this case, the port isn't really a port at all, but
                 * instead is just a raw memory object.
                 */
                 * this case, the port isn't really a port at all, but
                 * instead is just a raw memory object.
                 */
-                
+               if (flags & (VM_FLAGS_RETURN_DATA_ADDR |
+                            VM_FLAGS_RETURN_4K_DATA_ADDR)) {
+                       panic("VM_FLAGS_RETURN_DATA_ADDR not expected for raw memory object.");
+               }
+
                object = vm_object_enter((memory_object_t)port,
                                         size, FALSE, FALSE, FALSE);
                if (object == VM_OBJECT_NULL)
                object = vm_object_enter((memory_object_t)port,
                                         size, FALSE, FALSE, FALSE);
                if (object == VM_OBJECT_NULL)
@@ -2456,7 +3496,8 @@ vm_map_enter_mem_object(
                vm_object_t             new_object;
                vm_object_offset_t      new_offset;
 
                vm_object_t             new_object;
                vm_object_offset_t      new_offset;
 
-               result = vm_object_copy_strategically(object, offset, size,
+               result = vm_object_copy_strategically(object, offset,
+                                                     map_size,
                                                      &new_object, &new_offset,
                                                      &copy);
 
                                                      &new_object, &new_offset,
                                                      &copy);
 
@@ -2478,7 +3519,8 @@ vm_map_enter_mem_object(
                        new_object = object;
                        new_offset = offset;
                        success = vm_object_copy_quickly(&new_object,
                        new_object = object;
                        new_offset = offset;
                        success = vm_object_copy_quickly(&new_object,
-                                                        new_offset, size,
+                                                        new_offset,
+                                                        map_size,
                                                         &src_needs_copy,
                                                         &copy);
                        assert(success);
                                                         &src_needs_copy,
                                                         &copy);
                        assert(success);
@@ -2491,27 +3533,122 @@ vm_map_enter_mem_object(
 
                vm_object_deallocate(object);
 
 
                vm_object_deallocate(object);
 
-               if (result != KERN_SUCCESS)
+               if (result != KERN_SUCCESS) {
                        return result;
                        return result;
+               }
 
                object = new_object;
                offset = new_offset;
        }
 
 
                object = new_object;
                offset = new_offset;
        }
 
-       result = vm_map_enter(target_map,
-                             &map_addr, map_size,
-                             (vm_map_offset_t)mask,
-                             flags,
-                             object, offset,
-                             copy,
-                             cur_protection, max_protection, inheritance);
+       /*
+        * If users want to try to prefault pages, the mapping and prefault
+        * needs to be atomic.
+        */
+       if (try_prefault)
+               flags |= VM_FLAGS_KEEP_MAP_LOCKED;
+
+       {
+               result = vm_map_enter(target_map,
+                                     &map_addr, map_size,
+                                     (vm_map_offset_t)mask,
+                                     flags,
+                                     object, offset,
+                                     copy,
+                                     cur_protection, max_protection,
+                                     inheritance);
+       }
        if (result != KERN_SUCCESS)
                vm_object_deallocate(object);
        if (result != KERN_SUCCESS)
                vm_object_deallocate(object);
-       *address = map_addr;
-       return result;
-}
-
-
+
+       /*
+        * Try to prefault, and do not forget to release the vm map lock.
+        */
+       if (result == KERN_SUCCESS && try_prefault) {
+               mach_vm_address_t va = map_addr;
+               kern_return_t kr = KERN_SUCCESS;
+               unsigned int i = 0;
+               int pmap_options;
+
+               pmap_options = PMAP_OPTIONS_NOWAIT;
+               if (object->internal) {
+                       pmap_options |= PMAP_OPTIONS_INTERNAL;
+               }
+
+               for (i = 0; i < page_list_count; ++i) {
+                       if (UPL_VALID_PAGE(page_list, i)) {
+                               /*
+                                * If this function call failed, we should stop
+                                * trying to optimize, other calls are likely
+                                * going to fail too.
+                                *
+                                * We are not gonna report an error for such
+                                * failure though. That's an optimization, not
+                                * something critical.
+                                */
+                               kr = pmap_enter_options(target_map->pmap,
+                                                       va, UPL_PHYS_PAGE(page_list, i),
+                                                       cur_protection, VM_PROT_NONE,
+                                                       0, TRUE, pmap_options, NULL);
+                               if (kr != KERN_SUCCESS) {
+                                       OSIncrementAtomic64(&vm_prefault_nb_bailout);
+                                       break;
+                               }
+                               OSIncrementAtomic64(&vm_prefault_nb_pages);
+                       }
+
+                       /* Next virtual address */
+                       va += PAGE_SIZE;
+               }
+               vm_map_unlock(target_map);
+       }
+
+       if (flags & (VM_FLAGS_RETURN_DATA_ADDR |
+                    VM_FLAGS_RETURN_4K_DATA_ADDR)) {
+               *address = map_addr + offset_in_mapping;
+       } else {
+               *address = map_addr;
+       }
+       return result;
+}
+
+kern_return_t
+vm_map_enter_mem_object(
+       vm_map_t                target_map,
+       vm_map_offset_t         *address,
+       vm_map_size_t           initial_size,
+       vm_map_offset_t         mask,
+       int                     flags,
+       ipc_port_t              port,
+       vm_object_offset_t      offset,
+       boolean_t               copy,
+       vm_prot_t               cur_protection,
+       vm_prot_t               max_protection,
+       vm_inherit_t            inheritance)
+{
+       return vm_map_enter_mem_object_helper(target_map, address, initial_size, mask, flags,
+                                             port, offset, copy, cur_protection, max_protection,
+                                             inheritance, NULL, 0);
+}
+
+kern_return_t
+vm_map_enter_mem_object_prefault(
+       vm_map_t                target_map,
+       vm_map_offset_t         *address,
+       vm_map_size_t           initial_size,
+       vm_map_offset_t         mask,
+       int                     flags,
+       ipc_port_t              port,
+       vm_object_offset_t      offset,
+       vm_prot_t               cur_protection,
+       vm_prot_t               max_protection,
+       upl_page_list_ptr_t     page_list,
+       unsigned int            page_list_count)
+{
+       return vm_map_enter_mem_object_helper(target_map, address, initial_size, mask, flags,
+                                             port, offset, FALSE, cur_protection, max_protection,
+                                             VM_INHERIT_DEFAULT, page_list, page_list_count);
+}
 
 
 kern_return_t
 
 
 kern_return_t
@@ -2544,12 +3681,17 @@ vm_map_enter_mem_object_control(
            (cur_protection & ~VM_PROT_ALL) ||
            (max_protection & ~VM_PROT_ALL) ||
            (inheritance > VM_INHERIT_LAST_VALID) ||
            (cur_protection & ~VM_PROT_ALL) ||
            (max_protection & ~VM_PROT_ALL) ||
            (inheritance > VM_INHERIT_LAST_VALID) ||
-           initial_size == 0)
+           initial_size == 0) {
                return KERN_INVALID_ARGUMENT;
                return KERN_INVALID_ARGUMENT;
+       }
 
 
-       map_addr = vm_map_trunc_page(*address);
-       map_size = vm_map_round_page(initial_size);
-       size = vm_object_round_page(initial_size);      
+       {
+               map_addr = vm_map_trunc_page(*address,
+                                            VM_MAP_PAGE_MASK(target_map));
+               map_size = vm_map_round_page(initial_size,
+                                            VM_MAP_PAGE_MASK(target_map));
+       }
+       size = vm_object_round_page(initial_size);
 
        object = memory_object_control_to_vm_object(control);
 
 
        object = memory_object_control_to_vm_object(control);
 
@@ -2639,20 +3781,24 @@ vm_map_enter_mem_object_control(
 
                vm_object_deallocate(object);
 
 
                vm_object_deallocate(object);
 
-               if (result != KERN_SUCCESS)
+               if (result != KERN_SUCCESS) {
                        return result;
                        return result;
+               }
 
                object = new_object;
                offset = new_offset;
        }
 
 
                object = new_object;
                offset = new_offset;
        }
 
-       result = vm_map_enter(target_map,
-                             &map_addr, map_size,
-                             (vm_map_offset_t)mask,
-                             flags,
-                             object, offset,
-                             copy,
-                             cur_protection, max_protection, inheritance);
+       {
+               result = vm_map_enter(target_map,
+                                     &map_addr, map_size,
+                                     (vm_map_offset_t)mask,
+                                     flags,
+                                     object, offset,
+                                     copy,
+                                     cur_protection, max_protection,
+                                     inheritance);
+       }
        if (result != KERN_SUCCESS)
                vm_object_deallocate(object);
        *address = map_addr;
        if (result != KERN_SUCCESS)
                vm_object_deallocate(object);
        *address = map_addr;
@@ -2690,13 +3836,13 @@ vm_map_enter_cpm(
        kern_return_t           kr;
        vm_map_offset_t         va, start, end, offset;
 #if    MACH_ASSERT
        kern_return_t           kr;
        vm_map_offset_t         va, start, end, offset;
 #if    MACH_ASSERT
-       vm_map_offset_t         prev_addr;
+       vm_map_offset_t         prev_addr = 0;
 #endif /* MACH_ASSERT */
 
        boolean_t               anywhere = ((VM_FLAGS_ANYWHERE & flags) != 0);
 #endif /* MACH_ASSERT */
 
        boolean_t               anywhere = ((VM_FLAGS_ANYWHERE & flags) != 0);
+       vm_tag_t tag;
 
 
-       if (!vm_allocate_cpm_enabled)
-               return KERN_FAILURE;
+       VM_GET_FLAGS_ALIAS(flags, tag);
 
        if (size == 0) {
                *addr = 0;
 
        if (size == 0) {
                *addr = 0;
@@ -2705,8 +3851,10 @@ vm_map_enter_cpm(
        if (anywhere)
                *addr = vm_map_min(map);
        else
        if (anywhere)
                *addr = vm_map_min(map);
        else
-               *addr = vm_map_trunc_page(*addr);
-       size = vm_map_round_page(size);
+               *addr = vm_map_trunc_page(*addr,
+                                         VM_MAP_PAGE_MASK(map));
+       size = vm_map_round_page(size,
+                                VM_MAP_PAGE_MASK(map));
 
        /*
         * LP64todo - cpm_allocate should probably allow
 
        /*
         * LP64todo - cpm_allocate should probably allow
@@ -2722,7 +3870,7 @@ vm_map_enter_cpm(
        cpm_obj = vm_object_allocate((vm_object_size_t)size);
        assert(cpm_obj != VM_OBJECT_NULL);
        assert(cpm_obj->internal);
        cpm_obj = vm_object_allocate((vm_object_size_t)size);
        assert(cpm_obj != VM_OBJECT_NULL);
        assert(cpm_obj->internal);
-       assert(cpm_obj->size == (vm_object_size_t)size);
+       assert(cpm_obj->vo_size == (vm_object_size_t)size);
        assert(cpm_obj->can_persist == FALSE);
        assert(cpm_obj->pager_created == FALSE);
        assert(cpm_obj->pageout == FALSE);
        assert(cpm_obj->can_persist == FALSE);
        assert(cpm_obj->pager_created == FALSE);
        assert(cpm_obj->pageout == FALSE);
@@ -2751,7 +3899,7 @@ vm_map_enter_cpm(
                 */
                ASSERT_PAGE_DECRYPTED(m);
                assert(m->busy);
                 */
                ASSERT_PAGE_DECRYPTED(m);
                assert(m->busy);
-               assert(m->phys_page>=(avail_start>>PAGE_SHIFT) && m->phys_page<=(avail_end>>PAGE_SHIFT));
+               assert(VM_PAGE_GET_PHYS_PAGE(m)>=(avail_start>>PAGE_SHIFT) && VM_PAGE_GET_PHYS_PAGE(m)<=(avail_end>>PAGE_SHIFT));
 
                m->busy = FALSE;
                vm_page_insert(m, cpm_obj, offset);
 
                m->busy = FALSE;
                vm_page_insert(m, cpm_obj, offset);
@@ -2832,7 +3980,7 @@ vm_map_enter_cpm(
                type_of_fault = DBG_ZERO_FILL_FAULT;
 
                vm_fault_enter(m, pmap, va, VM_PROT_ALL, VM_PROT_WRITE,
                type_of_fault = DBG_ZERO_FILL_FAULT;
 
                vm_fault_enter(m, pmap, va, VM_PROT_ALL, VM_PROT_WRITE,
-                              VM_PAGE_WIRED(m), FALSE, FALSE, FALSE,
+                              VM_PAGE_WIRED(m), FALSE, FALSE, FALSE, 0, NULL,
                               &type_of_fault);
 
                vm_object_unlock(cpm_obj);
                               &type_of_fault);
 
                vm_object_unlock(cpm_obj);
@@ -2847,8 +3995,8 @@ vm_map_enter_cpm(
                m = vm_page_lookup(cpm_obj, (vm_object_offset_t)offset);
                vm_object_unlock(cpm_obj);
                if (m == VM_PAGE_NULL)
                m = vm_page_lookup(cpm_obj, (vm_object_offset_t)offset);
                vm_object_unlock(cpm_obj);
                if (m == VM_PAGE_NULL)
-                       panic("vm_allocate_cpm:  obj 0x%x off 0x%x no page",
-                             cpm_obj, offset);
+                       panic("vm_allocate_cpm:  obj %p off 0x%llx no page",
+                             cpm_obj, (uint64_t)offset);
                assert(m->tabled);
                assert(!m->busy);
                assert(!m->wanted);
                assert(m->tabled);
                assert(!m->busy);
                assert(!m->wanted);
@@ -2857,19 +4005,19 @@ vm_map_enter_cpm(
                assert(!m->absent);
                assert(!m->error);
                assert(!m->cleaning);
                assert(!m->absent);
                assert(!m->error);
                assert(!m->cleaning);
+               assert(!m->laundry);
                assert(!m->precious);
                assert(!m->clustered);
                if (offset != 0) {
                assert(!m->precious);
                assert(!m->clustered);
                if (offset != 0) {
-                       if (m->phys_page != prev_addr + 1) {
-                               printf("start 0x%x end 0x%x va 0x%x\n",
-                                      start, end, va);
-                               printf("obj 0x%x off 0x%x\n", cpm_obj, offset);
-                               printf("m 0x%x prev_address 0x%x\n", m,
-                                      prev_addr);
+                       if (VM_PAGE_GET_PHYS_PAGE(m) != prev_addr + 1) {
+                               printf("start 0x%llx end 0x%llx va 0x%llx\n",
+                                      (uint64_t)start, (uint64_t)end, (uint64_t)va);
+                               printf("obj %p off 0x%llx\n", cpm_obj, (uint64_t)offset);
+                               printf("m %p prev_address 0x%llx\n", m, (uint64_t)prev_addr);
                                panic("vm_allocate_cpm:  pages not contig!");
                        }
                }
                                panic("vm_allocate_cpm:  pages not contig!");
                        }
                }
-               prev_addr = m->phys_page;
+               prev_addr = VM_PAGE_GET_PHYS_PAGE(m);
        }
 #endif /* MACH_ASSERT */
 
        }
 #endif /* MACH_ASSERT */
 
@@ -2916,7 +4064,8 @@ vm_map_clip_unnest(
        vm_map_offset_t old_end_unnest = end_unnest;
 
        assert(entry->is_sub_map);
        vm_map_offset_t old_end_unnest = end_unnest;
 
        assert(entry->is_sub_map);
-       assert(entry->object.sub_map != NULL);
+       assert(VME_SUBMAP(entry) != NULL);
+       assert(entry->use_pmap);
 
        /*
         * Query the platform for the optimal unnest range.
 
        /*
         * Query the platform for the optimal unnest range.
@@ -2927,7 +4076,15 @@ vm_map_clip_unnest(
         * depending on size/alignment.
         */
        if (pmap_adjust_unnest_parameters(map->pmap, &start_unnest, &end_unnest)) {
         * depending on size/alignment.
         */
        if (pmap_adjust_unnest_parameters(map->pmap, &start_unnest, &end_unnest)) {
-               log_unnest_badness(map, old_start_unnest, old_end_unnest);
+               assert(VME_SUBMAP(entry)->is_nested_map);
+               assert(!VME_SUBMAP(entry)->disable_vmentry_reuse);
+               log_unnest_badness(map,
+                                  old_start_unnest,
+                                  old_end_unnest,
+                                  VME_SUBMAP(entry)->is_nested_map,
+                                  (entry->vme_start +
+                                   VME_SUBMAP(entry)->lowest_unnestable_start -
+                                   VME_OFFSET(entry)));
        }
 
        if (entry->vme_start > start_unnest ||
        }
 
        if (entry->vme_start > start_unnest ||
@@ -2942,27 +4099,39 @@ vm_map_clip_unnest(
                _vm_map_clip_start(&map->hdr,
                                   entry,
                                   start_unnest);
                _vm_map_clip_start(&map->hdr,
                                   entry,
                                   start_unnest);
-               vm_map_store_update_first_free(map, map->first_free);
+               if (map->holelistenabled) {
+                       vm_map_store_update_first_free(map, NULL, FALSE);
+               } else {
+                       vm_map_store_update_first_free(map, map->first_free, FALSE);
+               }
        }
        if (entry->vme_end > end_unnest) {
                _vm_map_clip_end(&map->hdr,
                                 entry,
                                 end_unnest);
        }
        if (entry->vme_end > end_unnest) {
                _vm_map_clip_end(&map->hdr,
                                 entry,
                                 end_unnest);
-               vm_map_store_update_first_free(map, map->first_free);
+               if (map->holelistenabled) {
+                       vm_map_store_update_first_free(map, NULL, FALSE);
+               } else {
+                       vm_map_store_update_first_free(map, map->first_free, FALSE);
+               }
        }
 
        pmap_unnest(map->pmap,
                    entry->vme_start,
                    entry->vme_end - entry->vme_start);
        }
 
        pmap_unnest(map->pmap,
                    entry->vme_start,
                    entry->vme_end - entry->vme_start);
-       if ((map->mapped) && (map->ref_count)) {
+       if ((map->mapped_in_other_pmaps) && (map->ref_count)) {
                /* clean up parent map/maps */
                vm_map_submap_pmap_clean(
                        map, entry->vme_start,
                        entry->vme_end,
                /* clean up parent map/maps */
                vm_map_submap_pmap_clean(
                        map, entry->vme_start,
                        entry->vme_end,
-                       entry->object.sub_map,
-                       entry->offset);
+                       VME_SUBMAP(entry),
+                       VME_OFFSET(entry));
        }
        entry->use_pmap = FALSE;
        }
        entry->use_pmap = FALSE;
+       if ((map->pmap != kernel_pmap) &&
+           (VME_ALIAS(entry) == VM_MEMORY_SHARED_PMAP)) {
+               VME_ALIAS_SET(entry, VM_MEMORY_UNSHARED_PMAP);
+       }
 }
 #endif /* NO_NESTED_PMAP */
 
 }
 #endif /* NO_NESTED_PMAP */
 
@@ -2980,7 +4149,8 @@ vm_map_clip_start(
        vm_map_offset_t startaddr)
 {
 #ifndef NO_NESTED_PMAP
        vm_map_offset_t startaddr)
 {
 #ifndef NO_NESTED_PMAP
-       if (entry->use_pmap &&
+       if (entry->is_sub_map &&
+           entry->use_pmap &&
            startaddr >= entry->vme_start) {
                vm_map_offset_t start_unnest, end_unnest;
 
            startaddr >= entry->vme_start) {
                vm_map_offset_t start_unnest, end_unnest;
 
@@ -2997,15 +4167,22 @@ vm_map_clip_start(
        }
 #endif /* NO_NESTED_PMAP */
        if (startaddr > entry->vme_start) {
        }
 #endif /* NO_NESTED_PMAP */
        if (startaddr > entry->vme_start) {
-               if (entry->object.vm_object &&
+               if (VME_OBJECT(entry) &&
                    !entry->is_sub_map &&
                    !entry->is_sub_map &&
-                   entry->object.vm_object->phys_contiguous) {
+                   VME_OBJECT(entry)->phys_contiguous) {
                        pmap_remove(map->pmap,
                                    (addr64_t)(entry->vme_start),
                                    (addr64_t)(entry->vme_end));
                }
                        pmap_remove(map->pmap,
                                    (addr64_t)(entry->vme_start),
                                    (addr64_t)(entry->vme_end));
                }
+               if (entry->vme_atomic) {
+                       panic("Attempting to clip an atomic VM entry! (map: %p, entry: %p)\n", map, entry);
+               } 
                _vm_map_clip_start(&map->hdr, entry, startaddr);
                _vm_map_clip_start(&map->hdr, entry, startaddr);
-               vm_map_store_update_first_free(map, map->first_free);
+               if (map->holelistenabled) {
+                       vm_map_store_update_first_free(map, NULL, FALSE);
+               } else {
+                       vm_map_store_update_first_free(map, map->first_free, FALSE);
+               }
        }
 }
 
        }
 }
 
@@ -3022,11 +4199,11 @@ vm_map_clip_start(
  */
 static void
 _vm_map_clip_start(
  */
 static void
 _vm_map_clip_start(
-       register struct vm_map_header   *map_header,
-       register vm_map_entry_t         entry,
-       register vm_map_offset_t                start)
+       struct vm_map_header    *map_header,
+       vm_map_entry_t          entry,
+       vm_map_offset_t         start)
 {
 {
-       register vm_map_entry_t new_entry;
+       vm_map_entry_t  new_entry;
 
        /*
         *      Split off the front portion --
 
        /*
         *      Split off the front portion --
@@ -3036,21 +4213,26 @@ _vm_map_clip_start(
         *      address.
         */
 
         *      address.
         */
 
-       new_entry = _vm_map_entry_create(map_header);
+       if (entry->map_aligned) {
+               assert(VM_MAP_PAGE_ALIGNED(start,
+                                          VM_MAP_HDR_PAGE_MASK(map_header)));
+       }
+
+       new_entry = _vm_map_entry_create(map_header, !map_header->entries_pageable);
        vm_map_entry_copy_full(new_entry, entry);
 
        new_entry->vme_end = start;
        assert(new_entry->vme_start < new_entry->vme_end);
        vm_map_entry_copy_full(new_entry, entry);
 
        new_entry->vme_end = start;
        assert(new_entry->vme_start < new_entry->vme_end);
-       entry->offset += (start - entry->vme_start);
+       VME_OFFSET_SET(entry, VME_OFFSET(entry) + (start - entry->vme_start));
        assert(start < entry->vme_end);
        entry->vme_start = start;
 
        _vm_map_store_entry_link(map_header, entry->vme_prev, new_entry);
 
        if (entry->is_sub_map)
        assert(start < entry->vme_end);
        entry->vme_start = start;
 
        _vm_map_store_entry_link(map_header, entry->vme_prev, new_entry);
 
        if (entry->is_sub_map)
-               vm_map_reference(new_entry->object.sub_map);
+               vm_map_reference(VME_SUBMAP(new_entry));
        else
        else
-               vm_object_reference(new_entry->object.vm_object);
+               vm_object_reference(VME_OBJECT(new_entry));
 }
 
 
 }
 
 
@@ -3075,7 +4257,7 @@ vm_map_clip_end(
                endaddr = entry->vme_end;
        }
 #ifndef NO_NESTED_PMAP
                endaddr = entry->vme_end;
        }
 #ifndef NO_NESTED_PMAP
-       if (entry->use_pmap) {
+       if (entry->is_sub_map && entry->use_pmap) {
                vm_map_offset_t start_unnest, end_unnest;
 
                /*
                vm_map_offset_t start_unnest, end_unnest;
 
                /*
@@ -3093,15 +4275,22 @@ vm_map_clip_end(
        }
 #endif /* NO_NESTED_PMAP */
        if (endaddr < entry->vme_end) {
        }
 #endif /* NO_NESTED_PMAP */
        if (endaddr < entry->vme_end) {
-               if (entry->object.vm_object &&
+               if (VME_OBJECT(entry) &&
                    !entry->is_sub_map &&
                    !entry->is_sub_map &&
-                   entry->object.vm_object->phys_contiguous) {
+                   VME_OBJECT(entry)->phys_contiguous) {
                        pmap_remove(map->pmap,
                                    (addr64_t)(entry->vme_start),
                                    (addr64_t)(entry->vme_end));
                }
                        pmap_remove(map->pmap,
                                    (addr64_t)(entry->vme_start),
                                    (addr64_t)(entry->vme_end));
                }
+               if (entry->vme_atomic) {
+                       panic("Attempting to clip an atomic VM entry! (map: %p, entry: %p)\n", map, entry);
+               }
                _vm_map_clip_end(&map->hdr, entry, endaddr);
                _vm_map_clip_end(&map->hdr, entry, endaddr);
-               vm_map_store_update_first_free(map, map->first_free);
+               if (map->holelistenabled) {
+                       vm_map_store_update_first_free(map, NULL, FALSE);
+               } else {
+                       vm_map_store_update_first_free(map, map->first_free, FALSE);
+               }
        }
 }
 
        }
 }
 
@@ -3118,31 +4307,37 @@ vm_map_clip_end(
  */
 static void
 _vm_map_clip_end(
  */
 static void
 _vm_map_clip_end(
-       register struct vm_map_header   *map_header,
-       register vm_map_entry_t         entry,
-       register vm_map_offset_t        end)
+       struct vm_map_header    *map_header,
+       vm_map_entry_t          entry,
+       vm_map_offset_t         end)
 {
 {
-       register vm_map_entry_t new_entry;
+       vm_map_entry_t  new_entry;
 
        /*
         *      Create a new entry and insert it
         *      AFTER the specified entry
         */
 
 
        /*
         *      Create a new entry and insert it
         *      AFTER the specified entry
         */
 
-       new_entry = _vm_map_entry_create(map_header);
+       if (entry->map_aligned) {
+               assert(VM_MAP_PAGE_ALIGNED(end,
+                                          VM_MAP_HDR_PAGE_MASK(map_header)));
+       }
+
+       new_entry = _vm_map_entry_create(map_header, !map_header->entries_pageable);
        vm_map_entry_copy_full(new_entry, entry);
 
        assert(entry->vme_start < end);
        new_entry->vme_start = entry->vme_end = end;
        vm_map_entry_copy_full(new_entry, entry);
 
        assert(entry->vme_start < end);
        new_entry->vme_start = entry->vme_end = end;
-       new_entry->offset += (end - entry->vme_start);
+       VME_OFFSET_SET(new_entry,
+                      VME_OFFSET(new_entry) + (end - entry->vme_start));
        assert(new_entry->vme_start < new_entry->vme_end);
 
        _vm_map_store_entry_link(map_header, entry, new_entry);
 
        if (entry->is_sub_map)
        assert(new_entry->vme_start < new_entry->vme_end);
 
        _vm_map_store_entry_link(map_header, entry, new_entry);
 
        if (entry->is_sub_map)
-               vm_map_reference(new_entry->object.sub_map);
+               vm_map_reference(VME_SUBMAP(new_entry));
        else
        else
-               vm_object_reference(new_entry->object.vm_object);
+               vm_object_reference(VME_OBJECT(new_entry));
 }
 
 
 }
 
 
@@ -3178,13 +4373,13 @@ _vm_map_clip_end(
  */
 static boolean_t
 vm_map_range_check(
  */
 static boolean_t
 vm_map_range_check(
-       register vm_map_t       map,
-       register vm_map_offset_t        start,
-       register vm_map_offset_t        end,
+       vm_map_t                map,
+       vm_map_offset_t         start,
+       vm_map_offset_t         end,
        vm_map_entry_t          *entry)
 {
        vm_map_entry_t          cur;
        vm_map_entry_t          *entry)
 {
        vm_map_entry_t          cur;
-       register vm_map_offset_t        prev;
+       vm_map_offset_t         prev;
 
        /*
         *      Basic sanity checks first
 
        /*
         *      Basic sanity checks first
@@ -3243,19 +4438,19 @@ vm_map_range_check(
  */
 kern_return_t
 vm_map_submap(
  */
 kern_return_t
 vm_map_submap(
-       vm_map_t                map,
+       vm_map_t        map,
        vm_map_offset_t start,
        vm_map_offset_t end,
        vm_map_offset_t start,
        vm_map_offset_t end,
-       vm_map_t                submap,
+       vm_map_t        submap,
        vm_map_offset_t offset,
 #ifdef NO_NESTED_PMAP
        __unused
 #endif /* NO_NESTED_PMAP */
        vm_map_offset_t offset,
 #ifdef NO_NESTED_PMAP
        __unused
 #endif /* NO_NESTED_PMAP */
-       boolean_t               use_pmap)
+       boolean_t       use_pmap)
 {
        vm_map_entry_t          entry;
 {
        vm_map_entry_t          entry;
-       register kern_return_t  result = KERN_INVALID_ARGUMENT;
-       register vm_object_t    object;
+       kern_return_t           result = KERN_INVALID_ARGUMENT;
+       vm_object_t             object;
 
        vm_map_lock(map);
 
 
        vm_map_lock(map);
 
@@ -3269,37 +4464,51 @@ vm_map_submap(
                return KERN_INVALID_ARGUMENT;
        }
 
                return KERN_INVALID_ARGUMENT;
        }
 
-       assert(!entry->use_pmap); /* we don't want to unnest anything here */
        vm_map_clip_start(map, entry, start);
        vm_map_clip_end(map, entry, end);
 
        if ((entry->vme_start == start) && (entry->vme_end == end) &&
            (!entry->is_sub_map) &&
        vm_map_clip_start(map, entry, start);
        vm_map_clip_end(map, entry, end);
 
        if ((entry->vme_start == start) && (entry->vme_end == end) &&
            (!entry->is_sub_map) &&
-           ((object = entry->object.vm_object) == vm_submap_object) &&
+           ((object = VME_OBJECT(entry)) == vm_submap_object) &&
            (object->resident_page_count == 0) &&
            (object->copy == VM_OBJECT_NULL) &&
            (object->shadow == VM_OBJECT_NULL) &&
            (!object->pager_created)) {
            (object->resident_page_count == 0) &&
            (object->copy == VM_OBJECT_NULL) &&
            (object->shadow == VM_OBJECT_NULL) &&
            (!object->pager_created)) {
-               entry->offset = (vm_object_offset_t)offset;
-               entry->object.vm_object = VM_OBJECT_NULL;
+               VME_OFFSET_SET(entry, (vm_object_offset_t)offset);
+               VME_OBJECT_SET(entry, VM_OBJECT_NULL);
                vm_object_deallocate(object);
                entry->is_sub_map = TRUE;
                vm_object_deallocate(object);
                entry->is_sub_map = TRUE;
-               entry->object.sub_map = submap;
+               entry->use_pmap = FALSE;
+               VME_SUBMAP_SET(entry, submap);
                vm_map_reference(submap);
                vm_map_reference(submap);
-               submap->mapped = TRUE;
+               if (submap->mapped_in_other_pmaps == FALSE &&
+                   vm_map_pmap(submap) != PMAP_NULL &&
+                   vm_map_pmap(submap) != vm_map_pmap(map)) {
+                       /*
+                        * This submap is being mapped in a map
+                        * that uses a different pmap.
+                        * Set its "mapped_in_other_pmaps" flag
+                        * to indicate that we now need to 
+                        * remove mappings from all pmaps rather
+                        * than just the submap's pmap.
+                        */
+                       submap->mapped_in_other_pmaps = TRUE;
+               }
 
 #ifndef NO_NESTED_PMAP
                if (use_pmap) {
                        /* nest if platform code will allow */
                        if(submap->pmap == NULL) {
 
 #ifndef NO_NESTED_PMAP
                if (use_pmap) {
                        /* nest if platform code will allow */
                        if(submap->pmap == NULL) {
-                               submap->pmap = pmap_create((vm_map_size_t) 0, FALSE);
+                               ledger_t ledger = map->pmap->ledger;
+                               submap->pmap = pmap_create(ledger,
+                                               (vm_map_size_t) 0, FALSE);
                                if(submap->pmap == PMAP_NULL) {
                                        vm_map_unlock(map);
                                        return(KERN_NO_SPACE);
                                }
                        }
                        result = pmap_nest(map->pmap,
                                if(submap->pmap == PMAP_NULL) {
                                        vm_map_unlock(map);
                                        return(KERN_NO_SPACE);
                                }
                        }
                        result = pmap_nest(map->pmap,
-                                          (entry->object.sub_map)->pmap, 
+                                          (VME_SUBMAP(entry))->pmap, 
                                           (addr64_t)start,
                                           (addr64_t)start,
                                           (uint64_t)(end - start));
                                           (addr64_t)start,
                                           (addr64_t)start,
                                           (uint64_t)(end - start));
@@ -3317,6 +4526,7 @@ vm_map_submap(
        return(result);
 }
 
        return(result);
 }
 
+
 /*
  *     vm_map_protect:
  *
 /*
  *     vm_map_protect:
  *
@@ -3327,14 +4537,14 @@ vm_map_submap(
  */
 kern_return_t
 vm_map_protect(
  */
 kern_return_t
 vm_map_protect(
-       register vm_map_t       map,
-       register vm_map_offset_t        start,
-       register vm_map_offset_t        end,
-       register vm_prot_t      new_prot,
-       register boolean_t      set_max)
-{
-       register vm_map_entry_t         current;
-       register vm_map_offset_t        prev;
+       vm_map_t        map,
+       vm_map_offset_t start,
+       vm_map_offset_t end,
+       vm_prot_t       new_prot,
+       boolean_t       set_max)
+{
+       vm_map_entry_t                  current;
+       vm_map_offset_t                 prev;
        vm_map_entry_t                  entry;
        vm_prot_t                       new_max;
 
        vm_map_entry_t                  entry;
        vm_prot_t                       new_max;
 
@@ -3404,18 +4614,12 @@ vm_map_protect(
                        }
                }
 
                        }
                }
 
-#if CONFIG_EMBEDDED
-               if (new_prot & VM_PROT_WRITE) {
-                       if ((new_prot & VM_PROT_EXECUTE) && !(current->used_for_jit)) {
-                               printf("EMBEDDED: %s can't have both write and exec at the same time\n", __FUNCTION__);
-                               new_prot &= ~VM_PROT_EXECUTE;
-                       }
-               }
-#endif
 
                prev = current->vme_end;
                current = current->vme_next;
        }
 
                prev = current->vme_end;
                current = current->vme_next;
        }
+
+
        if (end > prev) {
                vm_map_unlock(map);
                return(KERN_INVALID_ADDRESS);
        if (end > prev) {
                vm_map_unlock(map);
                return(KERN_INVALID_ADDRESS);
@@ -3440,7 +4644,10 @@ vm_map_protect(
 
                vm_map_clip_end(map, current, end);
 
 
                vm_map_clip_end(map, current, end);
 
-               assert(!current->use_pmap); /* clipping did unnest if needed */
+               if (current->is_sub_map) {
+                       /* clipping did unnest if needed */
+                       assert(!current->use_pmap);
+               }
 
                old_prot = current->protection;
 
 
                old_prot = current->protection;
 
@@ -3451,10 +4658,17 @@ vm_map_protect(
                        /* for loss of shared memory communication in the */
                        /* target area after taking this step */
 
                        /* for loss of shared memory communication in the */
                        /* target area after taking this step */
 
-                       if (current->is_sub_map == FALSE && current->object.vm_object == VM_OBJECT_NULL){
-                               current->object.vm_object = vm_object_allocate((vm_map_size_t)(current->vme_end - current->vme_start));
-                               current->offset = 0;
+                       if (current->is_sub_map == FALSE &&
+                           VME_OBJECT(current) == VM_OBJECT_NULL) {
+                               VME_OBJECT_SET(current, 
+                                              vm_object_allocate(
+                                                      (vm_map_size_t)
+                                                      (current->vme_end -
+                                                       current->vme_start)));
+                               VME_OFFSET_SET(current, 0);
+                               assert(current->use_pmap);
                        }
                        }
+                       assert(current->wired_count == 0);
                        current->needs_copy = TRUE;
                        current->max_protection |= VM_PROT_WRITE;
                }
                        current->needs_copy = TRUE;
                        current->max_protection |= VM_PROT_WRITE;
                }
@@ -3483,13 +4697,20 @@ vm_map_protect(
 
                        vm_prot_t prot;
 
 
                        vm_prot_t prot;
 
-                       prot = current->protection & ~VM_PROT_WRITE;
+                       prot = current->protection;
+                       if (current->is_sub_map || (VME_OBJECT(current) == NULL) || (VME_OBJECT(current) != compressor_object)) {
+                               prot &= ~VM_PROT_WRITE;
+                        } else {
+                                assert(!VME_OBJECT(current)->code_signed);
+                                assert(VME_OBJECT(current)->copy_strategy == MEMORY_OBJECT_COPY_NONE);
+                       }
 
 
-                       if (override_nx(map, current->alias) && prot)
+                       if (override_nx(map, VME_ALIAS(current)) && prot)
                                prot |= VM_PROT_EXECUTE;
 
                                prot |= VM_PROT_EXECUTE;
 
+
                        if (current->is_sub_map && current->use_pmap) {
                        if (current->is_sub_map && current->use_pmap) {
-                               pmap_protect(current->object.sub_map->pmap, 
+                               pmap_protect(VME_SUBMAP(current)->pmap, 
                                             current->vme_start,
                                             current->vme_end,
                                             prot);
                                             current->vme_start,
                                             current->vme_end,
                                             prot);
@@ -3524,12 +4745,12 @@ vm_map_protect(
  */
 kern_return_t
 vm_map_inherit(
  */
 kern_return_t
 vm_map_inherit(
-       register vm_map_t       map,
-       register vm_map_offset_t        start,
-       register vm_map_offset_t        end,
-       register vm_inherit_t   new_inheritance)
+       vm_map_t        map,
+       vm_map_offset_t start,
+       vm_map_offset_t end,
+       vm_inherit_t    new_inheritance)
 {
 {
-       register vm_map_entry_t entry;
+       vm_map_entry_t  entry;
        vm_map_entry_t  temp_entry;
 
        vm_map_lock(map);
        vm_map_entry_t  temp_entry;
 
        vm_map_lock(map);
@@ -3565,7 +4786,10 @@ vm_map_inherit(
 
        while ((entry != vm_map_to_entry(map)) && (entry->vme_start < end)) {
                vm_map_clip_end(map, entry, end);
 
        while ((entry != vm_map_to_entry(map)) && (entry->vme_start < end)) {
                vm_map_clip_end(map, entry, end);
-               assert(!entry->use_pmap); /* clip did unnest if needed */
+               if (entry->is_sub_map) {
+                       /* clip did unnest if needed */
+                       assert(!entry->use_pmap);
+               }
 
                entry->inheritance = new_inheritance;
 
 
                entry->inheritance = new_inheritance;
 
@@ -3688,6 +4912,7 @@ subtract_wire_counts(
        }
 }
 
        }
 }
 
+
 /*
  *     vm_map_wire:
  *
 /*
  *     vm_map_wire:
  *
@@ -3703,18 +4928,20 @@ subtract_wire_counts(
  */
 static kern_return_t
 vm_map_wire_nested(
  */
 static kern_return_t
 vm_map_wire_nested(
-       register vm_map_t       map,
-       register vm_map_offset_t        start,
-       register vm_map_offset_t        end,
-       register vm_prot_t      access_type,
+       vm_map_t                map,
+       vm_map_offset_t         start,
+       vm_map_offset_t         end,
+       vm_prot_t               caller_prot,
        boolean_t               user_wire,
        pmap_t                  map_pmap, 
        boolean_t               user_wire,
        pmap_t                  map_pmap, 
-       vm_map_offset_t         pmap_addr)
+       vm_map_offset_t         pmap_addr,
+       ppnum_t                 *physpage_p)
 {
 {
-       register vm_map_entry_t entry;
+       vm_map_entry_t          entry;
+       vm_prot_t               access_type;
        struct vm_map_entry     *first_entry, tmp_entry;
        vm_map_t                real_map;
        struct vm_map_entry     *first_entry, tmp_entry;
        vm_map_t                real_map;
-       register vm_map_offset_t        s,e;
+       vm_map_offset_t         s,e;
        kern_return_t           rc;
        boolean_t               need_wakeup;
        boolean_t               main_map = FALSE;
        kern_return_t           rc;
        boolean_t               need_wakeup;
        boolean_t               main_map = FALSE;
@@ -3722,6 +4949,23 @@ vm_map_wire_nested(
        thread_t                cur_thread;
        unsigned int            last_timestamp;
        vm_map_size_t           size;
        thread_t                cur_thread;
        unsigned int            last_timestamp;
        vm_map_size_t           size;
+       boolean_t               wire_and_extract;
+
+       access_type = (caller_prot & VM_PROT_ALL);
+
+       wire_and_extract = FALSE;
+       if (physpage_p != NULL) {
+               /*
+                * The caller wants the physical page number of the
+                * wired page.  We return only one physical page number
+                * so this works for only one page at a time.
+                */
+               if ((end - start) != PAGE_SIZE) {
+                       return KERN_INVALID_ARGUMENT;
+               }
+               wire_and_extract = TRUE;
+               *physpage_p = 0;
+       }
 
        vm_map_lock(map);
        if(map_pmap == NULL)
 
        vm_map_lock(map);
        if(map_pmap == NULL)
@@ -3731,6 +4975,8 @@ vm_map_wire_nested(
        VM_MAP_RANGE_CHECK(map, start, end);
        assert(page_aligned(start));
        assert(page_aligned(end));
        VM_MAP_RANGE_CHECK(map, start, end);
        assert(page_aligned(start));
        assert(page_aligned(end));
+       assert(VM_MAP_PAGE_ALIGNED(start, VM_MAP_PAGE_MASK(map)));
+       assert(VM_MAP_PAGE_ALIGNED(end, VM_MAP_PAGE_MASK(map)));
        if (start == end) {
                /* We wired what the caller asked for, zero pages */
                vm_map_unlock(map);
        if (start == end) {
                /* We wired what the caller asked for, zero pages */
                vm_map_unlock(map);
@@ -3841,12 +5087,23 @@ vm_map_wire_nested(
                        vm_map_offset_t local_end;
                        pmap_t          pmap;
 
                        vm_map_offset_t local_end;
                        pmap_t          pmap;
 
+                       if (wire_and_extract) {
+                               /*
+                                * Wiring would result in copy-on-write
+                                * which would not be compatible with
+                                * the sharing we have with the original
+                                * provider of this memory.
+                                */
+                               rc = KERN_INVALID_ARGUMENT;
+                               goto done;
+                       }
+
                        vm_map_clip_start(map, entry, s);
                        vm_map_clip_end(map, entry, end);
 
                        vm_map_clip_start(map, entry, s);
                        vm_map_clip_end(map, entry, end);
 
-                       sub_start = entry->offset;
+                       sub_start = VME_OFFSET(entry);
                        sub_end = entry->vme_end;
                        sub_end = entry->vme_end;
-                       sub_end += entry->offset - entry->vme_start;
+                       sub_end += VME_OFFSET(entry) - entry->vme_start;
                
                        local_end = entry->vme_end;
                        if(map_pmap == NULL) {
                
                        local_end = entry->vme_end;
                        if(map_pmap == NULL) {
@@ -3859,7 +5116,7 @@ vm_map_wire_nested(
                                vm_map_t                lookup_map;
 
                                if(entry->use_pmap) {
                                vm_map_t                lookup_map;
 
                                if(entry->use_pmap) {
-                                       pmap = entry->object.sub_map->pmap;
+                                       pmap = VME_SUBMAP(entry)->pmap;
                                        /* ppc implementation requires that */
                                        /* submaps pmap address ranges line */
                                        /* up with parent map */
                                        /* ppc implementation requires that */
                                        /* submaps pmap address ranges line */
                                        /* up with parent map */
@@ -3895,7 +5152,7 @@ vm_map_wire_nested(
                                vm_map_lock_write_to_read(map);
                                if(vm_map_lookup_locked(
                                           &lookup_map, local_start, 
                                vm_map_lock_write_to_read(map);
                                if(vm_map_lookup_locked(
                                           &lookup_map, local_start, 
-                                          access_type,
+                                          access_type | VM_PROT_COPY,
                                           OBJECT_LOCK_EXCLUSIVE,
                                           &version, &object,
                                           &offset, &prot, &wired,
                                           OBJECT_LOCK_EXCLUSIVE,
                                           &version, &object,
                                           &offset, &prot, &wired,
@@ -3903,15 +5160,16 @@ vm_map_wire_nested(
                                           &real_map)) {
 
                                        vm_map_unlock_read(lookup_map);
                                           &real_map)) {
 
                                        vm_map_unlock_read(lookup_map);
+                                       assert(map_pmap == NULL);
                                        vm_map_unwire(map, start,
                                                      s, user_wire);
                                        return(KERN_FAILURE);
                                }
                                        vm_map_unwire(map, start,
                                                      s, user_wire);
                                        return(KERN_FAILURE);
                                }
+                               vm_object_unlock(object);
                                if(real_map != lookup_map)
                                        vm_map_unlock(real_map);
                                vm_map_unlock_read(lookup_map);
                                vm_map_lock(map);
                                if(real_map != lookup_map)
                                        vm_map_unlock(real_map);
                                vm_map_unlock_read(lookup_map);
                                vm_map_lock(map);
-                               vm_object_unlock(object);
 
                                /* we unlocked, so must re-lookup */
                                if (!vm_map_lookup_entry(map, 
 
                                /* we unlocked, so must re-lookup */
                                if (!vm_map_lookup_entry(map, 
@@ -3950,10 +5208,11 @@ vm_map_wire_nested(
                        entry->in_transition = TRUE;
 
                        vm_map_unlock(map);
                        entry->in_transition = TRUE;
 
                        vm_map_unlock(map);
-                       rc = vm_map_wire_nested(entry->object.sub_map
+                       rc = vm_map_wire_nested(VME_SUBMAP(entry)
                                                sub_start, sub_end,
                                                sub_start, sub_end,
-                                               access_type, 
-                                               user_wire, pmap, pmap_addr);
+                                               caller_prot, 
+                                               user_wire, pmap, pmap_addr,
+                                               NULL);
                        vm_map_lock(map);
 
                        /*
                        vm_map_lock(map);
 
                        /*
@@ -3999,6 +5258,24 @@ vm_map_wire_nested(
                 * the appropriate wire reference count.
                 */
                if (entry->wired_count) {
                 * the appropriate wire reference count.
                 */
                if (entry->wired_count) {
+
+                       if ((entry->protection & access_type) != access_type) {
+                               /* found a protection problem */
+
+                               /*
+                                * XXX FBDP
+                                * We should always return an error
+                                * in this case but since we didn't
+                                * enforce it before, let's do
+                                * it only for the new "wire_and_extract"
+                                * code path for now...
+                                */
+                               if (wire_and_extract) {
+                                       rc = KERN_PROTECTION_FAILURE;
+                                       goto done;
+                               }
+                       }
+
                        /*
                         * entry is already wired down, get our reference
                         * after clipping to our range.
                        /*
                         * entry is already wired down, get our reference
                         * after clipping to our range.
@@ -4009,6 +5286,56 @@ vm_map_wire_nested(
                        if ((rc = add_wire_counts(map, entry, user_wire)) != KERN_SUCCESS)
                                goto done;
 
                        if ((rc = add_wire_counts(map, entry, user_wire)) != KERN_SUCCESS)
                                goto done;
 
+                       if (wire_and_extract) {
+                               vm_object_t             object;
+                               vm_object_offset_t      offset;
+                               vm_page_t               m;
+
+                               /*
+                                * We don't have to "wire" the page again
+                                * bit we still have to "extract" its
+                                * physical page number, after some sanity
+                                * checks.
+                                */
+                               assert((entry->vme_end - entry->vme_start)
+                                      == PAGE_SIZE);
+                               assert(!entry->needs_copy);
+                               assert(!entry->is_sub_map);
+                               assert(VME_OBJECT(entry));
+                               if (((entry->vme_end - entry->vme_start)
+                                    != PAGE_SIZE) ||
+                                   entry->needs_copy ||
+                                   entry->is_sub_map ||
+                                   VME_OBJECT(entry) == VM_OBJECT_NULL) {
+                                       rc = KERN_INVALID_ARGUMENT;
+                                       goto done;
+                               }
+
+                               object = VME_OBJECT(entry);
+                               offset = VME_OFFSET(entry);
+                               /* need exclusive lock to update m->dirty */
+                               if (entry->protection & VM_PROT_WRITE) {
+                                       vm_object_lock(object);
+                               } else {
+                                       vm_object_lock_shared(object);
+                               }
+                               m = vm_page_lookup(object, offset);
+                               assert(m != VM_PAGE_NULL);
+                               assert(VM_PAGE_WIRED(m));
+                               if (m != VM_PAGE_NULL && VM_PAGE_WIRED(m)) {
+                                       *physpage_p = VM_PAGE_GET_PHYS_PAGE(m);
+                                       if (entry->protection & VM_PROT_WRITE) {
+                                               vm_object_lock_assert_exclusive(
+                                                       object);
+                                               m->dirty = TRUE;
+                                       }
+                               } else {
+                                       /* not already wired !? */
+                                       *physpage_p = 0;
+                               }
+                               vm_object_unlock(object);
+                       }
+
                        /* map was not unlocked: no need to relookup */
                        entry = entry->vme_next;
                        s = entry->vme_start;
                        /* map was not unlocked: no need to relookup */
                        entry = entry->vme_next;
                        s = entry->vme_start;
@@ -4020,6 +5347,7 @@ vm_map_wire_nested(
                 */
 
 
                 */
 
 
+
                /*
                 * Perform actions of vm_map_lookup that need the write
                 * lock on the map: create a shadow object for a
                /*
                 * Perform actions of vm_map_lookup that need the write
                 * lock on the map: create a shadow object for a
@@ -4033,12 +5361,29 @@ vm_map_wire_nested(
                 * This is aggressive, but once it's wired we can't move it.
                 */
                if (entry->needs_copy) {
                 * This is aggressive, but once it's wired we can't move it.
                 */
                if (entry->needs_copy) {
-                       vm_object_shadow(&entry->object.vm_object,
-                                        &entry->offset, size);
+                       if (wire_and_extract) {
+                               /*
+                                * We're supposed to share with the original
+                                * provider so should not be "needs_copy"
+                                */
+                               rc = KERN_INVALID_ARGUMENT;
+                               goto done;
+                       }
+
+                       VME_OBJECT_SHADOW(entry, size);
                        entry->needs_copy = FALSE;
                        entry->needs_copy = FALSE;
-               } else if (entry->object.vm_object == VM_OBJECT_NULL) {
-                       entry->object.vm_object = vm_object_allocate(size);
-                       entry->offset = (vm_object_offset_t)0;
+               } else if (VME_OBJECT(entry) == VM_OBJECT_NULL) {
+                       if (wire_and_extract) {
+                               /*
+                                * We're supposed to share with the original
+                                * provider so should already have an object.
+                                */
+                               rc = KERN_INVALID_ARGUMENT;
+                               goto done;
+                       }
+                       VME_OBJECT_SET(entry, vm_object_allocate(size));
+                       VME_OFFSET_SET(entry, (vm_object_offset_t)0);
+                       assert(entry->use_pmap);
                }
 
                vm_map_clip_start(map, entry, s);
                }
 
                vm_map_clip_start(map, entry, s);
@@ -4101,11 +5446,13 @@ vm_map_wire_nested(
 
                if(map_pmap)
                        rc = vm_fault_wire(map, 
 
                if(map_pmap)
                        rc = vm_fault_wire(map, 
-                                          &tmp_entry, map_pmap, pmap_addr);
+                                          &tmp_entry, caller_prot, map_pmap, pmap_addr,
+                                          physpage_p);
                else
                        rc = vm_fault_wire(map, 
                else
                        rc = vm_fault_wire(map, 
-                                          &tmp_entry, map->pmap, 
-                                          tmp_entry.vme_start);
+                                          &tmp_entry, caller_prot, map->pmap, 
+                                          tmp_entry.vme_start,
+                                          physpage_p);
 
                if (!user_wire && cur_thread != THREAD_NULL)
                        thread_interrupt_level(interruptible_state);
 
                if (!user_wire && cur_thread != THREAD_NULL)
                        thread_interrupt_level(interruptible_state);
@@ -4144,7 +5491,17 @@ vm_map_wire_nested(
                        goto done;
                }
 
                        goto done;
                }
 
+               if ((entry != vm_map_to_entry(map)) && /* we still have entries in the map */
+                   (tmp_entry.vme_end != end) &&    /* AND, we are not at the end of the requested range */
+                   (entry->vme_start != tmp_entry.vme_end)) { /* AND, the next entry is not contiguous. */
+                       /* found a "new" hole */
+                       s = tmp_entry.vme_end;
+                       rc = KERN_INVALID_ADDRESS;
+                       goto done;
+               }
+
                s = entry->vme_start;
                s = entry->vme_start;
+
        } /* end while loop through map entries */
 
 done:
        } /* end while loop through map entries */
 
 done:
@@ -4163,26 +5520,98 @@ done:
 
        if (rc != KERN_SUCCESS) {
                /* undo what has been wired so far */
 
        if (rc != KERN_SUCCESS) {
                /* undo what has been wired so far */
-               vm_map_unwire(map, start, s, user_wire);
+               vm_map_unwire_nested(map, start, s, user_wire,
+                                    map_pmap, pmap_addr);
+               if (physpage_p) {
+                       *physpage_p = 0;
+               }
        }
 
        return rc;
 
 }
 
        }
 
        return rc;
 
 }
 
+kern_return_t
+vm_map_wire_external(
+       vm_map_t                map,
+       vm_map_offset_t         start,
+       vm_map_offset_t         end,
+       vm_prot_t               caller_prot,
+       boolean_t               user_wire)
+{
+       kern_return_t   kret;
+
+       caller_prot &= ~VM_PROT_MEMORY_TAG_MASK;
+       caller_prot |= VM_PROT_MEMORY_TAG_MAKE(vm_tag_bt());
+       kret = vm_map_wire_nested(map, start, end, caller_prot, 
+                                 user_wire, (pmap_t)NULL, 0, NULL);
+       return kret;
+}
+
 kern_return_t
 vm_map_wire(
 kern_return_t
 vm_map_wire(
-       register vm_map_t       map,
-       register vm_map_offset_t        start,
-       register vm_map_offset_t        end,
-       register vm_prot_t      access_type,
+       vm_map_t                map,
+       vm_map_offset_t         start,
+       vm_map_offset_t         end,
+       vm_prot_t               caller_prot,
        boolean_t               user_wire)
 {
        boolean_t               user_wire)
 {
+       kern_return_t   kret;
+
+       kret = vm_map_wire_nested(map, start, end, caller_prot, 
+                                 user_wire, (pmap_t)NULL, 0, NULL);
+       return kret;
+}
+
+kern_return_t
+vm_map_wire_and_extract_external(
+       vm_map_t        map,
+       vm_map_offset_t start,
+       vm_prot_t       caller_prot,
+       boolean_t       user_wire,
+       ppnum_t         *physpage_p)
+{
+       kern_return_t   kret;
+
+       caller_prot &= ~VM_PROT_MEMORY_TAG_MASK;
+       caller_prot |= VM_PROT_MEMORY_TAG_MAKE(vm_tag_bt());
+       kret = vm_map_wire_nested(map,
+                                 start,
+                                 start+VM_MAP_PAGE_SIZE(map),
+                                 caller_prot, 
+                                 user_wire,
+                                 (pmap_t)NULL,
+                                 0,
+                                 physpage_p);
+       if (kret != KERN_SUCCESS &&
+           physpage_p != NULL) {
+               *physpage_p = 0;
+       }
+       return kret;
+}
 
 
+kern_return_t
+vm_map_wire_and_extract(
+       vm_map_t        map,
+       vm_map_offset_t start,
+       vm_prot_t       caller_prot,
+       boolean_t       user_wire,
+       ppnum_t         *physpage_p)
+{
        kern_return_t   kret;
 
        kern_return_t   kret;
 
-       kret = vm_map_wire_nested(map, start, end, access_type, 
-                                 user_wire, (pmap_t)NULL, 0);
+       kret = vm_map_wire_nested(map,
+                                 start,
+                                 start+VM_MAP_PAGE_SIZE(map),
+                                 caller_prot, 
+                                 user_wire,
+                                 (pmap_t)NULL,
+                                 0,
+                                 physpage_p);
+       if (kret != KERN_SUCCESS &&
+           physpage_p != NULL) {
+               *physpage_p = 0;
+       }
        return kret;
 }
 
        return kret;
 }
 
@@ -4201,14 +5630,14 @@ vm_map_wire(
  */
 static kern_return_t
 vm_map_unwire_nested(
  */
 static kern_return_t
 vm_map_unwire_nested(
-       register vm_map_t       map,
-       register vm_map_offset_t        start,
-       register vm_map_offset_t        end,
+       vm_map_t                map,
+       vm_map_offset_t         start,
+       vm_map_offset_t         end,
        boolean_t               user_wire,
        pmap_t                  map_pmap,
        vm_map_offset_t         pmap_addr)
 {
        boolean_t               user_wire,
        pmap_t                  map_pmap,
        vm_map_offset_t         pmap_addr)
 {
-       register vm_map_entry_t entry;
+       vm_map_entry_t          entry;
        struct vm_map_entry     *first_entry, tmp_entry;
        boolean_t               need_wakeup;
        boolean_t               main_map = FALSE;
        struct vm_map_entry     *first_entry, tmp_entry;
        boolean_t               need_wakeup;
        boolean_t               main_map = FALSE;
@@ -4222,6 +5651,8 @@ vm_map_unwire_nested(
        VM_MAP_RANGE_CHECK(map, start, end);
        assert(page_aligned(start));
        assert(page_aligned(end));
        VM_MAP_RANGE_CHECK(map, start, end);
        assert(page_aligned(start));
        assert(page_aligned(end));
+       assert(VM_MAP_PAGE_ALIGNED(start, VM_MAP_PAGE_MASK(map)));
+       assert(VM_MAP_PAGE_ALIGNED(end, VM_MAP_PAGE_MASK(map)));
 
        if (start == end) {
                /* We unwired what the caller asked for: zero pages */
 
        if (start == end) {
                /* We unwired what the caller asked for: zero pages */
@@ -4305,13 +5736,13 @@ vm_map_unwire_nested(
                        vm_map_clip_start(map, entry, start);
                        vm_map_clip_end(map, entry, end);
 
                        vm_map_clip_start(map, entry, start);
                        vm_map_clip_end(map, entry, end);
 
-                       sub_start = entry->offset;
+                       sub_start = VME_OFFSET(entry);
                        sub_end = entry->vme_end - entry->vme_start;
                        sub_end = entry->vme_end - entry->vme_start;
-                       sub_end += entry->offset;
+                       sub_end += VME_OFFSET(entry);
                        local_end = entry->vme_end;
                        if(map_pmap == NULL) {
                                if(entry->use_pmap) {
                        local_end = entry->vme_end;
                        if(map_pmap == NULL) {
                                if(entry->use_pmap) {
-                                       pmap = entry->object.sub_map->pmap;
+                                       pmap = VME_SUBMAP(entry)->pmap;
                                        pmap_addr = sub_start;
                                } else {
                                        pmap = map->pmap;
                                        pmap_addr = sub_start;
                                } else {
                                        pmap = map->pmap;
@@ -4357,7 +5788,7 @@ vm_map_unwire_nested(
                                 * guarantees existance of the entry.
                                 */
                                vm_map_unlock(map);
                                 * guarantees existance of the entry.
                                 */
                                vm_map_unlock(map);
-                               vm_map_unwire_nested(entry->object.sub_map
+                               vm_map_unwire_nested(VME_SUBMAP(entry)
                                                     sub_start, sub_end, user_wire, pmap, pmap_addr);
                                vm_map_lock(map);
 
                                                     sub_start, sub_end, user_wire, pmap, pmap_addr);
                                vm_map_lock(map);
 
@@ -4395,7 +5826,7 @@ vm_map_unwire_nested(
                                continue;
                        } else {
                                vm_map_unlock(map);
                                continue;
                        } else {
                                vm_map_unlock(map);
-                               vm_map_unwire_nested(entry->object.sub_map,
+                               vm_map_unwire_nested(VME_SUBMAP(entry),
                                                     sub_start, sub_end, user_wire, map_pmap,
                                                     pmap_addr);
                                vm_map_lock(map);
                                                     sub_start, sub_end, user_wire, map_pmap,
                                                     pmap_addr);
                                vm_map_lock(map);
@@ -4532,9 +5963,9 @@ vm_map_unwire_nested(
 
 kern_return_t
 vm_map_unwire(
 
 kern_return_t
 vm_map_unwire(
-       register vm_map_t       map,
-       register vm_map_offset_t        start,
-       register vm_map_offset_t        end,
+       vm_map_t                map,
+       vm_map_offset_t         start,
+       vm_map_offset_t         end,
        boolean_t               user_wire)
 {
        return vm_map_unwire_nested(map, start, end, 
        boolean_t               user_wire)
 {
        return vm_map_unwire_nested(map, start, end, 
@@ -4549,27 +5980,31 @@ vm_map_unwire(
  */            
 static void
 vm_map_entry_delete(
  */            
 static void
 vm_map_entry_delete(
-       register vm_map_t       map,
-       register vm_map_entry_t entry)
+       vm_map_t        map,
+       vm_map_entry_t  entry)
 {
 {
-       register vm_map_offset_t        s, e;
-       register vm_object_t    object;
-       register vm_map_t       submap;
+       vm_map_offset_t s, e;
+       vm_object_t     object;
+       vm_map_t        submap;
 
        s = entry->vme_start;
        e = entry->vme_end;
        assert(page_aligned(s));
        assert(page_aligned(e));
 
        s = entry->vme_start;
        e = entry->vme_end;
        assert(page_aligned(s));
        assert(page_aligned(e));
+       if (entry->map_aligned == TRUE) {
+               assert(VM_MAP_PAGE_ALIGNED(s, VM_MAP_PAGE_MASK(map)));
+               assert(VM_MAP_PAGE_ALIGNED(e, VM_MAP_PAGE_MASK(map)));
+       }
        assert(entry->wired_count == 0);
        assert(entry->user_wired_count == 0);
        assert(!entry->permanent);
 
        if (entry->is_sub_map) {
                object = NULL;
        assert(entry->wired_count == 0);
        assert(entry->user_wired_count == 0);
        assert(!entry->permanent);
 
        if (entry->is_sub_map) {
                object = NULL;
-               submap = entry->object.sub_map;
+               submap = VME_SUBMAP(entry);
        } else {
                submap = NULL;
        } else {
                submap = NULL;
-               object = entry->object.vm_object;
+               object = VME_OBJECT(entry);
        }
 
        vm_map_store_entry_unlink(map, entry);
        }
 
        vm_map_store_entry_unlink(map, entry);
@@ -4622,19 +6057,22 @@ vm_map_submap_pmap_clean(
                                sub_map,
                                start,
                                start + remove_size,
                                sub_map,
                                start,
                                start + remove_size,
-                               entry->object.sub_map,
-                               entry->offset);
+                               VME_SUBMAP(entry),
+                               VME_OFFSET(entry));
                } else {
 
                } else {
 
-                       if((map->mapped) && (map->ref_count)
-                          && (entry->object.vm_object != NULL)) {
-                               vm_object_pmap_protect(
-                                       entry->object.vm_object,
-                                       entry->offset+(offset-entry->vme_start),
+                       if((map->mapped_in_other_pmaps) && (map->ref_count)
+                          && (VME_OBJECT(entry) != NULL)) {
+                               vm_object_pmap_protect_options(
+                                       VME_OBJECT(entry),
+                                       (VME_OFFSET(entry) +
+                                        offset -
+                                        entry->vme_start),
                                        remove_size,
                                        PMAP_NULL,
                                        entry->vme_start,
                                        remove_size,
                                        PMAP_NULL,
                                        entry->vme_start,
-                                       VM_PROT_NONE);
+                                       VM_PROT_NONE,
+                                       PMAP_OPTIONS_REMOVE);
                        } else {
                                pmap_remove(map->pmap, 
                                            (addr64_t)start, 
                        } else {
                                pmap_remove(map->pmap, 
                                            (addr64_t)start, 
@@ -4656,18 +6094,19 @@ vm_map_submap_pmap_clean(
                                sub_map,
                                (start + entry->vme_start) - offset,
                                ((start + entry->vme_start) - offset) + remove_size,
                                sub_map,
                                (start + entry->vme_start) - offset,
                                ((start + entry->vme_start) - offset) + remove_size,
-                               entry->object.sub_map,
-                               entry->offset);
+                               VME_SUBMAP(entry),
+                               VME_OFFSET(entry));
                } else {
                } else {
-                       if((map->mapped) && (map->ref_count)
-                          && (entry->object.vm_object != NULL)) {
-                               vm_object_pmap_protect(
-                                       entry->object.vm_object,
-                                       entry->offset,
+                       if((map->mapped_in_other_pmaps) && (map->ref_count)
+                          && (VME_OBJECT(entry) != NULL)) {
+                               vm_object_pmap_protect_options(
+                                       VME_OBJECT(entry),
+                                       VME_OFFSET(entry),
                                        remove_size,
                                        PMAP_NULL,
                                        entry->vme_start,
                                        remove_size,
                                        PMAP_NULL,
                                        entry->vme_start,
-                                       VM_PROT_NONE);
+                                       VM_PROT_NONE,
+                                       PMAP_OPTIONS_REMOVE);
                        } else {
                                pmap_remove(map->pmap, 
                                            (addr64_t)((start + entry->vme_start) 
                        } else {
                                pmap_remove(map->pmap, 
                                            (addr64_t)((start + entry->vme_start) 
@@ -4703,8 +6142,8 @@ vm_map_delete(
 {
        vm_map_entry_t          entry, next;
        struct   vm_map_entry   *first_entry, tmp_entry;
 {
        vm_map_entry_t          entry, next;
        struct   vm_map_entry   *first_entry, tmp_entry;
-       register vm_map_offset_t s;
-       register vm_object_t    object;
+       vm_map_offset_t         s;
+       vm_object_t             object;
        boolean_t               need_wakeup;
        unsigned int            last_timestamp = ~0; /* unlikely value */
        int                     interruptible;
        boolean_t               need_wakeup;
        unsigned int            last_timestamp = ~0; /* unlikely value */
        int                     interruptible;
@@ -4731,6 +6170,18 @@ vm_map_delete(
                 */
                if (vm_map_lookup_entry(map, start, &first_entry)) {
                        entry = first_entry;
                 */
                if (vm_map_lookup_entry(map, start, &first_entry)) {
                        entry = first_entry;
+                       if (map == kalloc_map &&
+                           (entry->vme_start != start ||
+                            entry->vme_end != end)) {
+                               panic("vm_map_delete(%p,0x%llx,0x%llx): "
+                                     "mismatched entry %p [0x%llx:0x%llx]\n",
+                                     map,
+                                     (uint64_t)start,
+                                     (uint64_t)end,
+                                     entry,
+                                     (uint64_t)entry->vme_start,
+                                     (uint64_t)entry->vme_end);
+                       }
                        if (entry->superpage_size && (start & ~SUPERPAGE_MASK)) { /* extend request to whole entry */                           start = SUPERPAGE_ROUND_DOWN(start);
                                start = SUPERPAGE_ROUND_DOWN(start);
                                continue;
                        if (entry->superpage_size && (start & ~SUPERPAGE_MASK)) { /* extend request to whole entry */                           start = SUPERPAGE_ROUND_DOWN(start);
                                start = SUPERPAGE_ROUND_DOWN(start);
                                continue;
@@ -4741,6 +6192,27 @@ vm_map_delete(
                                 * any unnecessary unnesting in this case...
                                 */
                        } else {
                                 * any unnecessary unnesting in this case...
                                 */
                        } else {
+                               if ((flags & VM_MAP_REMOVE_NO_MAP_ALIGN) &&
+                                   entry->map_aligned &&
+                                   !VM_MAP_PAGE_ALIGNED(
+                                           start,
+                                           VM_MAP_PAGE_MASK(map))) {
+                                       /*
+                                        * The entry will no longer be
+                                        * map-aligned after clipping
+                                        * and the caller said it's OK.
+                                        */
+                                       entry->map_aligned = FALSE;
+                               }
+                               if (map == kalloc_map) {
+                                       panic("vm_map_delete(%p,0x%llx,0x%llx):"
+                                             " clipping %p at 0x%llx\n",
+                                             map,
+                                             (uint64_t)start,
+                                             (uint64_t)end,
+                                             entry,
+                                             (uint64_t)start);
+                               }
                                vm_map_clip_start(map, entry, start);
                        }
 
                                vm_map_clip_start(map, entry, start);
                        }
 
@@ -4750,6 +6222,15 @@ vm_map_delete(
                         */
                        SAVE_HINT_MAP_WRITE(map, entry->vme_prev);
                } else {
                         */
                        SAVE_HINT_MAP_WRITE(map, entry->vme_prev);
                } else {
+                       if (map->pmap == kernel_pmap &&
+                           map->ref_count != 0) {
+                               panic("vm_map_delete(%p,0x%llx,0x%llx): "
+                                     "no map entry at 0x%llx\n",
+                                     map,
+                                     (uint64_t)start,
+                                     (uint64_t)end,
+                                     (uint64_t)start);
+                       }
                        entry = first_entry->vme_next;
                }
                break;
                        entry = first_entry->vme_next;
                }
                break;
@@ -4786,6 +6267,25 @@ vm_map_delete(
                         * vm_map_simplify_entry().  We need to
                         * re-clip its start.
                         */
                         * vm_map_simplify_entry().  We need to
                         * re-clip its start.
                         */
+                       if ((flags & VM_MAP_REMOVE_NO_MAP_ALIGN) &&
+                           entry->map_aligned &&
+                           !VM_MAP_PAGE_ALIGNED(s,
+                                                VM_MAP_PAGE_MASK(map))) {
+                               /*
+                                * The entry will no longer be map-aligned
+                                * after clipping and the caller said it's OK.
+                                */
+                               entry->map_aligned = FALSE;
+                       }
+                       if (map == kalloc_map) {
+                               panic("vm_map_delete(%p,0x%llx,0x%llx): "
+                                     "clipping %p at 0x%llx\n",
+                                     map,
+                                     (uint64_t)start,
+                                     (uint64_t)end,
+                                     entry,
+                                     (uint64_t)s);
+                       }
                        vm_map_clip_start(map, entry, s);
                }
                if (entry->vme_end <= end) {
                        vm_map_clip_start(map, entry, s);
                }
                if (entry->vme_end <= end) {
@@ -4794,6 +6294,25 @@ vm_map_delete(
                         * to clip and possibly cause an unnecessary unnesting.
                         */
                } else {
                         * to clip and possibly cause an unnecessary unnesting.
                         */
                } else {
+                       if ((flags & VM_MAP_REMOVE_NO_MAP_ALIGN) &&
+                           entry->map_aligned &&
+                           !VM_MAP_PAGE_ALIGNED(end,
+                                                VM_MAP_PAGE_MASK(map))) {
+                               /*
+                                * The entry will no longer be map-aligned
+                                * after clipping and the caller said it's OK.
+                                */
+                               entry->map_aligned = FALSE;
+                       }
+                       if (map == kalloc_map) {
+                               panic("vm_map_delete(%p,0x%llx,0x%llx): "
+                                     "clipping %p at 0x%llx\n",
+                                     map,
+                                     (uint64_t)start,
+                                     (uint64_t)end,
+                                     entry,
+                                     (uint64_t)end);
+                       }
                        vm_map_clip_end(map, entry, end);
                }
 
                        vm_map_clip_end(map, entry, end);
                }
 
@@ -4831,7 +6350,6 @@ vm_map_delete(
                                 * We do not clear the needs_wakeup flag,
                                 * since we cannot tell if we were the only one.
                                 */
                                 * We do not clear the needs_wakeup flag,
                                 * since we cannot tell if we were the only one.
                                 */
-                               vm_map_unlock(map);
                                return KERN_ABORTED;
                        }
 
                                return KERN_ABORTED;
                        }
 
@@ -4840,8 +6358,6 @@ vm_map_delete(
                         * may not exist anymore.  Look it up again.
                         */
                        if (!vm_map_lookup_entry(map, s, &first_entry)) {
                         * may not exist anymore.  Look it up again.
                         */
                        if (!vm_map_lookup_entry(map, s, &first_entry)) {
-                               assert((map != kernel_map) && 
-                                      (!entry->is_sub_map));
                                /*
                                 * User: use the next entry
                                 */
                                /*
                                 * User: use the next entry
                                 */
@@ -4900,7 +6416,6 @@ vm_map_delete(
                                                 * cannot tell if we were the 
                                                 * only one.
                                                 */
                                                 * cannot tell if we were the 
                                                 * only one.
                                                 */
-                                               vm_map_unlock(map);
                                                return KERN_ABORTED;
                                        }
 
                                                return KERN_ABORTED;
                                        }
 
@@ -4949,8 +6464,8 @@ vm_map_delete(
                                vm_map_offset_t pmap_addr;
                                
 
                                vm_map_offset_t pmap_addr;
                                
 
-                               sub_map = tmp_entry.object.sub_map;
-                               sub_start = tmp_entry.offset;
+                               sub_map = VME_SUBMAP(&tmp_entry);
+                               sub_start = VME_OFFSET(&tmp_entry);
                                sub_end = sub_start + (tmp_entry.vme_end -
                                                       tmp_entry.vme_start);
                                if (tmp_entry.use_pmap) {
                                sub_end = sub_start + (tmp_entry.vme_end -
                                                       tmp_entry.vme_start);
                                if (tmp_entry.use_pmap) {
@@ -4966,8 +6481,17 @@ vm_map_delete(
                                                            pmap, pmap_addr);
                        } else {
 
                                                            pmap, pmap_addr);
                        } else {
 
+                               if (VME_OBJECT(&tmp_entry) == kernel_object) {
+                                       pmap_protect_options(
+                                               map->pmap,
+                                               tmp_entry.vme_start,
+                                               tmp_entry.vme_end,
+                                               VM_PROT_NONE,
+                                               PMAP_OPTIONS_REMOVE,
+                                               NULL);
+                               }
                                vm_fault_unwire(map, &tmp_entry,
                                vm_fault_unwire(map, &tmp_entry,
-                                               tmp_entry.object.vm_object == kernel_object,
+                                               VME_OBJECT(&tmp_entry) == kernel_object,
                                                map->pmap, tmp_entry.vme_start);
                        }
 
                                                map->pmap, tmp_entry.vme_start);
                        }
 
@@ -5032,49 +6556,119 @@ vm_map_delete(
                } else if (entry->is_sub_map) {
                        if (entry->use_pmap) {
 #ifndef NO_NESTED_PMAP
                } else if (entry->is_sub_map) {
                        if (entry->use_pmap) {
 #ifndef NO_NESTED_PMAP
-                               pmap_unnest(map->pmap,
-                                           (addr64_t)entry->vme_start,
-                                           entry->vme_end - entry->vme_start);
+                               int pmap_flags;
+
+                               if (flags & VM_MAP_REMOVE_NO_UNNESTING) {
+                                       /*
+                                        * This is the final cleanup of the
+                                        * address space being terminated.
+                                        * No new mappings are expected and
+                                        * we don't really need to unnest the
+                                        * shared region (and lose the "global"
+                                        * pmap mappings, if applicable).
+                                        *
+                                        * Tell the pmap layer that we're
+                                        * "clean" wrt nesting.
+                                        */
+                                       pmap_flags = PMAP_UNNEST_CLEAN;
+                               } else {
+                                       /*
+                                        * We're unmapping part of the nested
+                                        * shared region, so we can't keep the
+                                        * nested pmap.
+                                        */
+                                       pmap_flags = 0;
+                               }
+                               pmap_unnest_options(
+                                       map->pmap,
+                                       (addr64_t)entry->vme_start,
+                                       entry->vme_end - entry->vme_start,
+                                       pmap_flags);
 #endif /* NO_NESTED_PMAP */
 #endif /* NO_NESTED_PMAP */
-                               if ((map->mapped) && (map->ref_count)) {
+                               if ((map->mapped_in_other_pmaps) && (map->ref_count)) {
                                        /* clean up parent map/maps */
                                        vm_map_submap_pmap_clean(
                                                map, entry->vme_start,
                                                entry->vme_end,
                                        /* clean up parent map/maps */
                                        vm_map_submap_pmap_clean(
                                                map, entry->vme_start,
                                                entry->vme_end,
-                                               entry->object.sub_map,
-                                               entry->offset);
+                                               VME_SUBMAP(entry),
+                                               VME_OFFSET(entry));
                                }
                        } else {
                                vm_map_submap_pmap_clean(
                                        map, entry->vme_start, entry->vme_end,
                                }
                        } else {
                                vm_map_submap_pmap_clean(
                                        map, entry->vme_start, entry->vme_end,
-                                       entry->object.sub_map,
-                                       entry->offset);
+                                       VME_SUBMAP(entry),
+                                       VME_OFFSET(entry));
                        }
                        }
-               } else if (entry->object.vm_object != kernel_object) {
-                       object = entry->object.vm_object;
-                       if((map->mapped) && (map->ref_count)) {
-                               vm_object_pmap_protect(
-                                       object, entry->offset,
+               } else if (VME_OBJECT(entry) != kernel_object &&
+                          VME_OBJECT(entry) != compressor_object) {
+                       object = VME_OBJECT(entry);
+                       if ((map->mapped_in_other_pmaps) && (map->ref_count)) {
+                               vm_object_pmap_protect_options(
+                                       object, VME_OFFSET(entry),
                                        entry->vme_end - entry->vme_start,
                                        PMAP_NULL,
                                        entry->vme_start,
                                        entry->vme_end - entry->vme_start,
                                        PMAP_NULL,
                                        entry->vme_start,
-                                       VM_PROT_NONE);
-                       } else {
-                               pmap_remove(map->pmap,
-                                           (addr64_t)entry->vme_start,
-                                           (addr64_t)entry->vme_end);
+                                       VM_PROT_NONE,
+                                       PMAP_OPTIONS_REMOVE);
+                       } else if ((VME_OBJECT(entry) != VM_OBJECT_NULL) ||
+                                  (map->pmap == kernel_pmap)) {
+                               /* Remove translations associated
+                                * with this range unless the entry
+                                * does not have an object, or
+                                * it's the kernel map or a descendant
+                                * since the platform could potentially
+                                * create "backdoor" mappings invisible
+                                * to the VM. It is expected that
+                                * objectless, non-kernel ranges
+                                * do not have such VM invisible
+                                * translations.
+                                */
+                               pmap_remove_options(map->pmap,
+                                                   (addr64_t)entry->vme_start,
+                                                   (addr64_t)entry->vme_end,
+                                                   PMAP_OPTIONS_REMOVE);
                        }
                }
 
                        }
                }
 
+               if (entry->iokit_acct) {
+                       /* alternate accounting */
+                       DTRACE_VM4(vm_map_iokit_unmapped_region,
+                                  vm_map_t, map,
+                                  vm_map_offset_t, entry->vme_start,
+                                  vm_map_offset_t, entry->vme_end,
+                                  int, VME_ALIAS(entry));
+                       vm_map_iokit_unmapped_region(map,
+                                                    (entry->vme_end -
+                                                     entry->vme_start));
+                       entry->iokit_acct = FALSE;
+               }
+
                /*
                 * All pmap mappings for this map entry must have been
                 * cleared by now.
                 */
                /*
                 * All pmap mappings for this map entry must have been
                 * cleared by now.
                 */
+#if DEBUG
                assert(vm_map_pmap_is_empty(map,
                                            entry->vme_start,
                                            entry->vme_end));
                assert(vm_map_pmap_is_empty(map,
                                            entry->vme_start,
                                            entry->vme_end));
+#endif /* DEBUG */
 
                next = entry->vme_next;
 
                next = entry->vme_next;
+
+               if (map->pmap == kernel_pmap &&
+                   map->ref_count != 0 &&
+                   entry->vme_end < end &&
+                   (next == vm_map_to_entry(map) ||
+                    next->vme_start != entry->vme_end)) {
+                       panic("vm_map_delete(%p,0x%llx,0x%llx): "
+                             "hole after %p at 0x%llx\n",
+                             map,
+                             (uint64_t)start,
+                             (uint64_t)end,
+                             entry,
+                             (uint64_t)entry->vme_end);
+               }
+
                s = next->vme_start;
                last_timestamp = map->timestamp;
 
                s = next->vme_start;
                last_timestamp = map->timestamp;
 
@@ -5153,26 +6747,55 @@ vm_map_delete(
  */
 kern_return_t
 vm_map_remove(
  */
 kern_return_t
 vm_map_remove(
-       register vm_map_t       map,
-       register vm_map_offset_t        start,
-       register vm_map_offset_t        end,
-       register boolean_t      flags)
+       vm_map_t        map,
+       vm_map_offset_t start,
+       vm_map_offset_t end,
+        boolean_t      flags)
 {
 {
-       register kern_return_t  result;
+       kern_return_t   result;
 
        vm_map_lock(map);
        VM_MAP_RANGE_CHECK(map, start, end);
 
        vm_map_lock(map);
        VM_MAP_RANGE_CHECK(map, start, end);
+       /*
+        * For the zone_map, the kernel controls the allocation/freeing of memory.
+        * Any free to the zone_map should be within the bounds of the map and
+        * should free up memory. If the VM_MAP_RANGE_CHECK() silently converts a
+        * free to the zone_map into a no-op, there is a problem and we should
+        * panic.
+        */
+       if ((map == zone_map) && (start == end))
+               panic("Nothing being freed to the zone_map. start = end = %p\n", (void *)start);
        result = vm_map_delete(map, start, end, flags, VM_MAP_NULL);
        vm_map_unlock(map);
 
        return(result);
 }
 
        result = vm_map_delete(map, start, end, flags, VM_MAP_NULL);
        vm_map_unlock(map);
 
        return(result);
 }
 
-
 /*
 /*
- *     Routine:        vm_map_copy_discard
+ *     vm_map_remove_locked:
  *
  *
- *     Description:
+ *     Remove the given address range from the target locked map.
+ *     This is the exported form of vm_map_delete.
+ */
+kern_return_t
+vm_map_remove_locked(
+       vm_map_t        map,
+       vm_map_offset_t start,
+       vm_map_offset_t end,
+       boolean_t       flags)
+{
+       kern_return_t   result;
+
+       VM_MAP_RANGE_CHECK(map, start, end);
+       result = vm_map_delete(map, start, end, flags, VM_MAP_NULL);
+       return(result);
+}
+
+
+/*
+ *     Routine:        vm_map_copy_discard
+ *
+ *     Description:
  *             Dispose of a map copy object (returned by
  *             vm_map_copyin).
  */
  *             Dispose of a map copy object (returned by
  *             vm_map_copyin).
  */
@@ -5190,7 +6813,11 @@ vm_map_copy_discard(
                        vm_map_entry_t  entry = vm_map_copy_first_entry(copy);
 
                        vm_map_copy_entry_unlink(copy, entry);
                        vm_map_entry_t  entry = vm_map_copy_first_entry(copy);
 
                        vm_map_copy_entry_unlink(copy, entry);
-                       vm_object_deallocate(entry->object.vm_object);
+                       if (entry->is_sub_map) {
+                               vm_map_deallocate(VME_SUBMAP(entry));
+                       } else {
+                               vm_object_deallocate(VME_OBJECT(entry));
+                       }
                        vm_map_copy_entry_dispose(copy, entry);
                }
                break;
                        vm_map_copy_entry_dispose(copy, entry);
                }
                break;
@@ -5204,7 +6831,10 @@ vm_map_copy_discard(
                 * allocated by a single call to kalloc(), i.e. the
                 * vm_map_copy_t was not allocated out of the zone.
                 */
                 * allocated by a single call to kalloc(), i.e. the
                 * vm_map_copy_t was not allocated out of the zone.
                 */
-               kfree(copy, copy->cpy_kalloc_size);
+               if (copy->size > msg_ool_size_small || copy->offset)
+                       panic("Invalid vm_map_copy_t sz:%lld, ofst:%lld",
+                             (long long)copy->size, (long long)copy->offset);
+               kfree(copy, copy->size + cpy_kdata_hdr_sz);
                return;
        }
        zfree(vm_map_copy_zone, copy);
                return;
        }
        zfree(vm_map_copy_zone, copy);
@@ -5242,6 +6872,7 @@ vm_map_copy_copy(
         */
 
        new_copy = (vm_map_copy_t) zalloc(vm_map_copy_zone);
         */
 
        new_copy = (vm_map_copy_t) zalloc(vm_map_copy_zone);
+       new_copy->c_u.hdr.rb_head_store.rbh_root = (void*)(int)SKIP_RB_TREE;
        *new_copy = *copy;
 
        if (copy->type == VM_MAP_COPY_ENTRY_LIST) {
        *new_copy = *copy;
 
        if (copy->type == VM_MAP_COPY_ENTRY_LIST) {
@@ -5289,7 +6920,8 @@ vm_map_overwrite_submap_recurse(
         *      splitting entries in strange ways.
         */
 
         *      splitting entries in strange ways.
         */
 
-       dst_end = vm_map_round_page(dst_addr + dst_size);
+       dst_end = vm_map_round_page(dst_addr + dst_size,
+                                   VM_MAP_PAGE_MASK(dst_map));
        vm_map_lock(dst_map);
 
 start_pass_1:
        vm_map_lock(dst_map);
 
 start_pass_1:
@@ -5298,8 +6930,14 @@ start_pass_1:
                return(KERN_INVALID_ADDRESS);
        }
 
                return(KERN_INVALID_ADDRESS);
        }
 
-       vm_map_clip_start(dst_map, tmp_entry, vm_map_trunc_page(dst_addr));
-       assert(!tmp_entry->use_pmap); /* clipping did unnest if needed */
+       vm_map_clip_start(dst_map,
+                         tmp_entry,
+                         vm_map_trunc_page(dst_addr,
+                                           VM_MAP_PAGE_MASK(dst_map)));
+       if (tmp_entry->is_sub_map) {
+               /* clipping did unnest if needed */
+               assert(!tmp_entry->use_pmap);
+       }
 
        for (entry = tmp_entry;;) {
                vm_map_entry_t  next;
 
        for (entry = tmp_entry;;) {
                vm_map_entry_t  next;
@@ -5321,19 +6959,19 @@ start_pass_1:
                        }
 
                        encountered_sub_map = TRUE;
                        }
 
                        encountered_sub_map = TRUE;
-                       sub_start = entry->offset;
+                       sub_start = VME_OFFSET(entry);
 
                        if(entry->vme_end < dst_end)
                                sub_end = entry->vme_end;
                        else 
                                sub_end = dst_end;
                        sub_end -= entry->vme_start;
 
                        if(entry->vme_end < dst_end)
                                sub_end = entry->vme_end;
                        else 
                                sub_end = dst_end;
                        sub_end -= entry->vme_start;
-                       sub_end += entry->offset;
+                       sub_end += VME_OFFSET(entry);
                        local_end = entry->vme_end;
                        vm_map_unlock(dst_map);
                        
                        result = vm_map_overwrite_submap_recurse(
                        local_end = entry->vme_end;
                        vm_map_unlock(dst_map);
                        
                        result = vm_map_overwrite_submap_recurse(
-                               entry->object.sub_map,
+                               VME_SUBMAP(entry),
                                sub_start,
                                sub_end - sub_start);
 
                                sub_start,
                                sub_end - sub_start);
 
@@ -5391,9 +7029,9 @@ start_pass_1:
                /*
                 *      Check for permanent objects in the destination.
                 */
                /*
                 *      Check for permanent objects in the destination.
                 */
-               if ((entry->object.vm_object != VM_OBJECT_NULL) &&
-                   ((!entry->object.vm_object->internal) ||
-                    (entry->object.vm_object->true_share))) {
+               if ((VME_OBJECT(entry) != VM_OBJECT_NULL) &&
+                   ((!VME_OBJECT(entry)->internal) ||
+                    (VME_OBJECT(entry)->true_share))) {
                        if(encountered_sub_map) {
                                vm_map_unlock(dst_map);
                                return(KERN_FAILURE);
                        if(encountered_sub_map) {
                                vm_map_unlock(dst_map);
                                return(KERN_FAILURE);
@@ -5494,7 +7132,7 @@ vm_map_copy_overwrite_nested(
        if (copy->type == VM_MAP_COPY_KERNEL_BUFFER) {
                return(vm_map_copyout_kernel_buffer(
                               dst_map, &dst_addr, 
        if (copy->type == VM_MAP_COPY_KERNEL_BUFFER) {
                return(vm_map_copyout_kernel_buffer(
                               dst_map, &dst_addr, 
-                              copy, TRUE));
+                              copy, copy->size, TRUE, discard_on_success));
        }
 
        /*
        }
 
        /*
@@ -5517,12 +7155,16 @@ vm_map_copy_overwrite_nested(
         *      splitting entries in strange ways.
         */
 
         *      splitting entries in strange ways.
         */
 
-       if (!page_aligned(copy->size) ||
-           !page_aligned (copy->offset) ||
-           !page_aligned (dst_addr))
+       if (!VM_MAP_PAGE_ALIGNED(copy->size,
+                                VM_MAP_PAGE_MASK(dst_map)) ||
+           !VM_MAP_PAGE_ALIGNED(copy->offset,
+                                VM_MAP_PAGE_MASK(dst_map)) ||
+           !VM_MAP_PAGE_ALIGNED(dst_addr,
+                                VM_MAP_PAGE_MASK(dst_map)))
        {
                aligned = FALSE;
        {
                aligned = FALSE;
-               dst_end = vm_map_round_page(dst_addr + copy->size);
+               dst_end = vm_map_round_page(dst_addr + copy->size,
+                                           VM_MAP_PAGE_MASK(dst_map));
        } else {
                dst_end = dst_addr + copy->size;
        }
        } else {
                dst_end = dst_addr + copy->size;
        }
@@ -5543,7 +7185,10 @@ start_pass_1:
                vm_map_unlock(dst_map);
                return(KERN_INVALID_ADDRESS);
        }
                vm_map_unlock(dst_map);
                return(KERN_INVALID_ADDRESS);
        }
-       vm_map_clip_start(dst_map, tmp_entry, vm_map_trunc_page(dst_addr));
+       vm_map_clip_start(dst_map,
+                         tmp_entry,
+                         vm_map_trunc_page(dst_addr,
+                                           VM_MAP_PAGE_MASK(dst_map)));
        for (entry = tmp_entry;;) {
                vm_map_entry_t  next = entry->vme_next;
 
        for (entry = tmp_entry;;) {
                vm_map_entry_t  next = entry->vme_next;
 
@@ -5570,18 +7215,18 @@ start_pass_1:
                                /* there is no need for the follow-  */
                                /* ing check.                        */
                                encountered_sub_map = TRUE;
                                /* there is no need for the follow-  */
                                /* ing check.                        */
                                encountered_sub_map = TRUE;
-                               sub_start = entry->offset;
+                               sub_start = VME_OFFSET(entry);
 
                                if(entry->vme_end < dst_end)
                                        sub_end = entry->vme_end;
                                else 
                                        sub_end = dst_end;
                                sub_end -= entry->vme_start;
 
                                if(entry->vme_end < dst_end)
                                        sub_end = entry->vme_end;
                                else 
                                        sub_end = dst_end;
                                sub_end -= entry->vme_start;
-                               sub_end += entry->offset;
+                               sub_end += VME_OFFSET(entry);
                                vm_map_unlock(dst_map);
                        
                                kr = vm_map_overwrite_submap_recurse(
                                vm_map_unlock(dst_map);
                        
                                kr = vm_map_overwrite_submap_recurse(
-                                       entry->object.sub_map,
+                                       VME_SUBMAP(entry),
                                        sub_start,
                                        sub_end - sub_start);
                                if(kr != KERN_SUCCESS)
                                        sub_start,
                                        sub_end - sub_start);
                                if(kr != KERN_SUCCESS)
@@ -5638,9 +7283,9 @@ start_pass_1:
                /*
                 *      Check for permanent objects in the destination.
                 */
                /*
                 *      Check for permanent objects in the destination.
                 */
-               if ((entry->object.vm_object != VM_OBJECT_NULL) &&
-                   ((!entry->object.vm_object->internal) ||
-                    (entry->object.vm_object->true_share))) {
+               if ((VME_OBJECT(entry) != VM_OBJECT_NULL) &&
+                   ((!VME_OBJECT(entry)->internal) ||
+                    (VME_OBJECT(entry)->true_share))) {
                        contains_permanent_objects = TRUE;
                }
 
                        contains_permanent_objects = TRUE;
                }
 
@@ -5745,11 +7390,11 @@ start_overwrite:
                                        assert(!entry->use_pmap);
                                        entry->is_sub_map = FALSE;
                                        vm_map_deallocate(
                                        assert(!entry->use_pmap);
                                        entry->is_sub_map = FALSE;
                                        vm_map_deallocate(
-                                               entry->object.sub_map);
-                                       entry->object.sub_map = NULL;
+                                               VME_SUBMAP(entry));
+                                       VME_SUBMAP_SET(entry, NULL);
                                        entry->is_shared = FALSE;
                                        entry->needs_copy = FALSE;
                                        entry->is_shared = FALSE;
                                        entry->needs_copy = FALSE;
-                                       entry->offset = 0;
+                                       VME_OFFSET_SET(entry, 0);
                                        /*
                                         * XXX FBDP
                                         * We should propagate the protections
                                        /*
                                         * XXX FBDP
                                         * We should propagate the protections
@@ -5775,14 +7420,14 @@ start_overwrite:
                                                entry->vme_start - base_addr;
                                        break;
                                }
                                                entry->vme_start - base_addr;
                                        break;
                                }
-                               sub_start = entry->offset;
+                               sub_start = VME_OFFSET(entry);
 
                                if(entry->vme_end < dst_end)
                                        sub_end = entry->vme_end;
                                else 
                                        sub_end = dst_end;
                                sub_end -= entry->vme_start;
 
                                if(entry->vme_end < dst_end)
                                        sub_end = entry->vme_end;
                                else 
                                        sub_end = dst_end;
                                sub_end -= entry->vme_start;
-                               sub_end += entry->offset;
+                               sub_end += VME_OFFSET(entry);
                                local_end = entry->vme_end;
                                vm_map_unlock(dst_map);
                                copy_size = sub_end - sub_start;
                                local_end = entry->vme_end;
                                vm_map_unlock(dst_map);
                                copy_size = sub_end - sub_start;
@@ -5835,22 +7480,22 @@ start_overwrite:
                        
                                if((entry->use_pmap) && (pmap == NULL)) {
                                        kr = vm_map_copy_overwrite_nested(
                        
                                if((entry->use_pmap) && (pmap == NULL)) {
                                        kr = vm_map_copy_overwrite_nested(
-                                               entry->object.sub_map,
+                                               VME_SUBMAP(entry),
                                                sub_start,
                                                copy,
                                                interruptible, 
                                                sub_start,
                                                copy,
                                                interruptible, 
-                                               entry->object.sub_map->pmap,
+                                               VME_SUBMAP(entry)->pmap,
                                                TRUE);
                                } else if (pmap != NULL) {
                                        kr = vm_map_copy_overwrite_nested(
                                                TRUE);
                                } else if (pmap != NULL) {
                                        kr = vm_map_copy_overwrite_nested(
-                                               entry->object.sub_map,
+                                               VME_SUBMAP(entry),
                                                sub_start,
                                                copy,
                                                interruptible, pmap,
                                                TRUE);
                                } else {
                                        kr = vm_map_copy_overwrite_nested(
                                                sub_start,
                                                copy,
                                                interruptible, pmap,
                                                TRUE);
                                } else {
                                        kr = vm_map_copy_overwrite_nested(
-                                               entry->object.sub_map,
+                                               VME_SUBMAP(entry),
                                                sub_start,
                                                copy,
                                                interruptible,
                                                sub_start,
                                                copy,
                                                interruptible,
@@ -5876,6 +7521,7 @@ start_overwrite:
                                /* destroyed after successful copy_overwrite */
                                copy = (vm_map_copy_t) 
                                        zalloc(vm_map_copy_zone);
                                /* destroyed after successful copy_overwrite */
                                copy = (vm_map_copy_t) 
                                        zalloc(vm_map_copy_zone);
+                               copy->c_u.hdr.rb_head_store.rbh_root = (void*)(int)SKIP_RB_TREE;
                                vm_map_copy_first_entry(copy) =
                                        vm_map_copy_last_entry(copy) =
                                        vm_map_copy_to_entry(copy);
                                vm_map_copy_first_entry(copy) =
                                        vm_map_copy_last_entry(copy) =
                                        vm_map_copy_to_entry(copy);
@@ -6005,8 +7651,13 @@ start_overwrite:
                         * bits of the region in this case !
                         */
                        /* ALWAYS UNLOCKS THE dst_map MAP */
                         * bits of the region in this case !
                         */
                        /* ALWAYS UNLOCKS THE dst_map MAP */
-                       if ((kr =  vm_map_copy_overwrite_unaligned( dst_map,
-                                                                   tmp_entry, copy, base_addr)) != KERN_SUCCESS) {
+                       kr = vm_map_copy_overwrite_unaligned(
+                               dst_map,
+                               tmp_entry,
+                               copy,
+                               base_addr,
+                               discard_on_success);
+                       if (kr != KERN_SUCCESS) {
                                if(next_copy != NULL) {
                                        copy->cpy_hdr.nentries +=
                                                remaining_entries;
                                if(next_copy != NULL) {
                                        copy->cpy_hdr.nentries +=
                                                remaining_entries;
@@ -6046,7 +7697,10 @@ start_overwrite:
                                break;
                        }
                }
                                break;
                        }
                }
-               vm_map_clip_start(dst_map, tmp_entry, vm_map_trunc_page(base_addr));
+               vm_map_clip_start(dst_map,
+                                 tmp_entry,
+                                 vm_map_trunc_page(base_addr,
+                                                   VM_MAP_PAGE_MASK(dst_map)));
 
                entry = tmp_entry;
        } /* while */
 
                entry = tmp_entry;
        } /* while */
@@ -6103,7 +7757,8 @@ vm_map_copy_overwrite(
                goto blunt_copy;
        }
 
                goto blunt_copy;
        }
 
-       if ((dst_addr & PAGE_MASK) != (copy->offset & PAGE_MASK)) {
+       if ((dst_addr & VM_MAP_PAGE_MASK(dst_map)) !=
+           (copy->offset & VM_MAP_PAGE_MASK(dst_map))) {
                /*
                 * Incompatible mis-alignment of source and destination...
                 */
                /*
                 * Incompatible mis-alignment of source and destination...
                 */
@@ -6117,7 +7772,8 @@ vm_map_copy_overwrite(
         */
        if (!page_aligned(dst_addr)) {
                head_addr = dst_addr;
         */
        if (!page_aligned(dst_addr)) {
                head_addr = dst_addr;
-               head_size = PAGE_SIZE - (copy->offset & PAGE_MASK);
+               head_size = (VM_MAP_PAGE_SIZE(dst_map) -
+                            (copy->offset & VM_MAP_PAGE_MASK(dst_map)));
        }
        if (!page_aligned(copy->offset + copy->size)) {
                /*
        }
        if (!page_aligned(copy->offset + copy->size)) {
                /*
@@ -6125,7 +7781,8 @@ vm_map_copy_overwrite(
                 * Do an aligned copy up to the last page and
                 * then an unaligned copy for the remaining bytes.
                 */
                 * Do an aligned copy up to the last page and
                 * then an unaligned copy for the remaining bytes.
                 */
-               tail_size = (copy->offset + copy->size) & PAGE_MASK;
+               tail_size = ((copy->offset + copy->size) &
+                            VM_MAP_PAGE_MASK(dst_map));
                tail_addr = dst_addr + copy->size - tail_size;
        }
 
                tail_addr = dst_addr + copy->size - tail_size;
        }
 
@@ -6168,6 +7825,7 @@ vm_map_copy_overwrite(
                 * Extract "head_copy" out of "copy".
                 */
                head_copy = (vm_map_copy_t) zalloc(vm_map_copy_zone);
                 * Extract "head_copy" out of "copy".
                 */
                head_copy = (vm_map_copy_t) zalloc(vm_map_copy_zone);
+               head_copy->c_u.hdr.rb_head_store.rbh_root = (void*)(int)SKIP_RB_TREE;
                vm_map_copy_first_entry(head_copy) =
                        vm_map_copy_to_entry(head_copy);
                vm_map_copy_last_entry(head_copy) =
                vm_map_copy_first_entry(head_copy) =
                        vm_map_copy_to_entry(head_copy);
                vm_map_copy_last_entry(head_copy) =
@@ -6209,6 +7867,7 @@ vm_map_copy_overwrite(
                 * Extract "tail_copy" out of "copy".
                 */
                tail_copy = (vm_map_copy_t) zalloc(vm_map_copy_zone);
                 * Extract "tail_copy" out of "copy".
                 */
                tail_copy = (vm_map_copy_t) zalloc(vm_map_copy_zone);
+               tail_copy->c_u.hdr.rb_head_store.rbh_root = (void*)(int)SKIP_RB_TREE;
                vm_map_copy_first_entry(tail_copy) =
                        vm_map_copy_to_entry(tail_copy);
                vm_map_copy_last_entry(tail_copy) =
                vm_map_copy_first_entry(tail_copy) =
                        vm_map_copy_to_entry(tail_copy);
                vm_map_copy_last_entry(tail_copy) =
@@ -6328,9 +7987,11 @@ vm_map_copy_overwrite_unaligned(
        vm_map_t        dst_map,
        vm_map_entry_t  entry,
        vm_map_copy_t   copy,
        vm_map_t        dst_map,
        vm_map_entry_t  entry,
        vm_map_copy_t   copy,
-       vm_map_offset_t start)
+       vm_map_offset_t start,
+       boolean_t       discard_on_success)
 {
 {
-       vm_map_entry_t          copy_entry = vm_map_copy_first_entry(copy);
+       vm_map_entry_t          copy_entry;
+       vm_map_entry_t          copy_entry_next;
        vm_map_version_t        version;
        vm_object_t             dst_object;
        vm_object_offset_t      dst_offset;
        vm_map_version_t        version;
        vm_object_t             dst_object;
        vm_object_offset_t      dst_offset;
@@ -6343,6 +8004,9 @@ vm_map_copy_overwrite_unaligned(
                                amount_left;
        kern_return_t           kr = KERN_SUCCESS;
 
                                amount_left;
        kern_return_t           kr = KERN_SUCCESS;
 
+       
+       copy_entry = vm_map_copy_first_entry(copy);
+
        vm_map_lock_write_to_read(dst_map);
 
        src_offset = copy->offset - vm_object_trunc_page(copy->offset);
        vm_map_lock_write_to_read(dst_map);
 
        src_offset = copy->offset - vm_object_trunc_page(copy->offset);
@@ -6396,14 +8060,13 @@ vm_map_copy_overwrite_unaligned(
                                vm_map_lock_read(dst_map);
                                goto RetryLookup;
                        }
                                vm_map_lock_read(dst_map);
                                goto RetryLookup;
                        }
-                       vm_object_shadow(&entry->object.vm_object,
-                                        &entry->offset,
-                                        (vm_map_size_t)(entry->vme_end
-                                                        - entry->vme_start));
+                       VME_OBJECT_SHADOW(entry,
+                                         (vm_map_size_t)(entry->vme_end
+                                                         - entry->vme_start));
                        entry->needs_copy = FALSE;
                        vm_map_lock_write_to_read(dst_map);
                }
                        entry->needs_copy = FALSE;
                        vm_map_lock_write_to_read(dst_map);
                }
-               dst_object = entry->object.vm_object;
+               dst_object = VME_OBJECT(entry);
 /*
  *             unlike with the virtual (aligned) copy we're going
  *             to fault on it therefore we need a target object.
 /*
  *             unlike with the virtual (aligned) copy we're going
  *             to fault on it therefore we need a target object.
@@ -6415,8 +8078,9 @@ vm_map_copy_overwrite_unaligned(
                        }
                        dst_object = vm_object_allocate((vm_map_size_t)
                                                        entry->vme_end - entry->vme_start);
                        }
                        dst_object = vm_object_allocate((vm_map_size_t)
                                                        entry->vme_end - entry->vme_start);
-                       entry->object.vm_object = dst_object;
-                       entry->offset = 0;
+                       VME_OBJECT(entry) = dst_object;
+                       VME_OFFSET_SET(entry, 0);
+                       assert(entry->use_pmap);
                        vm_map_lock_write_to_read(dst_map);
                }
 /*
                        vm_map_lock_write_to_read(dst_map);
                }
 /*
@@ -6425,15 +8089,15 @@ vm_map_copy_overwrite_unaligned(
  */
                vm_object_reference(dst_object);
                version.main_timestamp = dst_map->timestamp;
  */
                vm_object_reference(dst_object);
                version.main_timestamp = dst_map->timestamp;
-               entry_offset = entry->offset;
+               entry_offset = VME_OFFSET(entry);
                entry_end = entry->vme_end;
                vm_map_unlock_read(dst_map);
 /*
  *             Copy as much as possible in one pass
  */
                kr = vm_fault_copy(
                entry_end = entry->vme_end;
                vm_map_unlock_read(dst_map);
 /*
  *             Copy as much as possible in one pass
  */
                kr = vm_fault_copy(
-                       copy_entry->object.vm_object,
-                       copy_entry->offset + src_offset,
+                       VME_OBJECT(copy_entry),
+                       VME_OFFSET(copy_entry) + src_offset,
                        &copy_size,
                        dst_object,
                        entry_offset + dst_offset,
                        &copy_size,
                        dst_object,
                        entry_offset + dst_offset,
@@ -6460,17 +8124,25 @@ vm_map_copy_overwrite_unaligned(
 /*
  *                     all done with this copy entry, dispose.
  */
 /*
  *                     all done with this copy entry, dispose.
  */
-                       vm_map_copy_entry_unlink(copy, copy_entry);
-                       vm_object_deallocate(copy_entry->object.vm_object);
-                       vm_map_copy_entry_dispose(copy, copy_entry);
+                       copy_entry_next = copy_entry->vme_next;
+
+                       if (discard_on_success) {
+                               vm_map_copy_entry_unlink(copy, copy_entry);
+                               assert(!copy_entry->is_sub_map);
+                               vm_object_deallocate(VME_OBJECT(copy_entry));
+                               vm_map_copy_entry_dispose(copy, copy_entry);
+                       }
 
 
-                       if ((copy_entry = vm_map_copy_first_entry(copy))
-                           == vm_map_copy_to_entry(copy) && amount_left) {
+                       if (copy_entry_next == vm_map_copy_to_entry(copy) &&
+                           amount_left) {
 /*
  *                             not finished copying but run out of source
  */
                                return KERN_INVALID_ADDRESS;
                        }
 /*
  *                             not finished copying but run out of source
  */
                                return KERN_INVALID_ADDRESS;
                        }
+
+                       copy_entry = copy_entry_next;
+
                        src_offset = 0;
                }
 
                        src_offset = 0;
                }
 
@@ -6556,7 +8228,10 @@ vm_map_copy_overwrite_aligned(
                copy_size = (copy_entry->vme_end - copy_entry->vme_start);
                
                entry = tmp_entry;
                copy_size = (copy_entry->vme_end - copy_entry->vme_start);
                
                entry = tmp_entry;
-               assert(!entry->use_pmap); /* unnested when clipped earlier */
+               if (entry->is_sub_map) {
+                       /* unnested when clipped earlier */
+                       assert(!entry->use_pmap);
+               }
                if (entry == vm_map_to_entry(dst_map)) {
                        vm_map_unlock(dst_map);
                        return KERN_INVALID_ADDRESS;
                if (entry == vm_map_to_entry(dst_map)) {
                        vm_map_unlock(dst_map);
                        return KERN_INVALID_ADDRESS;
@@ -6590,6 +8265,12 @@ vm_map_copy_overwrite_aligned(
                 */
 
                if (copy_size < size) {
                 */
 
                if (copy_size < size) {
+                       if (entry->map_aligned &&
+                           !VM_MAP_PAGE_ALIGNED(entry->vme_start + copy_size,
+                                                VM_MAP_PAGE_MASK(dst_map))) {
+                               /* no longer map-aligned */
+                               entry->map_aligned = FALSE;
+                       }
                        vm_map_clip_end(dst_map, entry, entry->vme_start + copy_size);
                        size = copy_size;
                }
                        vm_map_clip_end(dst_map, entry, entry->vme_start + copy_size);
                        size = copy_size;
                }
@@ -6614,21 +8295,21 @@ vm_map_copy_overwrite_aligned(
                 *      installing the source data.
                 */
 
                 *      installing the source data.
                 */
 
-               object = entry->object.vm_object;
+               object = VME_OBJECT(entry);
                if ((!entry->is_shared && 
                     ((object == VM_OBJECT_NULL) || 
                      (object->internal && !object->true_share))) ||
                    entry->needs_copy) {
                if ((!entry->is_shared && 
                     ((object == VM_OBJECT_NULL) || 
                      (object->internal && !object->true_share))) ||
                    entry->needs_copy) {
-                       vm_object_t     old_object = entry->object.vm_object;
-                       vm_object_offset_t      old_offset = entry->offset;
+                       vm_object_t     old_object = VME_OBJECT(entry);
+                       vm_object_offset_t      old_offset = VME_OFFSET(entry);
                        vm_object_offset_t      offset;
 
                        /*
                         * Ensure that the source and destination aren't
                         * identical
                         */
                        vm_object_offset_t      offset;
 
                        /*
                         * Ensure that the source and destination aren't
                         * identical
                         */
-                       if (old_object == copy_entry->object.vm_object &&
-                           old_offset == copy_entry->offset) {
+                       if (old_object == VME_OBJECT(copy_entry) &&
+                           old_offset == VME_OFFSET(copy_entry)) {
                                vm_map_copy_entry_unlink(copy, copy_entry);
                                vm_map_copy_entry_dispose(copy, copy_entry);
 
                                vm_map_copy_entry_unlink(copy, copy_entry);
                                vm_map_copy_entry_dispose(copy, copy_entry);
 
@@ -6640,11 +8321,10 @@ vm_map_copy_overwrite_aligned(
                                continue;
                        }
 
                                continue;
                        }
 
-#if !CONFIG_EMBEDDED
 #define __TRADEOFF1_OBJ_SIZE (64 * 1024 * 1024)        /* 64 MB */
 #define __TRADEOFF1_COPY_SIZE (128 * 1024)     /* 128 KB */
 #define __TRADEOFF1_OBJ_SIZE (64 * 1024 * 1024)        /* 64 MB */
 #define __TRADEOFF1_COPY_SIZE (128 * 1024)     /* 128 KB */
-                       if (copy_entry->object.vm_object != VM_OBJECT_NULL &&
-                           copy_entry->object.vm_object->vo_size >= __TRADEOFF1_OBJ_SIZE &&
+                       if (VME_OBJECT(copy_entry) != VM_OBJECT_NULL &&
+                           VME_OBJECT(copy_entry)->vo_size >= __TRADEOFF1_OBJ_SIZE &&
                            copy_size <= __TRADEOFF1_COPY_SIZE) {
                                /*
                                 * Virtual vs. Physical copy tradeoff #1.
                            copy_size <= __TRADEOFF1_COPY_SIZE) {
                                /*
                                 * Virtual vs. Physical copy tradeoff #1.
@@ -6658,25 +8338,23 @@ vm_map_copy_overwrite_aligned(
                                vm_map_copy_overwrite_aligned_src_large++;
                                goto slow_copy;
                        }
                                vm_map_copy_overwrite_aligned_src_large++;
                                goto slow_copy;
                        }
-#endif /* !CONFIG_EMBEDDED */
 
 
-                       if (entry->alias >= VM_MEMORY_MALLOC &&
-                           entry->alias <= VM_MEMORY_MALLOC_LARGE_REUSED) {
+                       if ((dst_map->pmap != kernel_pmap) &&
+                           (VME_ALIAS(entry) >= VM_MEMORY_MALLOC) &&
+                           (VME_ALIAS(entry) <= VM_MEMORY_MALLOC_LARGE_REUSED)) {
                                vm_object_t new_object, new_shadow;
 
                                /*
                                 * We're about to map something over a mapping
                                 * established by malloc()...
                                 */
                                vm_object_t new_object, new_shadow;
 
                                /*
                                 * We're about to map something over a mapping
                                 * established by malloc()...
                                 */
-                               new_object = copy_entry->object.vm_object;
+                               new_object = VME_OBJECT(copy_entry);
                                if (new_object != VM_OBJECT_NULL) {
                                        vm_object_lock_shared(new_object);
                                }
                                while (new_object != VM_OBJECT_NULL &&
                                if (new_object != VM_OBJECT_NULL) {
                                        vm_object_lock_shared(new_object);
                                }
                                while (new_object != VM_OBJECT_NULL &&
-#if !CONFIG_EMBEDDED
                                       !new_object->true_share &&
                                       new_object->copy_strategy == MEMORY_OBJECT_COPY_SYMMETRIC &&
                                       !new_object->true_share &&
                                       new_object->copy_strategy == MEMORY_OBJECT_COPY_SYMMETRIC &&
-#endif /* !CONFIG_EMBEDDED */
                                       new_object->internal) {
                                        new_shadow = new_object->shadow;
                                        if (new_shadow == VM_OBJECT_NULL) {
                                       new_object->internal) {
                                        new_shadow = new_object->shadow;
                                        if (new_shadow == VM_OBJECT_NULL) {
@@ -6701,7 +8379,6 @@ vm_map_copy_overwrite_aligned(
                                                vm_object_unlock(new_object);
                                                goto slow_copy;
                                        }
                                                vm_object_unlock(new_object);
                                                goto slow_copy;
                                        }
-#if !CONFIG_EMBEDDED
                                        if (new_object->true_share ||
                                            new_object->copy_strategy != MEMORY_OBJECT_COPY_SYMMETRIC) {
                                                /*
                                        if (new_object->true_share ||
                                            new_object->copy_strategy != MEMORY_OBJECT_COPY_SYMMETRIC) {
                                                /*
@@ -6714,7 +8391,6 @@ vm_map_copy_overwrite_aligned(
                                                vm_object_unlock(new_object);
                                                goto slow_copy;
                                        }
                                                vm_object_unlock(new_object);
                                                goto slow_copy;
                                        }
-#endif /* !CONFIG_EMBEDDED */
                                        vm_object_unlock(new_object);
                                }
                                /*
                                        vm_object_unlock(new_object);
                                }
                                /*
@@ -6733,50 +8409,53 @@ vm_map_copy_overwrite_aligned(
                                                            (addr64_t)entry->vme_start,
                                                            entry->vme_end - entry->vme_start);
 #endif /* NO_NESTED_PMAP */
                                                            (addr64_t)entry->vme_start,
                                                            entry->vme_end - entry->vme_start);
 #endif /* NO_NESTED_PMAP */
-                                               if(dst_map->mapped) {
+                                               if(dst_map->mapped_in_other_pmaps) {
                                                        /* clean up parent */
                                                        /* map/maps */
                                                        vm_map_submap_pmap_clean(
                                                                dst_map, entry->vme_start,
                                                                entry->vme_end,
                                                        /* clean up parent */
                                                        /* map/maps */
                                                        vm_map_submap_pmap_clean(
                                                                dst_map, entry->vme_start,
                                                                entry->vme_end,
-                                                               entry->object.sub_map,
-                                                               entry->offset);
+                                                               VME_SUBMAP(entry),
+                                                               VME_OFFSET(entry));
                                                }
                                        } else {
                                                vm_map_submap_pmap_clean(
                                                        dst_map, entry->vme_start, 
                                                        entry->vme_end,
                                                }
                                        } else {
                                                vm_map_submap_pmap_clean(
                                                        dst_map, entry->vme_start, 
                                                        entry->vme_end,
-                                                       entry->object.sub_map,
-                                                       entry->offset);
+                                                       VME_SUBMAP(entry),
+                                                       VME_OFFSET(entry));
                                        }
                                        }
-                                       vm_map_deallocate(
-                                               entry->object.sub_map);
+                                       vm_map_deallocate(VME_SUBMAP(entry));
                                } else {
                                } else {
-                                       if(dst_map->mapped) {
-                                               vm_object_pmap_protect(
-                                                       entry->object.vm_object,
-                                                       entry->offset,
+                                       if(dst_map->mapped_in_other_pmaps) {
+                                               vm_object_pmap_protect_options(
+                                                       VME_OBJECT(entry),
+                                                       VME_OFFSET(entry),
                                                        entry->vme_end 
                                                        - entry->vme_start,
                                                        PMAP_NULL,
                                                        entry->vme_start,
                                                        entry->vme_end 
                                                        - entry->vme_start,
                                                        PMAP_NULL,
                                                        entry->vme_start,
-                                                       VM_PROT_NONE);
+                                                       VM_PROT_NONE,
+                                                       PMAP_OPTIONS_REMOVE);
                                        } else {
                                        } else {
-                                               pmap_remove(dst_map->pmap, 
-                                                           (addr64_t)(entry->vme_start), 
-                                                           (addr64_t)(entry->vme_end));
+                                               pmap_remove_options(
+                                                       dst_map->pmap, 
+                                                       (addr64_t)(entry->vme_start), 
+                                                       (addr64_t)(entry->vme_end),
+                                                       PMAP_OPTIONS_REMOVE);
                                        }
                                        vm_object_deallocate(old_object);
                                }
                        }
 
                        entry->is_sub_map = FALSE;
                                        }
                                        vm_object_deallocate(old_object);
                                }
                        }
 
                        entry->is_sub_map = FALSE;
-                       entry->object = copy_entry->object;
-                       object = entry->object.vm_object;
+                       VME_OBJECT_SET(entry, VME_OBJECT(copy_entry));
+                       object = VME_OBJECT(entry);
                        entry->needs_copy = copy_entry->needs_copy;
                        entry->wired_count = 0;
                        entry->user_wired_count = 0;
                        entry->needs_copy = copy_entry->needs_copy;
                        entry->wired_count = 0;
                        entry->user_wired_count = 0;
-                       offset = entry->offset = copy_entry->offset;
+                       offset = VME_OFFSET(copy_entry);
+                       VME_OFFSET_SET(entry, offset); 
 
                        vm_map_copy_entry_unlink(copy, copy_entry);
                        vm_map_copy_entry_dispose(copy, copy_entry);
 
                        vm_map_copy_entry_unlink(copy, copy_entry);
                        vm_map_copy_entry_dispose(copy, copy_entry);
@@ -6808,15 +8487,14 @@ vm_map_copy_overwrite_aligned(
 
                slow_copy:
                        if (entry->needs_copy) {
 
                slow_copy:
                        if (entry->needs_copy) {
-                               vm_object_shadow(&entry->object.vm_object,
-                                                &entry->offset,
-                                                (entry->vme_end -
-                                                 entry->vme_start));
+                               VME_OBJECT_SHADOW(entry,
+                                                 (entry->vme_end -
+                                                  entry->vme_start));
                                entry->needs_copy = FALSE;
                        }
 
                                entry->needs_copy = FALSE;
                        }
 
-                       dst_object = entry->object.vm_object;
-                       dst_offset = entry->offset;
+                       dst_object = VME_OBJECT(entry);
+                       dst_offset = VME_OFFSET(entry);
 
                        /*
                         *      Take an object reference, and record
 
                        /*
                         *      Take an object reference, and record
@@ -6840,8 +8518,9 @@ vm_map_copy_overwrite_aligned(
                                dst_object = vm_object_allocate(
                                        entry->vme_end - entry->vme_start);
                                dst_offset = 0;
                                dst_object = vm_object_allocate(
                                        entry->vme_end - entry->vme_start);
                                dst_offset = 0;
-                               entry->object.vm_object = dst_object;
-                               entry->offset = dst_offset;
+                               VME_OBJECT_SET(entry, dst_object);
+                               VME_OFFSET_SET(entry, dst_offset);
+                               assert(entry->use_pmap);
                                
                        }
 
                                
                        }
 
@@ -6858,8 +8537,8 @@ vm_map_copy_overwrite_aligned(
 
                        copy_size = size;
                        r = vm_fault_copy(
 
                        copy_size = size;
                        r = vm_fault_copy(
-                               copy_entry->object.vm_object,
-                               copy_entry->offset,
+                               VME_OBJECT(copy_entry),
+                               VME_OFFSET(copy_entry),
                                &copy_size,
                                dst_object,
                                dst_offset,
                                &copy_size,
                                dst_object,
                                dst_offset,
@@ -6888,7 +8567,7 @@ vm_map_copy_overwrite_aligned(
                                vm_map_copy_clip_end(copy, copy_entry,
                                                     copy_entry->vme_start + copy_size);
                                vm_map_copy_entry_unlink(copy, copy_entry);
                                vm_map_copy_clip_end(copy, copy_entry,
                                                     copy_entry->vme_start + copy_size);
                                vm_map_copy_entry_unlink(copy, copy_entry);
-                               vm_object_deallocate(copy_entry->object.vm_object);
+                               vm_object_deallocate(VME_OBJECT(copy_entry));
                                vm_map_copy_entry_dispose(copy, copy_entry);
                        }
 
                                vm_map_copy_entry_dispose(copy, copy_entry);
                        }
 
@@ -6905,6 +8584,13 @@ vm_map_copy_overwrite_aligned(
                            copy_size != 0) {
                                /* We can safely use saved tmp_entry value */
 
                            copy_size != 0) {
                                /* We can safely use saved tmp_entry value */
 
+                               if (tmp_entry->map_aligned &&
+                                   !VM_MAP_PAGE_ALIGNED(
+                                           start,
+                                           VM_MAP_PAGE_MASK(dst_map))) {
+                                       /* no longer map-aligned */
+                                       tmp_entry->map_aligned = FALSE;
+                               }
                                vm_map_clip_end(dst_map, tmp_entry, start);
                                tmp_entry = tmp_entry->vme_next;
                        } else {
                                vm_map_clip_end(dst_map, tmp_entry, start);
                                tmp_entry = tmp_entry->vme_next;
                        } else {
@@ -6914,6 +8600,13 @@ vm_map_copy_overwrite_aligned(
                                        vm_map_unlock(dst_map);
                                        return(KERN_INVALID_ADDRESS);
                                }
                                        vm_map_unlock(dst_map);
                                        return(KERN_INVALID_ADDRESS);
                                }
+                               if (tmp_entry->map_aligned &&
+                                   !VM_MAP_PAGE_ALIGNED(
+                                           start,
+                                           VM_MAP_PAGE_MASK(dst_map))) {
+                                       /* no longer map-aligned */
+                                       tmp_entry->map_aligned = FALSE;
+                               }
                                vm_map_clip_start(dst_map, tmp_entry, start);
                        }
                }
                                vm_map_clip_start(dst_map, tmp_entry, start);
                        }
                }
@@ -6944,35 +8637,33 @@ vm_map_copyin_kernel_buffer(
        vm_map_copy_t copy;
        vm_size_t kalloc_size;
 
        vm_map_copy_t copy;
        vm_size_t kalloc_size;
 
-       if ((vm_size_t) len != len) {
-               /* "len" is too big and doesn't fit in a "vm_size_t" */
-               return KERN_RESOURCE_SHORTAGE;
-       }
-       kalloc_size = (vm_size_t) (sizeof(struct vm_map_copy) + len);
-       assert((vm_map_size_t) kalloc_size == sizeof (struct vm_map_copy) + len);
+       if (len > msg_ool_size_small)
+               return KERN_INVALID_ARGUMENT;
 
 
-       copy = (vm_map_copy_t) kalloc(kalloc_size);
-       if (copy == VM_MAP_COPY_NULL) {
+       kalloc_size = (vm_size_t)(cpy_kdata_hdr_sz + len);
+
+       copy = (vm_map_copy_t)kalloc(kalloc_size);
+       if (copy == VM_MAP_COPY_NULL)
                return KERN_RESOURCE_SHORTAGE;
                return KERN_RESOURCE_SHORTAGE;
-       }
        copy->type = VM_MAP_COPY_KERNEL_BUFFER;
        copy->size = len;
        copy->offset = 0;
        copy->type = VM_MAP_COPY_KERNEL_BUFFER;
        copy->size = len;
        copy->offset = 0;
-       copy->cpy_kdata = (void *) (copy + 1);
-       copy->cpy_kalloc_size = kalloc_size;
 
 
-       kr = copyinmap(src_map, src_addr, copy->cpy_kdata, (vm_size_t) len);
+       kr = copyinmap(src_map, src_addr, copy->cpy_kdata, (vm_size_t)len);
        if (kr != KERN_SUCCESS) {
                kfree(copy, kalloc_size);
                return kr;
        }
        if (src_destroy) {
        if (kr != KERN_SUCCESS) {
                kfree(copy, kalloc_size);
                return kr;
        }
        if (src_destroy) {
-               (void) vm_map_remove(src_map, vm_map_trunc_page(src_addr), 
-                                    vm_map_round_page(src_addr + len),
-                                    VM_MAP_REMOVE_INTERRUPTIBLE |
-                                    VM_MAP_REMOVE_WAIT_FOR_KWIRE |
-                                    (src_map == kernel_map) ?
-                                    VM_MAP_REMOVE_KUNWIRE : 0);
+               (void) vm_map_remove(
+                       src_map,
+                       vm_map_trunc_page(src_addr,
+                                         VM_MAP_PAGE_MASK(src_map)), 
+                       vm_map_round_page(src_addr + len,
+                                         VM_MAP_PAGE_MASK(src_map)),
+                       (VM_MAP_REMOVE_INTERRUPTIBLE |
+                        VM_MAP_REMOVE_WAIT_FOR_KWIRE |
+                        ((src_map == kernel_map) ? VM_MAP_REMOVE_KUNWIRE : 0)));
        }
        *copy_result = copy;
        return KERN_SUCCESS;
        }
        *copy_result = copy;
        return KERN_SUCCESS;
@@ -6995,11 +8686,22 @@ vm_map_copyout_kernel_buffer(
        vm_map_t                map,
        vm_map_address_t        *addr,  /* IN/OUT */
        vm_map_copy_t           copy,
        vm_map_t                map,
        vm_map_address_t        *addr,  /* IN/OUT */
        vm_map_copy_t           copy,
-       boolean_t               overwrite)
+       vm_map_size_t           copy_size,
+       boolean_t               overwrite,
+       boolean_t               consume_on_success)
 {
        kern_return_t kr = KERN_SUCCESS;
        thread_t thread = current_thread();
 
 {
        kern_return_t kr = KERN_SUCCESS;
        thread_t thread = current_thread();
 
+       assert(copy->size == copy_size);
+
+       /*
+        * check for corrupted vm_map_copy structure
+        */
+       if (copy_size > msg_ool_size_small || copy->offset)
+               panic("Invalid vm_map_copy_t sz:%lld, ofst:%lld",
+                     (long long)copy->size, (long long)copy->offset);
+
        if (!overwrite) {
 
                /*
        if (!overwrite) {
 
                /*
@@ -7008,7 +8710,8 @@ vm_map_copyout_kernel_buffer(
                *addr = 0;
                kr = vm_map_enter(map, 
                                  addr, 
                *addr = 0;
                kr = vm_map_enter(map, 
                                  addr, 
-                                 vm_map_round_page(copy->size),
+                                 vm_map_round_page(copy_size,
+                                                   VM_MAP_PAGE_MASK(map)),
                                  (vm_map_offset_t) 0, 
                                  VM_FLAGS_ANYWHERE,
                                  VM_OBJECT_NULL, 
                                  (vm_map_offset_t) 0, 
                                  VM_FLAGS_ANYWHERE,
                                  VM_OBJECT_NULL, 
@@ -7030,8 +8733,8 @@ vm_map_copyout_kernel_buffer(
                 * If the target map is the current map, just do
                 * the copy.
                 */
                 * If the target map is the current map, just do
                 * the copy.
                 */
-               assert((vm_size_t) copy->size == copy->size);
-               if (copyout(copy->cpy_kdata, *addr, (vm_size_t) copy->size)) {
+               assert((vm_size_t)copy_size == copy_size);
+               if (copyout(copy->cpy_kdata, *addr, (vm_size_t)copy_size)) {
                        kr = KERN_INVALID_ADDRESS;
                }
        }
                        kr = KERN_INVALID_ADDRESS;
                }
        }
@@ -7046,8 +8749,8 @@ vm_map_copyout_kernel_buffer(
                vm_map_reference(map);
                oldmap = vm_map_switch(map);
 
                vm_map_reference(map);
                oldmap = vm_map_switch(map);
 
-               assert((vm_size_t) copy->size == copy->size);
-               if (copyout(copy->cpy_kdata, *addr, (vm_size_t) copy->size)) {
+               assert((vm_size_t)copy_size == copy_size);
+               if (copyout(copy->cpy_kdata, *addr, (vm_size_t)copy_size)) {
                        vm_map_copyout_kernel_buffer_failures++;
                        kr = KERN_INVALID_ADDRESS;
                }
                        vm_map_copyout_kernel_buffer_failures++;
                        kr = KERN_INVALID_ADDRESS;
                }
@@ -7062,16 +8765,22 @@ vm_map_copyout_kernel_buffer(
                        /*
                         * Deallocate the space we allocated in the target map.
                         */
                        /*
                         * Deallocate the space we allocated in the target map.
                         */
-                       (void) vm_map_remove(map,
-                                            vm_map_trunc_page(*addr),
-                                            vm_map_round_page(*addr +
-                                                              vm_map_round_page(copy->size)),
-                                            VM_MAP_NO_FLAGS);
+                       (void) vm_map_remove(
+                               map,
+                               vm_map_trunc_page(*addr,
+                                                 VM_MAP_PAGE_MASK(map)),
+                               vm_map_round_page((*addr +
+                                                  vm_map_round_page(copy_size,
+                                                                    VM_MAP_PAGE_MASK(map))),
+                                                 VM_MAP_PAGE_MASK(map)),
+                               VM_MAP_NO_FLAGS);
                        *addr = 0;
                }
        } else {
                /* copy was successful, dicard the copy structure */
                        *addr = 0;
                }
        } else {
                /* copy was successful, dicard the copy structure */
-               kfree(copy, copy->cpy_kalloc_size);
+               if (consume_on_success) {
+                       kfree(copy, copy_size + cpy_kdata_hdr_sz);
+               }
        }
 
        return kr;
        }
 
        return kr;
@@ -7094,6 +8803,115 @@ MACRO_BEGIN                                                             \
        zfree(vm_map_copy_zone, copy);          \
 MACRO_END
 
        zfree(vm_map_copy_zone, copy);          \
 MACRO_END
 
+void
+vm_map_copy_remap(
+       vm_map_t        map,
+       vm_map_entry_t  where,
+       vm_map_copy_t   copy,
+       vm_map_offset_t adjustment,
+       vm_prot_t       cur_prot,
+       vm_prot_t       max_prot,
+       vm_inherit_t    inheritance)
+{
+       vm_map_entry_t  copy_entry, new_entry;
+
+       for (copy_entry = vm_map_copy_first_entry(copy);
+            copy_entry != vm_map_copy_to_entry(copy);
+            copy_entry = copy_entry->vme_next) {
+               /* get a new VM map entry for the map */
+               new_entry = vm_map_entry_create(map,
+                                               !map->hdr.entries_pageable);
+               /* copy the "copy entry" to the new entry */
+               vm_map_entry_copy(new_entry, copy_entry);
+               /* adjust "start" and "end" */
+               new_entry->vme_start += adjustment;
+               new_entry->vme_end += adjustment;
+               /* clear some attributes */
+               new_entry->inheritance = inheritance;
+               new_entry->protection = cur_prot;
+               new_entry->max_protection = max_prot;
+               new_entry->behavior = VM_BEHAVIOR_DEFAULT;
+               /* take an extra reference on the entry's "object" */
+               if (new_entry->is_sub_map) {
+                       assert(!new_entry->use_pmap); /* not nested */
+                       vm_map_lock(VME_SUBMAP(new_entry));
+                       vm_map_reference(VME_SUBMAP(new_entry));
+                       vm_map_unlock(VME_SUBMAP(new_entry));
+               } else {
+                       vm_object_reference(VME_OBJECT(new_entry));
+               }
+               /* insert the new entry in the map */
+               vm_map_store_entry_link(map, where, new_entry);
+               /* continue inserting the "copy entries" after the new entry */
+               where = new_entry;
+       }
+}
+
+
+/*
+ * Returns true if *size matches (or is in the range of) copy->size.
+ * Upon returning true, the *size field is updated with the actual size of the
+ * copy object (may be different for VM_MAP_COPY_ENTRY_LIST types)
+ */
+boolean_t
+vm_map_copy_validate_size(
+       vm_map_t                dst_map,
+       vm_map_copy_t           copy,
+       vm_map_size_t           *size)
+{
+       if (copy == VM_MAP_COPY_NULL)
+               return FALSE;
+       vm_map_size_t copy_sz = copy->size;
+       vm_map_size_t sz = *size;
+       switch (copy->type) {
+       case VM_MAP_COPY_OBJECT:
+       case VM_MAP_COPY_KERNEL_BUFFER:
+               if (sz == copy_sz)
+                       return TRUE;
+               break;
+       case VM_MAP_COPY_ENTRY_LIST:
+               /*
+                * potential page-size rounding prevents us from exactly
+                * validating this flavor of vm_map_copy, but we can at least
+                * assert that it's within a range.
+                */
+               if (copy_sz >= sz &&
+                   copy_sz <= vm_map_round_page(sz, VM_MAP_PAGE_MASK(dst_map))) {
+                       *size = copy_sz;
+                       return TRUE;
+               }
+               break;
+       default:
+               break;
+       }
+       return FALSE;
+}
+
+/*
+ *     Routine:        vm_map_copyout_size
+ *
+ *     Description:
+ *             Copy out a copy chain ("copy") into newly-allocated
+ *             space in the destination map. Uses a prevalidated
+ *             size for the copy object (vm_map_copy_validate_size).
+ *
+ *             If successful, consumes the copy object.
+ *             Otherwise, the caller is responsible for it.
+ */
+kern_return_t
+vm_map_copyout_size(
+       vm_map_t                dst_map,
+       vm_map_address_t        *dst_addr,      /* OUT */
+       vm_map_copy_t           copy,
+       vm_map_size_t           copy_size)
+{
+       return vm_map_copyout_internal(dst_map, dst_addr, copy, copy_size,
+                                      TRUE, /* consume_on_success */
+                                      VM_PROT_DEFAULT,
+                                      VM_PROT_ALL,
+                                      VM_INHERIT_DEFAULT);
+}
+
 /*
  *     Routine:        vm_map_copyout
  *
 /*
  *     Routine:        vm_map_copyout
  *
@@ -7109,14 +8927,32 @@ vm_map_copyout(
        vm_map_t                dst_map,
        vm_map_address_t        *dst_addr,      /* OUT */
        vm_map_copy_t           copy)
        vm_map_t                dst_map,
        vm_map_address_t        *dst_addr,      /* OUT */
        vm_map_copy_t           copy)
+{
+       return vm_map_copyout_internal(dst_map, dst_addr, copy, copy ? copy->size : 0,
+                                      TRUE, /* consume_on_success */
+                                      VM_PROT_DEFAULT,
+                                      VM_PROT_ALL,
+                                      VM_INHERIT_DEFAULT);
+}
+
+kern_return_t
+vm_map_copyout_internal(
+       vm_map_t                dst_map,
+       vm_map_address_t        *dst_addr,      /* OUT */
+       vm_map_copy_t           copy,
+       vm_map_size_t           copy_size,
+       boolean_t               consume_on_success,
+       vm_prot_t               cur_protection,
+       vm_prot_t               max_protection,
+       vm_inherit_t            inheritance)
 {
        vm_map_size_t           size;
        vm_map_size_t           adjustment;
        vm_map_offset_t         start;
        vm_object_offset_t      vm_copy_start;
        vm_map_entry_t          last;
 {
        vm_map_size_t           size;
        vm_map_size_t           adjustment;
        vm_map_offset_t         start;
        vm_object_offset_t      vm_copy_start;
        vm_map_entry_t          last;
-       register
        vm_map_entry_t          entry;
        vm_map_entry_t          entry;
+       vm_map_entry_t          hole_entry;
 
        /*
         *      Check for null copy object.
 
        /*
         *      Check for null copy object.
@@ -7127,6 +8963,11 @@ vm_map_copyout(
                return(KERN_SUCCESS);
        }
 
                return(KERN_SUCCESS);
        }
 
+       if (copy->size != copy_size) {
+               *dst_addr = 0;
+               return KERN_FAILURE;
+       }
+
        /*
         *      Check for special copy object, created
         *      by vm_map_copyin_object.
        /*
         *      Check for special copy object, created
         *      by vm_map_copyin_object.
@@ -7138,8 +8979,10 @@ vm_map_copyout(
                vm_object_offset_t      offset;
 
                offset = vm_object_trunc_page(copy->offset);
                vm_object_offset_t      offset;
 
                offset = vm_object_trunc_page(copy->offset);
-               size = vm_map_round_page(copy->size + 
-                                        (vm_map_size_t)(copy->offset - offset));
+               size = vm_map_round_page((copy_size +
+                                         (vm_map_size_t)(copy->offset -
+                                                         offset)),
+                                        VM_MAP_PAGE_MASK(dst_map));
                *dst_addr = 0;
                kr = vm_map_enter(dst_map, dst_addr, size,
                                  (vm_map_offset_t) 0, VM_FLAGS_ANYWHERE,
                *dst_addr = 0;
                kr = vm_map_enter(dst_map, dst_addr, size,
                                  (vm_map_offset_t) 0, VM_FLAGS_ANYWHERE,
@@ -7150,7 +8993,8 @@ vm_map_copyout(
                        return(kr);
                /* Account for non-pagealigned copy object */
                *dst_addr += (vm_map_offset_t)(copy->offset - offset);
                        return(kr);
                /* Account for non-pagealigned copy object */
                *dst_addr += (vm_map_offset_t)(copy->offset - offset);
-               zfree(vm_map_copy_zone, copy);
+               if (consume_on_success)
+                       zfree(vm_map_copy_zone, copy);
                return(KERN_SUCCESS);
        }
 
                return(KERN_SUCCESS);
        }
 
@@ -7160,18 +9004,23 @@ vm_map_copyout(
         */
 
        if (copy->type == VM_MAP_COPY_KERNEL_BUFFER) {
         */
 
        if (copy->type == VM_MAP_COPY_KERNEL_BUFFER) {
-               return(vm_map_copyout_kernel_buffer(dst_map, dst_addr, 
-                                                   copy, FALSE));
+               return vm_map_copyout_kernel_buffer(dst_map, dst_addr,
+                                                   copy, copy_size, FALSE,
+                                                   consume_on_success);
        }
 
        }
 
+
        /*
         *      Find space for the data
         */
 
        /*
         *      Find space for the data
         */
 
-       vm_copy_start = vm_object_trunc_page(copy->offset);
-       size =  vm_map_round_page((vm_map_size_t)copy->offset + copy->size) 
+       vm_copy_start = vm_map_trunc_page((vm_map_size_t)copy->offset,
+                                         VM_MAP_COPY_PAGE_MASK(copy));
+       size = vm_map_round_page((vm_map_size_t)copy->offset + copy_size,
+                                VM_MAP_COPY_PAGE_MASK(copy))
                - vm_copy_start;
 
                - vm_copy_start;
 
+
 StartAgain: ;
 
        vm_map_lock(dst_map);
 StartAgain: ;
 
        vm_map_lock(dst_map);
@@ -7179,9 +9028,26 @@ StartAgain: ;
                VM_MAP_HIGHEST_ENTRY(dst_map, entry, start);
                last = entry;
        } else {
                VM_MAP_HIGHEST_ENTRY(dst_map, entry, start);
                last = entry;
        } else {
-               assert(first_free_is_valid(dst_map));
-               start = ((last = dst_map->first_free) == vm_map_to_entry(dst_map)) ?
-               vm_map_min(dst_map) : last->vme_end;
+               if (dst_map->holelistenabled) {
+                       hole_entry = (vm_map_entry_t)dst_map->holes_list;
+
+                       if (hole_entry == NULL) {
+                               /*
+                                * No more space in the map?
+                                */
+                               vm_map_unlock(dst_map);
+                               return(KERN_NO_SPACE);
+                       }
+
+                       last = hole_entry;
+                       start = last->vme_start;
+               } else {
+                       assert(first_free_is_valid(dst_map));
+                       start = ((last = dst_map->first_free) == vm_map_to_entry(dst_map)) ?
+                       vm_map_min(dst_map) : last->vme_end;
+               }
+               start = vm_map_round_page(start,
+                                         VM_MAP_PAGE_MASK(dst_map));
        }
 
        while (TRUE) {
        }
 
        while (TRUE) {
@@ -7202,12 +9068,64 @@ StartAgain: ;
                        return(KERN_NO_SPACE);
                }
 
                        return(KERN_NO_SPACE);
                }
 
-               if ((next == vm_map_to_entry(dst_map)) ||
-                   (next->vme_start >= end))
-                       break;
+               if (dst_map->holelistenabled) {
+                       if (last->vme_end >= end)
+                               break;
+               } else {
+                       /*
+                        *      If there are no more entries, we must win.
+                        *
+                        *      OR
+                        *
+                        *      If there is another entry, it must be
+                        *      after the end of the potential new region.
+                        */
+
+                       if (next == vm_map_to_entry(dst_map))
+                               break;
+
+                       if (next->vme_start >= end)
+                               break;
+               }
 
                last = next;
 
                last = next;
-               start = last->vme_end;
+
+               if (dst_map->holelistenabled) {
+                       if (last == (vm_map_entry_t) dst_map->holes_list) {
+                               /*
+                                * Wrapped around
+                                */
+                               vm_map_unlock(dst_map);
+                               return(KERN_NO_SPACE);
+                       }
+                       start = last->vme_start;
+               } else {
+                       start = last->vme_end;
+               }
+               start = vm_map_round_page(start,
+                                         VM_MAP_PAGE_MASK(dst_map));
+       }
+
+       if (dst_map->holelistenabled) {
+               if (vm_map_lookup_entry(dst_map, last->vme_start, &last)) {
+                       panic("Found an existing entry (%p) instead of potential hole at address: 0x%llx.\n", last, (unsigned long long)last->vme_start);
+               }
+       }
+
+
+       adjustment = start - vm_copy_start;
+       if (! consume_on_success) {
+               /*
+                * We're not allowed to consume "copy", so we'll have to
+                * copy its map entries into the destination map below.
+                * No need to re-allocate map entries from the correct
+                * (pageable or not) zone, since we'll get new map entries
+                * during the transfer.
+                * We'll also adjust the map entries's "start" and "end"
+                * during the transfer, to keep "copy"'s entries consistent
+                * with its "offset".
+                */
+               goto after_adjustments;
        }
 
        /*
        }
 
        /*
@@ -7227,9 +9145,7 @@ StartAgain: ;
                /*
                 * Find the zone that the copies were allocated from
                 */
                /*
                 * Find the zone that the copies were allocated from
                 */
-               old_zone = (copy->cpy_hdr.entries_pageable)
-                       ? vm_map_entry_zone
-                       : vm_map_kentry_zone;
+
                entry = vm_map_copy_first_entry(copy);
 
                /*
                entry = vm_map_copy_first_entry(copy);
 
                /*
@@ -7243,13 +9159,18 @@ StartAgain: ;
                 * Copy each entry.
                 */
                while (entry != vm_map_copy_to_entry(copy)) {
                 * Copy each entry.
                 */
                while (entry != vm_map_copy_to_entry(copy)) {
-                       new = vm_map_copy_entry_create(copy);
+                       new = vm_map_copy_entry_create(copy, !copy->cpy_hdr.entries_pageable);
                        vm_map_entry_copy_full(new, entry);
                        vm_map_entry_copy_full(new, entry);
-                       new->use_pmap = FALSE;  /* clr address space specifics */
+                       assert(!new->iokit_acct);
+                       if (new->is_sub_map) {
+                               /* clr address space specifics */
+                               new->use_pmap = FALSE;
+                       }
                        vm_map_copy_entry_link(copy,
                                               vm_map_copy_last_entry(copy),
                                               new);
                        next = entry->vme_next;
                        vm_map_copy_entry_link(copy,
                                               vm_map_copy_last_entry(copy),
                                               new);
                        next = entry->vme_next;
+                       old_zone = entry->from_reserved_zone ? vm_map_entry_reserved_zone : vm_map_entry_zone;
                        zfree(old_zone, entry);
                        entry = next;
                }
                        zfree(old_zone, entry);
                        entry = next;
                }
@@ -7260,13 +9181,29 @@ StartAgain: ;
         *      reset the region attributes.
         */
 
         *      reset the region attributes.
         */
 
-       adjustment = start - vm_copy_start;
        for (entry = vm_map_copy_first_entry(copy);
             entry != vm_map_copy_to_entry(copy);
             entry = entry->vme_next) {
        for (entry = vm_map_copy_first_entry(copy);
             entry != vm_map_copy_to_entry(copy);
             entry = entry->vme_next) {
+               if (VM_MAP_PAGE_SHIFT(dst_map) == PAGE_SHIFT) {
+                       /*
+                        * We're injecting this copy entry into a map that
+                        * has the standard page alignment, so clear
+                        * "map_aligned" (which might have been inherited
+                        * from the original map entry).
+                        */
+                       entry->map_aligned = FALSE;
+               }
+
                entry->vme_start += adjustment;
                entry->vme_end += adjustment;
 
                entry->vme_start += adjustment;
                entry->vme_end += adjustment;
 
+               if (entry->map_aligned) {
+                       assert(VM_MAP_PAGE_ALIGNED(entry->vme_start,
+                                                  VM_MAP_PAGE_MASK(dst_map)));
+                       assert(VM_MAP_PAGE_ALIGNED(entry->vme_end,
+                                                  VM_MAP_PAGE_MASK(dst_map)));
+               }
+
                entry->inheritance = VM_INHERIT_DEFAULT;
                entry->protection = VM_PROT_DEFAULT;
                entry->max_protection = VM_PROT_ALL;
                entry->inheritance = VM_INHERIT_DEFAULT;
                entry->protection = VM_PROT_DEFAULT;
                entry->max_protection = VM_PROT_ALL;
@@ -7277,14 +9214,14 @@ StartAgain: ;
                 * map the pages into the destination map.
                 */
                if (entry->wired_count != 0) {
                 * map the pages into the destination map.
                 */
                if (entry->wired_count != 0) {
-                       register vm_map_offset_t va;
+                       vm_map_offset_t va;
                        vm_object_offset_t       offset;
                        vm_object_offset_t       offset;
-                       register vm_object_t object;
+                       vm_object_t object;
                        vm_prot_t prot;
                        int     type_of_fault;
 
                        vm_prot_t prot;
                        int     type_of_fault;
 
-                       object = entry->object.vm_object;
-                       offset = entry->offset;
+                       object = VME_OBJECT(entry);
+                       offset = VME_OFFSET(entry);
                        va = entry->vme_start;
 
                        pmap_pageable(dst_map->pmap,
                        va = entry->vme_start;
 
                        pmap_pageable(dst_map->pmap,
@@ -7293,7 +9230,7 @@ StartAgain: ;
                                      TRUE);
 
                        while (va < entry->vme_end) {
                                      TRUE);
 
                        while (va < entry->vme_end) {
-                               register vm_page_t      m;
+                               vm_page_t       m;
 
                                /*
                                 * Look up the page in the object.
 
                                /*
                                 * Look up the page in the object.
@@ -7331,14 +9268,21 @@ StartAgain: ;
 
                                prot = entry->protection;
 
 
                                prot = entry->protection;
 
-                               if (override_nx(dst_map, entry->alias) && prot)
+                               if (override_nx(dst_map, VME_ALIAS(entry)) &&
+                                   prot)
                                        prot |= VM_PROT_EXECUTE;
 
                                type_of_fault = DBG_CACHE_HIT_FAULT;
 
                                vm_fault_enter(m, dst_map->pmap, va, prot, prot,
                                        prot |= VM_PROT_EXECUTE;
 
                                type_of_fault = DBG_CACHE_HIT_FAULT;
 
                                vm_fault_enter(m, dst_map->pmap, va, prot, prot,
-                                              VM_PAGE_WIRED(m), FALSE, FALSE, FALSE,
-                                              &type_of_fault);
+                                              VM_PAGE_WIRED(m), FALSE, FALSE,
+                                              FALSE, VME_ALIAS(entry),
+                                              ((entry->iokit_acct ||
+                                                (!entry->is_sub_map &&
+                                                 !entry->use_pmap))
+                                               ? PMAP_OPTIONS_ALT_ACCT
+                                               : 0),
+                                              NULL, &type_of_fault);
 
                                vm_object_unlock(object);
 
 
                                vm_object_unlock(object);
 
@@ -7348,6 +9292,8 @@ StartAgain: ;
                }
        }
 
                }
        }
 
+after_adjustments:
+
        /*
         *      Correct the page alignment for the result
         */
        /*
         *      Correct the page alignment for the result
         */
@@ -7358,7 +9304,11 @@ StartAgain: ;
         *      Update the hints and the map size
         */
 
         *      Update the hints and the map size
         */
 
-       SAVE_HINT_MAP_WRITE(dst_map, vm_map_copy_last_entry(copy));
+       if (consume_on_success) {
+               SAVE_HINT_MAP_WRITE(dst_map, vm_map_copy_last_entry(copy));
+       } else {
+               SAVE_HINT_MAP_WRITE(dst_map, last);
+       }
 
        dst_map->size += size;
 
 
        dst_map->size += size;
 
@@ -7366,7 +9316,13 @@ StartAgain: ;
         *      Link in the copy
         */
 
         *      Link in the copy
         */
 
-       vm_map_copy_insert(dst_map, last, copy);
+       if (consume_on_success) {
+               vm_map_copy_insert(dst_map, last, copy);
+       } else {
+               vm_map_copy_remap(dst_map, last, copy, adjustment,
+                                 cur_protection, max_protection,
+                                 inheritance);
+       }
 
        vm_map_unlock(dst_map);
 
 
        vm_map_unlock(dst_map);
 
@@ -7435,13 +9391,35 @@ vm_map_copyin_common(
        __unused boolean_t      src_volatile,
        vm_map_copy_t   *copy_result,   /* OUT */
        boolean_t       use_maxprot)
        __unused boolean_t      src_volatile,
        vm_map_copy_t   *copy_result,   /* OUT */
        boolean_t       use_maxprot)
+{
+       int flags;
+
+       flags = 0;
+       if (src_destroy) {
+               flags |= VM_MAP_COPYIN_SRC_DESTROY;
+       }
+       if (use_maxprot) {
+               flags |= VM_MAP_COPYIN_USE_MAXPROT;
+       }
+       return vm_map_copyin_internal(src_map,
+                                     src_addr,
+                                     len,
+                                     flags,
+                                     copy_result);
+}
+kern_return_t
+vm_map_copyin_internal(
+       vm_map_t        src_map,
+       vm_map_address_t src_addr,
+       vm_map_size_t   len,
+       int             flags,
+       vm_map_copy_t   *copy_result)   /* OUT */
 {
        vm_map_entry_t  tmp_entry;      /* Result of last map lookup --
                                         * in multi-level lookup, this
                                         * entry contains the actual
                                         * vm_object/offset.
                                         */
 {
        vm_map_entry_t  tmp_entry;      /* Result of last map lookup --
                                         * in multi-level lookup, this
                                         * entry contains the actual
                                         * vm_object/offset.
                                         */
-       register
        vm_map_entry_t  new_entry = VM_MAP_ENTRY_NULL;  /* Map entry for copy */
 
        vm_map_offset_t src_start;      /* Start of current entry --
        vm_map_entry_t  new_entry = VM_MAP_ENTRY_NULL;  /* Map entry for copy */
 
        vm_map_offset_t src_start;      /* Start of current entry --
@@ -7454,9 +9432,21 @@ vm_map_copyin_common(
        boolean_t       map_share=FALSE;
        submap_map_t    *parent_maps = NULL;
 
        boolean_t       map_share=FALSE;
        submap_map_t    *parent_maps = NULL;
 
-       register
        vm_map_copy_t   copy;           /* Resulting copy */
        vm_map_copy_t   copy;           /* Resulting copy */
-       vm_map_address_t        copy_addr;
+       vm_map_address_t copy_addr;
+       vm_map_size_t   copy_size;
+       boolean_t       src_destroy;
+       boolean_t       use_maxprot;
+       boolean_t       preserve_purgeable;
+
+       if (flags & ~VM_MAP_COPYIN_ALL_FLAGS) {
+               return KERN_INVALID_ARGUMENT;
+       }
+               
+       src_destroy = (flags & VM_MAP_COPYIN_SRC_DESTROY) ? TRUE : FALSE;
+       use_maxprot = (flags & VM_MAP_COPYIN_USE_MAXPROT) ? TRUE : FALSE;
+       preserve_purgeable =
+               (flags & VM_MAP_COPYIN_PRESERVE_PURGEABLE) ? TRUE : FALSE;
 
        /*
         *      Check for copies of zero bytes.
 
        /*
         *      Check for copies of zero bytes.
@@ -7474,22 +9464,38 @@ vm_map_copyin_common(
        if (src_end < src_addr)
                return KERN_INVALID_ADDRESS;
 
        if (src_end < src_addr)
                return KERN_INVALID_ADDRESS;
 
+       /*
+        *      Compute (page aligned) start and end of region
+        */
+       src_start = vm_map_trunc_page(src_addr,
+                                     VM_MAP_PAGE_MASK(src_map));
+       src_end = vm_map_round_page(src_end,
+                                   VM_MAP_PAGE_MASK(src_map));
+
        /*
         * If the copy is sufficiently small, use a kernel buffer instead
         * of making a virtual copy.  The theory being that the cost of
         * setting up VM (and taking C-O-W faults) dominates the copy costs
         * for small regions.
         */
        /*
         * If the copy is sufficiently small, use a kernel buffer instead
         * of making a virtual copy.  The theory being that the cost of
         * setting up VM (and taking C-O-W faults) dominates the copy costs
         * for small regions.
         */
-       if ((len < msg_ool_size_small) && !use_maxprot)
+       if ((len < msg_ool_size_small) &&
+           !use_maxprot &&
+           !preserve_purgeable &&
+           !(flags & VM_MAP_COPYIN_ENTRY_LIST) &&
+           /*
+            * Since the "msg_ool_size_small" threshold was increased and
+            * vm_map_copyin_kernel_buffer() doesn't handle accesses beyond the
+            * address space limits, we revert to doing a virtual copy if the
+            * copied range goes beyond those limits.  Otherwise, mach_vm_read()
+            * of the commpage would now fail when it used to work.
+            */
+           (src_start >= vm_map_min(src_map) &&
+            src_start < vm_map_max(src_map) &&
+            src_end >= vm_map_min(src_map) &&
+            src_end < vm_map_max(src_map)))
                return vm_map_copyin_kernel_buffer(src_map, src_addr, len,
                                                   src_destroy, copy_result);
 
                return vm_map_copyin_kernel_buffer(src_map, src_addr, len,
                                                   src_destroy, copy_result);
 
-       /*
-        *      Compute (page aligned) start and end of region
-        */
-       src_start = vm_map_trunc_page(src_addr);
-       src_end = vm_map_round_page(src_end);
-
        XPR(XPR_VM_MAP, "vm_map_copyin_common map 0x%x addr 0x%x len 0x%x dest %d\n", src_map, src_addr, len, src_destroy, 0);
 
        /*
        XPR(XPR_VM_MAP, "vm_map_copyin_common map 0x%x addr 0x%x len 0x%x dest %d\n", src_map, src_addr, len, src_destroy, 0);
 
        /*
@@ -7500,18 +9506,31 @@ vm_map_copyin_common(
         */
 
        copy = (vm_map_copy_t) zalloc(vm_map_copy_zone);
         */
 
        copy = (vm_map_copy_t) zalloc(vm_map_copy_zone);
+       copy->c_u.hdr.rb_head_store.rbh_root = (void*)(int)SKIP_RB_TREE;
        vm_map_copy_first_entry(copy) =
                vm_map_copy_last_entry(copy) = vm_map_copy_to_entry(copy);
        copy->type = VM_MAP_COPY_ENTRY_LIST;
        copy->cpy_hdr.nentries = 0;
        copy->cpy_hdr.entries_pageable = TRUE;
        vm_map_copy_first_entry(copy) =
                vm_map_copy_last_entry(copy) = vm_map_copy_to_entry(copy);
        copy->type = VM_MAP_COPY_ENTRY_LIST;
        copy->cpy_hdr.nentries = 0;
        copy->cpy_hdr.entries_pageable = TRUE;
+#if 00
+       copy->cpy_hdr.page_shift = src_map->hdr.page_shift;
+#else
+       /*
+        * The copy entries can be broken down for a variety of reasons,
+        * so we can't guarantee that they will remain map-aligned...
+        * Will need to adjust the first copy_entry's "vme_start" and
+        * the last copy_entry's "vme_end" to be rounded to PAGE_MASK
+        * rather than the original map's alignment.
+        */
+       copy->cpy_hdr.page_shift = PAGE_SHIFT;
+#endif
 
        vm_map_store_init( &(copy->cpy_hdr) );
 
        copy->offset = src_addr;
        copy->size = len;
        
 
        vm_map_store_init( &(copy->cpy_hdr) );
 
        copy->offset = src_addr;
        copy->size = len;
        
-       new_entry = vm_map_copy_entry_create(copy);
+       new_entry = vm_map_copy_entry_create(copy, !copy->cpy_hdr.entries_pageable);
 
 #define        RETURN(x)                                               \
        MACRO_BEGIN                                             \
 
 #define        RETURN(x)                                               \
        MACRO_BEGIN                                             \
@@ -7540,11 +9559,28 @@ vm_map_copyin_common(
 
        vm_map_lock(src_map);
 
 
        vm_map_lock(src_map);
 
-       if (!vm_map_lookup_entry(src_map, src_start, &tmp_entry))
+       /*
+        * Lookup the original "src_addr" rather than the truncated
+        * "src_start", in case "src_start" falls in a non-map-aligned
+        * map entry *before* the map entry that contains "src_addr"...
+        */
+       if (!vm_map_lookup_entry(src_map, src_addr, &tmp_entry))
                RETURN(KERN_INVALID_ADDRESS);
        if(!tmp_entry->is_sub_map) {
                RETURN(KERN_INVALID_ADDRESS);
        if(!tmp_entry->is_sub_map) {
+               /*
+                * ... but clip to the map-rounded "src_start" rather than
+                * "src_addr" to preserve map-alignment.  We'll adjust the
+                * first copy entry at the end, if needed.
+                */
                vm_map_clip_start(src_map, tmp_entry, src_start);
        }
                vm_map_clip_start(src_map, tmp_entry, src_start);
        }
+       if (src_start < tmp_entry->vme_start) {
+               /*
+                * Move "src_start" up to the start of the
+                * first map entry to copy.
+                */
+               src_start = tmp_entry->vme_start;
+       }
        /* set for later submap fix-up */
        copy_addr = src_start;
 
        /* set for later submap fix-up */
        copy_addr = src_start;
 
@@ -7553,14 +9589,12 @@ vm_map_copyin_common(
         */
 
        while (TRUE) {
         */
 
        while (TRUE) {
-               register
                vm_map_entry_t  src_entry = tmp_entry;  /* Top-level entry */
                vm_map_size_t   src_size;               /* Size of source
                                                         * map entry (in both
                                                         * maps)
                                                         */
 
                vm_map_entry_t  src_entry = tmp_entry;  /* Top-level entry */
                vm_map_size_t   src_size;               /* Size of source
                                                         * map entry (in both
                                                         * maps)
                                                         */
 
-               register
                vm_object_t             src_object;     /* Object to copy */
                vm_object_offset_t      src_offset;
 
                vm_object_t             src_object;     /* Object to copy */
                vm_object_offset_t      src_offset;
 
@@ -7594,9 +9628,9 @@ vm_map_copyin_common(
                        ptr->base_len = submap_len;
        
                        src_start -= tmp_entry->vme_start;
                        ptr->base_len = submap_len;
        
                        src_start -= tmp_entry->vme_start;
-                       src_start += tmp_entry->offset;
+                       src_start += VME_OFFSET(tmp_entry);
                        src_end = src_start + submap_len;
                        src_end = src_start + submap_len;
-                       src_map = tmp_entry->object.sub_map;
+                       src_map = VME_SUBMAP(tmp_entry);
                        vm_map_lock(src_map);
                        /* keep an outstanding reference for all maps in */
                        /* the parents tree except the base map */
                        vm_map_lock(src_map);
                        /* keep an outstanding reference for all maps in */
                        /* the parents tree except the base map */
@@ -7612,8 +9646,8 @@ vm_map_copyin_common(
                }
                /* we are now in the lowest level submap... */
 
                }
                /* we are now in the lowest level submap... */
 
-               if ((tmp_entry->object.vm_object != VM_OBJECT_NULL) && 
-                   (tmp_entry->object.vm_object->phys_contiguous)) {
+               if ((VME_OBJECT(tmp_entry) != VM_OBJECT_NULL) && 
+                   (VME_OBJECT(tmp_entry)->phys_contiguous)) {
                        /* This is not, supported for now.In future */
                        /* we will need to detect the phys_contig   */
                        /* condition and then upgrade copy_slowly   */
                        /* This is not, supported for now.In future */
                        /* we will need to detect the phys_contig   */
                        /* condition and then upgrade copy_slowly   */
@@ -7633,7 +9667,7 @@ vm_map_copyin_common(
                        version.main_timestamp = src_map->timestamp;
                        vm_map_unlock(src_map);
 
                        version.main_timestamp = src_map->timestamp;
                        vm_map_unlock(src_map);
 
-                       new_entry = vm_map_copy_entry_create(copy);
+                       new_entry = vm_map_copy_entry_create(copy, !copy->cpy_hdr.entries_pageable);
 
                        vm_map_lock(src_map);
                        if ((version.main_timestamp + 1) != src_map->timestamp) {
 
                        vm_map_lock(src_map);
                        if ((version.main_timestamp + 1) != src_map->timestamp) {
@@ -7662,21 +9696,26 @@ vm_map_copyin_common(
                vm_map_clip_end(src_map, src_entry, src_end);
 
                src_size = src_entry->vme_end - src_start;
                vm_map_clip_end(src_map, src_entry, src_end);
 
                src_size = src_entry->vme_end - src_start;
-               src_object = src_entry->object.vm_object;
-               src_offset = src_entry->offset;
+               src_object = VME_OBJECT(src_entry);
+               src_offset = VME_OFFSET(src_entry);
                was_wired = (src_entry->wired_count != 0);
 
                vm_map_entry_copy(new_entry, src_entry);
                was_wired = (src_entry->wired_count != 0);
 
                vm_map_entry_copy(new_entry, src_entry);
-               new_entry->use_pmap = FALSE; /* clr address space specifics */
+               if (new_entry->is_sub_map) {
+                       /* clr address space specifics */
+                       new_entry->use_pmap = FALSE;
+               }
 
                /*
                 *      Attempt non-blocking copy-on-write optimizations.
                 */
 
 
                /*
                 *      Attempt non-blocking copy-on-write optimizations.
                 */
 
-               if (src_destroy && 
-                   (src_object == VM_OBJECT_NULL || 
-                    (src_object->internal && !src_object->true_share
-                     && !map_share))) {
+               if (src_destroy &&
+                   (src_object == VM_OBJECT_NULL ||
+                    (src_object->internal &&
+                     src_object->copy_strategy != MEMORY_OBJECT_COPY_DELAY &&
+                     !src_object->true_share &&
+                     !map_share))) {
                        /*
                         * If we are destroying the source, and the object
                         * is internal, we can move the object reference
                        /*
                         * If we are destroying the source, and the object
                         * is internal, we can move the object reference
@@ -7698,12 +9737,12 @@ vm_map_copyin_common(
 
        RestartCopy:
                XPR(XPR_VM_MAP, "vm_map_copyin_common src_obj 0x%x ent 0x%x obj 0x%x was_wired %d\n",
 
        RestartCopy:
                XPR(XPR_VM_MAP, "vm_map_copyin_common src_obj 0x%x ent 0x%x obj 0x%x was_wired %d\n",
-                   src_object, new_entry, new_entry->object.vm_object,
+                   src_object, new_entry, VME_OBJECT(new_entry),
                    was_wired, 0);
                if ((src_object == VM_OBJECT_NULL ||
                     (!was_wired && !map_share && !tmp_entry->is_shared)) &&
                    vm_object_copy_quickly(
                    was_wired, 0);
                if ((src_object == VM_OBJECT_NULL ||
                     (!was_wired && !map_share && !tmp_entry->is_shared)) &&
                    vm_object_copy_quickly(
-                           &new_entry->object.vm_object,
+                           &VME_OBJECT(new_entry),
                            src_offset,
                            src_size,
                            &src_needs_copy,
                            src_offset,
                            src_size,
                            &src_needs_copy,
@@ -7720,7 +9759,8 @@ vm_map_copyin_common(
 
                                prot = src_entry->protection & ~VM_PROT_WRITE;
 
 
                                prot = src_entry->protection & ~VM_PROT_WRITE;
 
-                               if (override_nx(src_map, src_entry->alias) && prot)
+                               if (override_nx(src_map, VME_ALIAS(src_entry))
+                                   && prot)
                                        prot |= VM_PROT_EXECUTE;
 
                                vm_object_pmap_protect(
                                        prot |= VM_PROT_EXECUTE;
 
                                vm_object_pmap_protect(
@@ -7733,6 +9773,7 @@ vm_map_copyin_common(
                                        src_entry->vme_start,
                                        prot);
 
                                        src_entry->vme_start,
                                        prot);
 
+                               assert(tmp_entry->wired_count == 0);
                                tmp_entry->needs_copy = TRUE;
                        }
 
                                tmp_entry->needs_copy = TRUE;
                        }
 
@@ -7773,8 +9814,8 @@ vm_map_copyin_common(
                                src_offset,
                                src_size,
                                THREAD_UNINT,
                                src_offset,
                                src_size,
                                THREAD_UNINT,
-                               &new_entry->object.vm_object);
-                       new_entry->offset = 0;
+                               &VME_OBJECT(new_entry));
+                       VME_OFFSET_SET(new_entry, 0);
                        new_entry->needs_copy = FALSE;
 
                }
                        new_entry->needs_copy = FALSE;
 
                }
@@ -7791,21 +9832,61 @@ vm_map_copyin_common(
                        if (new_object == VM_OBJECT_NULL)
                                goto CopySlowly;
 
                        if (new_object == VM_OBJECT_NULL)
                                goto CopySlowly;
 
-                       new_entry->object.vm_object = new_object;
+                       VME_OBJECT_SET(new_entry, new_object);
+                       assert(new_entry->wired_count == 0);
                        new_entry->needs_copy = TRUE;
                        new_entry->needs_copy = TRUE;
+                       assert(!new_entry->iokit_acct);
+                       assert(new_object->purgable == VM_PURGABLE_DENY);
+                       new_entry->use_pmap = TRUE;
                        result = KERN_SUCCESS;
 
                } else {
                        result = KERN_SUCCESS;
 
                } else {
+                       vm_object_offset_t new_offset;
+                       new_offset = VME_OFFSET(new_entry);
                        result = vm_object_copy_strategically(src_object,
                                                              src_offset,
                                                              src_size,
                        result = vm_object_copy_strategically(src_object,
                                                              src_offset,
                                                              src_size,
-                                                             &new_entry->object.vm_object,
-                                                             &new_entry->offset,
+                                                             &VME_OBJECT(new_entry),
+                                                             &new_offset,
                                                              &new_entry_needs_copy);
                                                              &new_entry_needs_copy);
+                       if (new_offset != VME_OFFSET(new_entry)) {
+                               VME_OFFSET_SET(new_entry, new_offset);
+                       }
 
                        new_entry->needs_copy = new_entry_needs_copy;
                }
 
 
                        new_entry->needs_copy = new_entry_needs_copy;
                }
 
+               if (result == KERN_SUCCESS &&
+                   preserve_purgeable &&
+                   src_object->purgable != VM_PURGABLE_DENY) {
+                       vm_object_t     new_object;
+
+                       new_object = VME_OBJECT(new_entry);
+                       assert(new_object != src_object);
+                       vm_object_lock(new_object);
+                       assert(new_object->ref_count == 1);
+                       assert(new_object->shadow == VM_OBJECT_NULL);
+                       assert(new_object->copy == VM_OBJECT_NULL);
+                       assert(new_object->vo_purgeable_owner == NULL);
+
+                       new_object->copy_strategy = MEMORY_OBJECT_COPY_NONE;
+                       new_object->true_share = TRUE;
+                       /* start as non-volatile with no owner... */
+                       new_object->purgable = VM_PURGABLE_NONVOLATILE;
+                       vm_purgeable_nonvolatile_enqueue(new_object, NULL);
+                       /* ... and move to src_object's purgeable state */
+                       if (src_object->purgable != VM_PURGABLE_NONVOLATILE) {
+                               int state;
+                               state = src_object->purgable;
+                               vm_object_purgable_control(
+                                       new_object,
+                                       VM_PURGABLE_SET_STATE,
+                                       &state);
+                       }
+                       vm_object_unlock(new_object);
+                       new_object = VM_OBJECT_NULL;
+               }
+
                if (result != KERN_SUCCESS &&
                    result != KERN_MEMORY_RESTART_COPY) {
                        vm_map_lock(src_map);
                if (result != KERN_SUCCESS &&
                    result != KERN_MEMORY_RESTART_COPY) {
                        vm_map_lock(src_map);
@@ -7841,6 +9922,12 @@ vm_map_copyin_common(
                 */
 
                if (!vm_map_lookup_entry(src_map, src_start, &tmp_entry)) {
                 */
 
                if (!vm_map_lookup_entry(src_map, src_start, &tmp_entry)) {
+                       if (result != KERN_MEMORY_RESTART_COPY) {
+                               vm_object_deallocate(VME_OBJECT(new_entry));
+                               VME_OBJECT_SET(new_entry, VM_OBJECT_NULL);
+                               assert(!new_entry->iokit_acct);
+                               new_entry->use_pmap = TRUE;
+                       }
                        RETURN(KERN_INVALID_ADDRESS);
                }
 
                        RETURN(KERN_INVALID_ADDRESS);
                }
 
@@ -7852,11 +9939,40 @@ vm_map_copyin_common(
                    ((src_entry->max_protection & VM_PROT_READ) == 0))
                        goto VerificationFailed;
 
                    ((src_entry->max_protection & VM_PROT_READ) == 0))
                        goto VerificationFailed;
 
-               if (src_entry->vme_end < new_entry->vme_end)
-                       src_size = (new_entry->vme_end = src_entry->vme_end) - src_start;
+               if (src_entry->vme_end < new_entry->vme_end) {
+                       /*
+                        * This entry might have been shortened
+                        * (vm_map_clip_end) or been replaced with
+                        * an entry that ends closer to "src_start"
+                        * than before.
+                        * Adjust "new_entry" accordingly; copying
+                        * less memory would be correct but we also
+                        * redo the copy (see below) if the new entry
+                        * no longer points at the same object/offset.
+                        */
+                       assert(VM_MAP_PAGE_ALIGNED(src_entry->vme_end,
+                                                  VM_MAP_COPY_PAGE_MASK(copy)));
+                       new_entry->vme_end = src_entry->vme_end;
+                       src_size = new_entry->vme_end - src_start;
+               } else if (src_entry->vme_end > new_entry->vme_end) {
+                       /*
+                        * This entry might have been extended
+                        * (vm_map_entry_simplify() or coalesce)
+                        * or been replaced with an entry that ends farther
+                        * from "src_start" than before. 
+                        *
+                        * We've called vm_object_copy_*() only on
+                        * the previous <start:end> range, so we can't
+                        * just extend new_entry.  We have to re-do
+                        * the copy based on the new entry as if it was
+                        * pointing at a different object/offset (see
+                        * "Verification failed" below).
+                        */
+               }
 
 
-               if ((src_entry->object.vm_object != src_object) ||
-                   (src_entry->offset != src_offset) ) {
+               if ((VME_OBJECT(src_entry) != src_object) ||
+                   (VME_OFFSET(src_entry) != src_offset) ||
+                   (src_entry->vme_end > new_entry->vme_end)) {
 
                        /*
                         *      Verification failed.
 
                        /*
                         *      Verification failed.
@@ -7866,7 +9982,7 @@ vm_map_copyin_common(
 
                VerificationFailed: ;
 
 
                VerificationFailed: ;
 
-                       vm_object_deallocate(new_entry->object.vm_object);
+                       vm_object_deallocate(VME_OBJECT(new_entry));
                        tmp_entry = src_entry;
                        continue;
                }
                        tmp_entry = src_entry;
                        continue;
                }
@@ -7901,36 +10017,60 @@ vm_map_copyin_common(
                src_start = new_entry->vme_end;
                new_entry = VM_MAP_ENTRY_NULL;
                while ((src_start >= src_end) && (src_end != 0)) {
                src_start = new_entry->vme_end;
                new_entry = VM_MAP_ENTRY_NULL;
                while ((src_start >= src_end) && (src_end != 0)) {
-                       if (src_map != base_map) {
-                               submap_map_t    *ptr;
-
-                               ptr = parent_maps;
-                               assert(ptr != NULL);
-                               parent_maps = parent_maps->next;
-
-                               /* fix up the damage we did in that submap */
-                               vm_map_simplify_range(src_map,
-                                                     src_base,
-                                                     src_end);
-
-                               vm_map_unlock(src_map);
-                               vm_map_deallocate(src_map);
-                               vm_map_lock(ptr->parent_map);
-                               src_map = ptr->parent_map;
-                               src_base = ptr->base_start;
-                               src_start = ptr->base_start + ptr->base_len;
-                               src_end = ptr->base_end;
-                               if ((src_end > src_start) &&
-                                   !vm_map_lookup_entry(
-                                           src_map, src_start, &tmp_entry))
-                                       RETURN(KERN_INVALID_ADDRESS);
-                               kfree(ptr, sizeof(submap_map_t));
-                               if(parent_maps == NULL)
-                                       map_share = FALSE;
-                               src_entry = tmp_entry->vme_prev;
-                       } else
+                       submap_map_t    *ptr;
+
+                       if (src_map == base_map) {
+                               /* back to the top */
                                break;
                                break;
+                       }
+
+                       ptr = parent_maps;
+                       assert(ptr != NULL);
+                       parent_maps = parent_maps->next;
+
+                       /* fix up the damage we did in that submap */
+                       vm_map_simplify_range(src_map,
+                                             src_base,
+                                             src_end);
+
+                       vm_map_unlock(src_map);
+                       vm_map_deallocate(src_map);
+                       vm_map_lock(ptr->parent_map);
+                       src_map = ptr->parent_map;
+                       src_base = ptr->base_start;
+                       src_start = ptr->base_start + ptr->base_len;
+                       src_end = ptr->base_end;
+                       if (!vm_map_lookup_entry(src_map,
+                                                src_start,
+                                                &tmp_entry) &&
+                           (src_end > src_start)) {
+                               RETURN(KERN_INVALID_ADDRESS);
+                       }
+                       kfree(ptr, sizeof(submap_map_t));
+                       if (parent_maps == NULL)
+                               map_share = FALSE;
+                       src_entry = tmp_entry->vme_prev;
+               }
+
+               if ((VM_MAP_PAGE_SHIFT(src_map) != PAGE_SHIFT) &&
+                   (src_start >= src_addr + len) &&
+                   (src_addr + len != 0)) {
+                       /*
+                        * Stop copying now, even though we haven't reached
+                        * "src_end".  We'll adjust the end of the last copy
+                        * entry at the end, if needed.
+                        *
+                        * If src_map's aligment is different from the
+                        * system's page-alignment, there could be
+                        * extra non-map-aligned map entries between
+                        * the original (non-rounded) "src_addr + len"
+                        * and the rounded "src_end".
+                        * We do not want to copy those map entries since
+                        * they're not part of the copied range.
+                        */
+                       break;
                }
                }
+
                if ((src_start >= src_end) && (src_end != 0))
                        break;
 
                if ((src_start >= src_end) && (src_end != 0))
                        break;
 
@@ -7939,9 +10079,10 @@ vm_map_copyin_common(
                 */
 
                tmp_entry = src_entry->vme_next;
                 */
 
                tmp_entry = src_entry->vme_next;
-               if ((tmp_entry->vme_start != src_start) || 
-                   (tmp_entry == vm_map_to_entry(src_map)))
+               if ((tmp_entry->vme_start != src_start) ||
+                   (tmp_entry == vm_map_to_entry(src_map))) {
                        RETURN(KERN_INVALID_ADDRESS);
                        RETURN(KERN_INVALID_ADDRESS);
+               }
        }
 
        /*
        }
 
        /*
@@ -7949,42 +10090,256 @@ vm_map_copyin_common(
         * copy was successful. 
         */
        if (src_destroy) {
         * copy was successful. 
         */
        if (src_destroy) {
-               (void) vm_map_delete(src_map,
-                                    vm_map_trunc_page(src_addr),
-                                    src_end,
-                                    (src_map == kernel_map) ?
-                                    VM_MAP_REMOVE_KUNWIRE :
-                                    VM_MAP_NO_FLAGS,
-                                    VM_MAP_NULL);
+               (void) vm_map_delete(
+                       src_map,
+                       vm_map_trunc_page(src_addr,
+                                         VM_MAP_PAGE_MASK(src_map)),
+                       src_end,
+                       ((src_map == kernel_map) ?
+                        VM_MAP_REMOVE_KUNWIRE :
+                        VM_MAP_NO_FLAGS),
+                       VM_MAP_NULL);
        } else {
                /* fix up the damage we did in the base map */
        } else {
                /* fix up the damage we did in the base map */
-               vm_map_simplify_range(src_map,
-                                     vm_map_trunc_page(src_addr), 
-                                     vm_map_round_page(src_end));
+               vm_map_simplify_range(
+                       src_map,
+                       vm_map_trunc_page(src_addr,
+                                         VM_MAP_PAGE_MASK(src_map)), 
+                       vm_map_round_page(src_end,
+                                         VM_MAP_PAGE_MASK(src_map)));
        }
 
        vm_map_unlock(src_map);
 
        }
 
        vm_map_unlock(src_map);
 
-       /* Fix-up start and end points in copy.  This is necessary */
-       /* when the various entries in the copy object were picked */
-       /* up from different sub-maps */
+       if (VM_MAP_PAGE_SHIFT(src_map) != PAGE_SHIFT) {
+               vm_map_offset_t original_start, original_offset, original_end;
+               
+               assert(VM_MAP_COPY_PAGE_MASK(copy) == PAGE_MASK);
+
+               /* adjust alignment of first copy_entry's "vme_start" */
+               tmp_entry = vm_map_copy_first_entry(copy);
+               if (tmp_entry != vm_map_copy_to_entry(copy)) {
+                       vm_map_offset_t adjustment;
+
+                       original_start = tmp_entry->vme_start;
+                       original_offset = VME_OFFSET(tmp_entry);
+
+                       /* map-align the start of the first copy entry... */
+                       adjustment = (tmp_entry->vme_start -
+                                     vm_map_trunc_page(
+                                             tmp_entry->vme_start,
+                                             VM_MAP_PAGE_MASK(src_map)));
+                       tmp_entry->vme_start -= adjustment;
+                       VME_OFFSET_SET(tmp_entry,
+                                      VME_OFFSET(tmp_entry) - adjustment);
+                       copy_addr -= adjustment;
+                       assert(tmp_entry->vme_start < tmp_entry->vme_end);
+                       /* ... adjust for mis-aligned start of copy range */
+                       adjustment =
+                               (vm_map_trunc_page(copy->offset,
+                                                  PAGE_MASK) -
+                                vm_map_trunc_page(copy->offset,
+                                                  VM_MAP_PAGE_MASK(src_map)));
+                       if (adjustment) {
+                               assert(page_aligned(adjustment));
+                               assert(adjustment < VM_MAP_PAGE_SIZE(src_map));
+                               tmp_entry->vme_start += adjustment;
+                               VME_OFFSET_SET(tmp_entry,
+                                              (VME_OFFSET(tmp_entry) +
+                                               adjustment));
+                               copy_addr += adjustment;
+                               assert(tmp_entry->vme_start < tmp_entry->vme_end);
+                       }
 
 
-       tmp_entry = vm_map_copy_first_entry(copy);
-       while (tmp_entry != vm_map_copy_to_entry(copy)) {
-               tmp_entry->vme_end = copy_addr + 
-                       (tmp_entry->vme_end - tmp_entry->vme_start);
-               tmp_entry->vme_start = copy_addr;
-               assert(tmp_entry->vme_start < tmp_entry->vme_end);
-               copy_addr += tmp_entry->vme_end - tmp_entry->vme_start;
+                       /*
+                        * Assert that the adjustments haven't exposed
+                        * more than was originally copied...
+                        */
+                       assert(tmp_entry->vme_start >= original_start);
+                       assert(VME_OFFSET(tmp_entry) >= original_offset);
+                       /*
+                        * ... and that it did not adjust outside of a
+                        * a single 16K page.
+                        */
+                       assert(vm_map_trunc_page(tmp_entry->vme_start,
+                                                VM_MAP_PAGE_MASK(src_map)) ==
+                              vm_map_trunc_page(original_start,
+                                                VM_MAP_PAGE_MASK(src_map)));
+               }
+
+               /* adjust alignment of last copy_entry's "vme_end" */
+               tmp_entry = vm_map_copy_last_entry(copy);
+               if (tmp_entry != vm_map_copy_to_entry(copy)) {
+                       vm_map_offset_t adjustment;
+
+                       original_end = tmp_entry->vme_end;
+
+                       /* map-align the end of the last copy entry... */
+                       tmp_entry->vme_end =
+                               vm_map_round_page(tmp_entry->vme_end,
+                                                 VM_MAP_PAGE_MASK(src_map));
+                       /* ... adjust for mis-aligned end of copy range */
+                       adjustment =
+                               (vm_map_round_page((copy->offset +
+                                                   copy->size),
+                                                  VM_MAP_PAGE_MASK(src_map)) -
+                                vm_map_round_page((copy->offset +
+                                                   copy->size),
+                                                  PAGE_MASK));
+                       if (adjustment) {
+                               assert(page_aligned(adjustment));
+                               assert(adjustment < VM_MAP_PAGE_SIZE(src_map));
+                               tmp_entry->vme_end -= adjustment;
+                               assert(tmp_entry->vme_start < tmp_entry->vme_end);
+                       }
+
+                       /*
+                        * Assert that the adjustments haven't exposed
+                        * more than was originally copied...
+                        */
+                       assert(tmp_entry->vme_end <= original_end);
+                       /*
+                        * ... and that it did not adjust outside of a
+                        * a single 16K page.
+                        */
+                       assert(vm_map_round_page(tmp_entry->vme_end,
+                                                VM_MAP_PAGE_MASK(src_map)) ==
+                              vm_map_round_page(original_end,
+                                                VM_MAP_PAGE_MASK(src_map)));
+               }
+       }
+
+       /* Fix-up start and end points in copy.  This is necessary */
+       /* when the various entries in the copy object were picked */
+       /* up from different sub-maps */
+
+       tmp_entry = vm_map_copy_first_entry(copy);
+       copy_size = 0; /* compute actual size */
+       while (tmp_entry != vm_map_copy_to_entry(copy)) {
+               assert(VM_MAP_PAGE_ALIGNED(
+                              copy_addr + (tmp_entry->vme_end -
+                                           tmp_entry->vme_start),
+                              VM_MAP_COPY_PAGE_MASK(copy)));
+               assert(VM_MAP_PAGE_ALIGNED(
+                              copy_addr,
+                              VM_MAP_COPY_PAGE_MASK(copy)));
+
+               /*
+                * The copy_entries will be injected directly into the
+                * destination map and might not be "map aligned" there...
+                */
+               tmp_entry->map_aligned = FALSE;
+
+               tmp_entry->vme_end = copy_addr + 
+                       (tmp_entry->vme_end - tmp_entry->vme_start);
+               tmp_entry->vme_start = copy_addr;
+               assert(tmp_entry->vme_start < tmp_entry->vme_end);
+               copy_addr += tmp_entry->vme_end - tmp_entry->vme_start;
+               copy_size += tmp_entry->vme_end - tmp_entry->vme_start;
                tmp_entry = (struct vm_map_entry *)tmp_entry->vme_next;
        }
 
                tmp_entry = (struct vm_map_entry *)tmp_entry->vme_next;
        }
 
+       if (VM_MAP_PAGE_SHIFT(src_map) != PAGE_SHIFT &&
+           copy_size < copy->size) {
+               /*
+                * The actual size of the VM map copy is smaller than what
+                * was requested by the caller.  This must be because some
+                * PAGE_SIZE-sized pages are missing at the end of the last
+                * VM_MAP_PAGE_SIZE(src_map)-sized chunk of the range.
+                * The caller might not have been aware of those missing
+                * pages and might not want to be aware of it, which is
+                * fine as long as they don't try to access (and crash on)
+                * those missing pages.
+                * Let's adjust the size of the "copy", to avoid failing
+                * in vm_map_copyout() or vm_map_copy_overwrite().
+                */
+               assert(vm_map_round_page(copy_size,
+                                        VM_MAP_PAGE_MASK(src_map)) ==
+                      vm_map_round_page(copy->size,
+                                        VM_MAP_PAGE_MASK(src_map)));
+               copy->size = copy_size;
+       }
+
        *copy_result = copy;
        return(KERN_SUCCESS);
 
 #undef RETURN
 }
 
        *copy_result = copy;
        return(KERN_SUCCESS);
 
 #undef RETURN
 }
 
+kern_return_t
+vm_map_copy_extract(
+       vm_map_t                src_map,
+       vm_map_address_t        src_addr,
+       vm_map_size_t           len,
+       vm_map_copy_t           *copy_result,   /* OUT */
+       vm_prot_t               *cur_prot,      /* OUT */
+       vm_prot_t               *max_prot)
+{
+       vm_map_offset_t src_start, src_end;
+       vm_map_copy_t   copy;
+       kern_return_t   kr;
+
+       /*
+        *      Check for copies of zero bytes.
+        */
+
+       if (len == 0) {
+               *copy_result = VM_MAP_COPY_NULL;
+               return(KERN_SUCCESS);
+       }
+
+       /*
+        *      Check that the end address doesn't overflow
+        */
+       src_end = src_addr + len;
+       if (src_end < src_addr)
+               return KERN_INVALID_ADDRESS;
+
+       /*
+        *      Compute (page aligned) start and end of region
+        */
+       src_start = vm_map_trunc_page(src_addr, PAGE_MASK);
+       src_end = vm_map_round_page(src_end, PAGE_MASK);
+
+       /*
+        *      Allocate a header element for the list.
+        *
+        *      Use the start and end in the header to 
+        *      remember the endpoints prior to rounding.
+        */
+
+       copy = (vm_map_copy_t) zalloc(vm_map_copy_zone);
+       copy->c_u.hdr.rb_head_store.rbh_root = (void*)(int)SKIP_RB_TREE;
+       vm_map_copy_first_entry(copy) =
+               vm_map_copy_last_entry(copy) = vm_map_copy_to_entry(copy);
+       copy->type = VM_MAP_COPY_ENTRY_LIST;
+       copy->cpy_hdr.nentries = 0;
+       copy->cpy_hdr.entries_pageable = TRUE;
+
+       vm_map_store_init(&copy->cpy_hdr);
+
+       copy->offset = 0;
+       copy->size = len;
+
+       kr = vm_map_remap_extract(src_map,
+                                 src_addr,
+                                 len,
+                                 FALSE, /* copy */
+                                 &copy->cpy_hdr,
+                                 cur_prot,
+                                 max_prot,
+                                 VM_INHERIT_SHARE,
+                                 TRUE, /* pageable */
+                                 FALSE); /* same_map */
+       if (kr != KERN_SUCCESS) {
+               vm_map_copy_discard(copy);
+               return kr;
+       }
+
+       *copy_result = copy;
+       return KERN_SUCCESS;
+}
+
 /*
  *     vm_map_copyin_object:
  *
 /*
  *     vm_map_copyin_object:
  *
@@ -8007,6 +10362,7 @@ vm_map_copyin_object(
         */
 
        copy = (vm_map_copy_t) zalloc(vm_map_copy_zone);
         */
 
        copy = (vm_map_copy_t) zalloc(vm_map_copy_zone);
+       copy->c_u.hdr.rb_head_store.rbh_root = (void*)(int)SKIP_RB_TREE;
        copy->type = VM_MAP_COPY_OBJECT;
        copy->cpy_object = object;
        copy->offset = offset;
        copy->type = VM_MAP_COPY_OBJECT;
        copy->cpy_object = object;
        copy->offset = offset;
@@ -8035,7 +10391,7 @@ vm_map_fork_share(
         *      make a new shadow and share it.
         */
        
         *      make a new shadow and share it.
         */
        
-       object = old_entry->object.vm_object;
+       object = VME_OBJECT(old_entry);
        if (old_entry->is_sub_map) {
                assert(old_entry->wired_count == 0);
 #ifndef NO_NESTED_PMAP
        if (old_entry->is_sub_map) {
                assert(old_entry->wired_count == 0);
 #ifndef NO_NESTED_PMAP
@@ -8043,7 +10399,7 @@ vm_map_fork_share(
                        kern_return_t   result;
 
                        result = pmap_nest(new_map->pmap, 
                        kern_return_t   result;
 
                        result = pmap_nest(new_map->pmap, 
-                                          (old_entry->object.sub_map)->pmap, 
+                                          (VME_SUBMAP(old_entry))->pmap, 
                                           (addr64_t)old_entry->vme_start,
                                           (addr64_t)old_entry->vme_start,
                                           (uint64_t)(old_entry->vme_end - old_entry->vme_start));
                                           (addr64_t)old_entry->vme_start,
                                           (addr64_t)old_entry->vme_start,
                                           (uint64_t)(old_entry->vme_end - old_entry->vme_start));
@@ -8054,8 +10410,9 @@ vm_map_fork_share(
        } else if (object == VM_OBJECT_NULL) {
                object = vm_object_allocate((vm_map_size_t)(old_entry->vme_end -
                                                            old_entry->vme_start));
        } else if (object == VM_OBJECT_NULL) {
                object = vm_object_allocate((vm_map_size_t)(old_entry->vme_end -
                                                            old_entry->vme_start));
-               old_entry->offset = 0;
-               old_entry->object.vm_object = object;
+               VME_OFFSET_SET(old_entry, 0);
+               VME_OBJECT_SET(old_entry, object);
+               old_entry->use_pmap = TRUE;
                assert(!old_entry->needs_copy);
        } else if (object->copy_strategy !=
                   MEMORY_OBJECT_COPY_SYMMETRIC) {
                assert(!old_entry->needs_copy);
        } else if (object->copy_strategy !=
                   MEMORY_OBJECT_COPY_SYMMETRIC) {
@@ -8152,10 +10509,9 @@ vm_map_fork_share(
                 *      (This is a preemptive version of
                 *      case 2.)
                 */
                 *      (This is a preemptive version of
                 *      case 2.)
                 */
-               vm_object_shadow(&old_entry->object.vm_object,
-                                &old_entry->offset,
-                                (vm_map_size_t) (old_entry->vme_end -
-                                                 old_entry->vme_start));
+               VME_OBJECT_SHADOW(old_entry,
+                                 (vm_map_size_t) (old_entry->vme_end -
+                                                  old_entry->vme_start));
                
                /*
                 *      If we're making a shadow for other than
                
                /*
                 *      If we're making a shadow for other than
@@ -8169,13 +10525,13 @@ vm_map_fork_share(
 
                        prot = old_entry->protection & ~VM_PROT_WRITE;
 
 
                        prot = old_entry->protection & ~VM_PROT_WRITE;
 
-                       if (override_nx(old_map, old_entry->alias) && prot)
+                       if (override_nx(old_map, VME_ALIAS(old_entry)) && prot)
                                prot |= VM_PROT_EXECUTE;
 
                                prot |= VM_PROT_EXECUTE;
 
-                       if (old_map->mapped) {
+                       if (old_map->mapped_in_other_pmaps) {
                                vm_object_pmap_protect(
                                vm_object_pmap_protect(
-                                       old_entry->object.vm_object,
-                                       old_entry->offset,
+                                       VME_OBJECT(old_entry),
+                                       VME_OFFSET(old_entry),
                                        (old_entry->vme_end -
                                         old_entry->vme_start),
                                        PMAP_NULL,
                                        (old_entry->vme_end -
                                         old_entry->vme_start),
                                        PMAP_NULL,
@@ -8190,7 +10546,7 @@ vm_map_fork_share(
                }
                
                old_entry->needs_copy = FALSE;
                }
                
                old_entry->needs_copy = FALSE;
-               object = old_entry->object.vm_object;
+               object = VME_OBJECT(old_entry);
        }
 
        
        }
 
        
@@ -8204,9 +10560,9 @@ vm_map_fork_share(
         */
        
        if(old_entry->is_sub_map) {
         */
        
        if(old_entry->is_sub_map) {
-               vm_map_lock(old_entry->object.sub_map);
-               vm_map_reference(old_entry->object.sub_map);
-               vm_map_unlock(old_entry->object.sub_map);
+               vm_map_lock(VME_SUBMAP(old_entry));
+               vm_map_reference(VME_SUBMAP(old_entry));
+               vm_map_unlock(VME_SUBMAP(old_entry));
        } else {
                vm_object_lock(object);
                vm_object_reference_locked(object);
        } else {
                vm_object_lock(object);
                vm_object_reference_locked(object);
@@ -8221,10 +10577,22 @@ vm_map_fork_share(
         *      Mark both entries as shared.
         */
        
         *      Mark both entries as shared.
         */
        
-       new_entry = vm_map_entry_create(new_map);
+       new_entry = vm_map_entry_create(new_map, FALSE); /* Never the kernel
+                                                         * map or descendants */
        vm_map_entry_copy(new_entry, old_entry);
        old_entry->is_shared = TRUE;
        new_entry->is_shared = TRUE;
        vm_map_entry_copy(new_entry, old_entry);
        old_entry->is_shared = TRUE;
        new_entry->is_shared = TRUE;
+
+       /*
+        *      If old entry's inheritence is VM_INHERIT_NONE,
+        *      the new entry is for corpse fork, remove the
+        *      write permission from the new entry.
+        */
+       if (old_entry->inheritance == VM_INHERIT_NONE) {
+
+               new_entry->protection &= ~VM_PROT_WRITE;
+               new_entry->max_protection &= ~VM_PROT_WRITE;
+       }
        
        /*
         *      Insert the entry into the new map -- we
        
        /*
         *      Insert the entry into the new map -- we
@@ -8251,7 +10619,8 @@ static boolean_t
 vm_map_fork_copy(
        vm_map_t        old_map,
        vm_map_entry_t  *old_entry_p,
 vm_map_fork_copy(
        vm_map_t        old_map,
        vm_map_entry_t  *old_entry_p,
-       vm_map_t        new_map)
+       vm_map_t        new_map,
+       int             vm_map_copyin_flags)
 {
        vm_map_entry_t old_entry = *old_entry_p;
        vm_map_size_t entry_size = old_entry->vme_end - old_entry->vme_start;
 {
        vm_map_entry_t old_entry = *old_entry_p;
        vm_map_size_t entry_size = old_entry->vme_end - old_entry->vme_start;
@@ -8266,7 +10635,9 @@ vm_map_fork_copy(
         *      be accessed, not just whether it's accessible
         *      right now.
         */
         *      be accessed, not just whether it's accessible
         *      right now.
         */
-       if (vm_map_copyin_maxprot(old_map, start, entry_size, FALSE, &copy)
+       vm_map_copyin_flags |= VM_MAP_COPYIN_USE_MAXPROT;
+       if (vm_map_copyin_internal(old_map, start, entry_size,
+                                  vm_map_copyin_flags, &copy)
            != KERN_SUCCESS) {
                /*
                 *      The map might have changed while it
            != KERN_SUCCESS) {
                /*
                 *      The map might have changed while it
@@ -8327,13 +10698,15 @@ vm_map_fork_copy(
  *
  *     Create and return a new map based on the old
  *     map, according to the inheritance values on the
  *
  *     Create and return a new map based on the old
  *     map, according to the inheritance values on the
- *     regions in that map.
+ *     regions in that map and the options.
  *
  *     The source map must not be locked.
  */
 vm_map_t
 vm_map_fork(
  *
  *     The source map must not be locked.
  */
 vm_map_t
 vm_map_fork(
-       vm_map_t        old_map)
+       ledger_t        ledger,
+       vm_map_t        old_map,
+       int             options)
 {
        pmap_t          new_pmap;
        vm_map_t        new_map;
 {
        pmap_t          new_pmap;
        vm_map_t        new_map;
@@ -8342,19 +10715,24 @@ vm_map_fork(
        vm_map_entry_t  new_entry;
        boolean_t       src_needs_copy;
        boolean_t       new_entry_needs_copy;
        vm_map_entry_t  new_entry;
        boolean_t       src_needs_copy;
        boolean_t       new_entry_needs_copy;
+       boolean_t       pmap_is64bit;
+       int             vm_map_copyin_flags;
 
 
-       new_pmap = pmap_create((vm_map_size_t) 0,
+       if (options & ~(VM_MAP_FORK_SHARE_IF_INHERIT_NONE |
+                       VM_MAP_FORK_PRESERVE_PURGEABLE)) {
+               /* unsupported option */
+               return VM_MAP_NULL;
+       }
+
+       pmap_is64bit =
 #if defined(__i386__) || defined(__x86_64__)
 #if defined(__i386__) || defined(__x86_64__)
-                              old_map->pmap->pm_task_map != TASK_MAP_32BIT
+                              old_map->pmap->pm_task_map != TASK_MAP_32BIT;
 #else
 #else
-                              0
-#endif
-                              );
-#if defined(__i386__)
-       if (old_map->pmap->pm_task_map == TASK_MAP_64BIT_SHARED)
-               pmap_set_4GB_pagezero(new_pmap);
+#error Unknown architecture.
 #endif
 
 #endif
 
+       new_pmap = pmap_create(ledger, (vm_map_size_t) 0, pmap_is64bit);
+
        vm_map_reference_swap(old_map);
        vm_map_lock(old_map);
 
        vm_map_reference_swap(old_map);
        vm_map_lock(old_map);
 
@@ -8362,6 +10740,9 @@ vm_map_fork(
                                old_map->min_offset,
                                old_map->max_offset,
                                old_map->hdr.entries_pageable);
                                old_map->min_offset,
                                old_map->max_offset,
                                old_map->hdr.entries_pageable);
+       vm_commit_pagezero_status(new_map);
+       /* inherit the parent map's page size */
+       vm_map_set_page_shift(new_map, VM_MAP_PAGE_SHIFT(old_map));
        for (
                old_entry = vm_map_first_entry(old_map);
                old_entry != vm_map_to_entry(old_map);
        for (
                old_entry = vm_map_first_entry(old_map);
                old_entry != vm_map_to_entry(old_map);
@@ -8371,7 +10752,18 @@ vm_map_fork(
 
                switch (old_entry->inheritance) {
                case VM_INHERIT_NONE:
 
                switch (old_entry->inheritance) {
                case VM_INHERIT_NONE:
-                       break;
+                       /*
+                        * Skip making a share entry if VM_MAP_FORK_SHARE_IF_INHERIT_NONE
+                        * is not passed or it is backed by a device pager.
+                        */
+                       if ((!(options & VM_MAP_FORK_SHARE_IF_INHERIT_NONE)) ||
+                               (!old_entry->is_sub_map &&
+                               VME_OBJECT(old_entry) != NULL &&
+                               VME_OBJECT(old_entry)->pager != NULL &&
+                               is_device_pager_ops(VME_OBJECT(old_entry)->pager->mo_pager_ops))) {
+                               break;
+                       }
+                       /* FALLTHROUGH */
 
                case VM_INHERIT_SHARE:
                        vm_map_fork_share(old_map, old_entry, new_map);
 
                case VM_INHERIT_SHARE:
                        vm_map_fork_share(old_map, old_entry, new_map);
@@ -8389,19 +10781,21 @@ vm_map_fork(
                        if(old_entry->is_sub_map)
                                break;
                        if ((old_entry->wired_count != 0) ||
                        if(old_entry->is_sub_map)
                                break;
                        if ((old_entry->wired_count != 0) ||
-                           ((old_entry->object.vm_object != NULL) &&
-                            (old_entry->object.vm_object->true_share))) {
+                           ((VME_OBJECT(old_entry) != NULL) &&
+                            (VME_OBJECT(old_entry)->true_share))) {
                                goto slow_vm_map_fork_copy;
                        }
 
                                goto slow_vm_map_fork_copy;
                        }
 
-                       new_entry = vm_map_entry_create(new_map);
+                       new_entry = vm_map_entry_create(new_map, FALSE); /* never the kernel map or descendants */
                        vm_map_entry_copy(new_entry, old_entry);
                        vm_map_entry_copy(new_entry, old_entry);
-                       /* clear address space specifics */
-                       new_entry->use_pmap = FALSE;
+                       if (new_entry->is_sub_map) {
+                               /* clear address space specifics */
+                               new_entry->use_pmap = FALSE;
+                       }
 
                        if (! vm_object_copy_quickly(
 
                        if (! vm_object_copy_quickly(
-                                   &new_entry->object.vm_object,
-                                   old_entry->offset,
+                                   &VME_OBJECT(new_entry),
+                                   VME_OFFSET(old_entry),
                                    (old_entry->vme_end -
                                     old_entry->vme_start),
                                    &src_needs_copy,
                                    (old_entry->vme_end -
                                     old_entry->vme_start),
                                    &src_needs_copy,
@@ -8419,21 +10813,23 @@ vm_map_fork(
 
                                prot = old_entry->protection & ~VM_PROT_WRITE;
 
 
                                prot = old_entry->protection & ~VM_PROT_WRITE;
 
-                               if (override_nx(old_map, old_entry->alias) && prot)
+                               if (override_nx(old_map, VME_ALIAS(old_entry))
+                                   && prot)
                                        prot |= VM_PROT_EXECUTE;
 
                                vm_object_pmap_protect(
                                        prot |= VM_PROT_EXECUTE;
 
                                vm_object_pmap_protect(
-                                       old_entry->object.vm_object,
-                                       old_entry->offset,
+                                       VME_OBJECT(old_entry),
+                                       VME_OFFSET(old_entry),
                                        (old_entry->vme_end -
                                         old_entry->vme_start),
                                        ((old_entry->is_shared 
                                        (old_entry->vme_end -
                                         old_entry->vme_start),
                                        ((old_entry->is_shared 
-                                         || old_map->mapped)
+                                         || old_map->mapped_in_other_pmaps)
                                         ? PMAP_NULL :
                                         old_map->pmap),
                                        old_entry->vme_start,
                                        prot);
 
                                         ? PMAP_NULL :
                                         old_map->pmap),
                                        old_entry->vme_start,
                                        prot);
 
+                               assert(old_entry->wired_count == 0);
                                old_entry->needs_copy = TRUE;
                        }
                        new_entry->needs_copy = new_entry_needs_copy;
                                old_entry->needs_copy = TRUE;
                        }
                        new_entry->needs_copy = new_entry_needs_copy;
@@ -8449,7 +10845,15 @@ vm_map_fork(
                        break;
 
                slow_vm_map_fork_copy:
                        break;
 
                slow_vm_map_fork_copy:
-                       if (vm_map_fork_copy(old_map, &old_entry, new_map)) {
+                       vm_map_copyin_flags = 0;
+                       if (options & VM_MAP_FORK_PRESERVE_PURGEABLE) {
+                               vm_map_copyin_flags |=
+                                       VM_MAP_COPYIN_PRESERVE_PURGEABLE;
+                       }
+                       if (vm_map_fork_copy(old_map,
+                                            &old_entry,
+                                            new_map,
+                                            vm_map_copyin_flags)) {
                                new_size += entry_size;
                        }
                        continue;
                                new_size += entry_size;
                        }
                        continue;
@@ -8457,6 +10861,7 @@ vm_map_fork(
                old_entry = old_entry->vme_next;
        }
 
                old_entry = old_entry->vme_next;
        }
 
+
        new_map->size = new_size;
        vm_map_unlock(old_map);
        vm_map_deallocate(old_map);
        new_map->size = new_size;
        vm_map_unlock(old_map);
        vm_map_deallocate(old_map);
@@ -8475,17 +10880,26 @@ kern_return_t
 vm_map_exec(
        vm_map_t        new_map,
        task_t          task,
 vm_map_exec(
        vm_map_t        new_map,
        task_t          task,
+       boolean_t       is64bit,
        void            *fsroot,
        cpu_type_t      cpu)
 {
        SHARED_REGION_TRACE_DEBUG(
                ("shared_region: task %p: vm_map_exec(%p,%p,%p,0x%x): ->\n",
        void            *fsroot,
        cpu_type_t      cpu)
 {
        SHARED_REGION_TRACE_DEBUG(
                ("shared_region: task %p: vm_map_exec(%p,%p,%p,0x%x): ->\n",
-                current_task(), new_map, task, fsroot, cpu));
-       (void) vm_commpage_enter(new_map, task);
-       (void) vm_shared_region_enter(new_map, task, fsroot, cpu);
+                (void *)VM_KERNEL_ADDRPERM(current_task()),
+                (void *)VM_KERNEL_ADDRPERM(new_map),
+                (void *)VM_KERNEL_ADDRPERM(task),
+                (void *)VM_KERNEL_ADDRPERM(fsroot),
+                cpu));
+       (void) vm_commpage_enter(new_map, task, is64bit);
+       (void) vm_shared_region_enter(new_map, task, is64bit, fsroot, cpu);
        SHARED_REGION_TRACE_DEBUG(
                ("shared_region: task %p: vm_map_exec(%p,%p,%p,0x%x): <-\n",
        SHARED_REGION_TRACE_DEBUG(
                ("shared_region: task %p: vm_map_exec(%p,%p,%p,0x%x): <-\n",
-                current_task(), new_map, task, fsroot, cpu));
+                (void *)VM_KERNEL_ADDRPERM(current_task()),
+                (void *)VM_KERNEL_ADDRPERM(new_map),
+                (void *)VM_KERNEL_ADDRPERM(task),
+                (void *)VM_KERNEL_ADDRPERM(fsroot),
+                cpu));
        return KERN_SUCCESS;
 }
 
        return KERN_SUCCESS;
 }
 
@@ -8528,14 +10942,15 @@ vm_map_lookup_locked(
        vm_map_t                *real_map)
 {
        vm_map_entry_t                  entry;
        vm_map_t                *real_map)
 {
        vm_map_entry_t                  entry;
-       register vm_map_t               map = *var_map;
+       vm_map_t                        map = *var_map;
        vm_map_t                        old_map = *var_map;
        vm_map_t                        cow_sub_map_parent = VM_MAP_NULL;
        vm_map_offset_t                 cow_parent_vaddr = 0;
        vm_map_offset_t                 old_start = 0;
        vm_map_offset_t                 old_end = 0;
        vm_map_t                        old_map = *var_map;
        vm_map_t                        cow_sub_map_parent = VM_MAP_NULL;
        vm_map_offset_t                 cow_parent_vaddr = 0;
        vm_map_offset_t                 old_start = 0;
        vm_map_offset_t                 old_end = 0;
-       register vm_prot_t              prot;
+       vm_prot_t                       prot;
        boolean_t                       mask_protections;
        boolean_t                       mask_protections;
+       boolean_t                       force_copy;
        vm_prot_t                       original_fault_type;
 
        /*
        vm_prot_t                       original_fault_type;
 
        /*
@@ -8544,7 +10959,8 @@ vm_map_lookup_locked(
         * absolute value.
         */
        mask_protections = (fault_type & VM_PROT_IS_MASK) ? TRUE : FALSE;
         * absolute value.
         */
        mask_protections = (fault_type & VM_PROT_IS_MASK) ? TRUE : FALSE;
-       fault_type &= ~VM_PROT_IS_MASK;
+       force_copy = (fault_type & VM_PROT_COPY) ? TRUE : FALSE;
+       fault_type &= VM_PROT_ALL;
        original_fault_type = fault_type;
 
        *real_map = map;
        original_fault_type = fault_type;
 
        *real_map = map;
@@ -8597,24 +11013,27 @@ submap_recurse:
 
                local_vaddr = vaddr;
 
 
                local_vaddr = vaddr;
 
-               if ((entry->use_pmap && !(fault_type & VM_PROT_WRITE))) {
+               if ((entry->use_pmap &&
+                    ! ((fault_type & VM_PROT_WRITE) ||
+                       force_copy))) {
                        /* if real_map equals map we unlock below */
                        if ((*real_map != map) && 
                            (*real_map != cow_sub_map_parent))
                                vm_map_unlock(*real_map);
                        /* if real_map equals map we unlock below */
                        if ((*real_map != map) && 
                            (*real_map != cow_sub_map_parent))
                                vm_map_unlock(*real_map);
-                       *real_map = entry->object.sub_map;
+                       *real_map = VME_SUBMAP(entry);
                }
 
                }
 
-               if(entry->needs_copy && (fault_type & VM_PROT_WRITE)) {
+               if(entry->needs_copy &&
+                  ((fault_type & VM_PROT_WRITE) ||
+                   force_copy)) {
                        if (!mapped_needs_copy) {
                                if (vm_map_lock_read_to_write(map)) {
                                        vm_map_lock_read(map);
                        if (!mapped_needs_copy) {
                                if (vm_map_lock_read_to_write(map)) {
                                        vm_map_lock_read(map);
-                                       /* XXX FBDP: entry still valid ? */
-                                       if(*real_map == entry->object.sub_map)
-                                               *real_map = map;
+                                       *real_map = map;
                                        goto RetryLookup;
                                }
                                        goto RetryLookup;
                                }
-                               vm_map_lock_read(entry->object.sub_map);
+                               vm_map_lock_read(VME_SUBMAP(entry));
+                               *var_map = VME_SUBMAP(entry);
                                cow_sub_map_parent = map;
                                /* reset base to map before cow object */
                                /* this is the map which will accept   */
                                cow_sub_map_parent = map;
                                /* reset base to map before cow object */
                                /* this is the map which will accept   */
@@ -8624,13 +11043,15 @@ submap_recurse:
                                cow_parent_vaddr = vaddr;
                                mapped_needs_copy = TRUE;
                        } else {
                                cow_parent_vaddr = vaddr;
                                mapped_needs_copy = TRUE;
                        } else {
-                               vm_map_lock_read(entry->object.sub_map);
+                               vm_map_lock_read(VME_SUBMAP(entry));
+                               *var_map = VME_SUBMAP(entry);
                                if((cow_sub_map_parent != map) &&
                                   (*real_map != map))
                                        vm_map_unlock(map);
                        }
                } else {
                                if((cow_sub_map_parent != map) &&
                                   (*real_map != map))
                                        vm_map_unlock(map);
                        }
                } else {
-                       vm_map_lock_read(entry->object.sub_map);
+                       vm_map_lock_read(VME_SUBMAP(entry));
+                       *var_map = VME_SUBMAP(entry);   
                        /* leave map locked if it is a target */
                        /* cow sub_map above otherwise, just  */
                        /* follow the maps down to the object */
                        /* leave map locked if it is a target */
                        /* cow sub_map above otherwise, just  */
                        /* follow the maps down to the object */
@@ -8640,11 +11061,10 @@ submap_recurse:
                                vm_map_unlock_read(map);
                }
 
                                vm_map_unlock_read(map);
                }
 
-               /* XXX FBDP: map has been unlocked, what protects "entry" !? */
-               *var_map = map = entry->object.sub_map;
+               map = *var_map;
 
                /* calculate the offset in the submap for vaddr */
 
                /* calculate the offset in the submap for vaddr */
-               local_vaddr = (local_vaddr - entry->vme_start) + entry->offset;
+               local_vaddr = (local_vaddr - entry->vme_start) + VME_OFFSET(entry);
 
        RetrySubMap:
                if(!vm_map_lookup_entry(map, local_vaddr, &submap_entry)) {
 
        RetrySubMap:
                if(!vm_map_lookup_entry(map, local_vaddr, &submap_entry)) {
@@ -8669,13 +11089,13 @@ submap_recurse:
                /* ultimately be clipped in the top map will only need    */
                /* to be as big as the portion of the underlying entry    */
                /* which is mapped */
                /* ultimately be clipped in the top map will only need    */
                /* to be as big as the portion of the underlying entry    */
                /* which is mapped */
-               start_delta = submap_entry->vme_start > entry->offset ?
-                       submap_entry->vme_start - entry->offset : 0;
+               start_delta = submap_entry->vme_start > VME_OFFSET(entry) ?
+                       submap_entry->vme_start - VME_OFFSET(entry) : 0;
 
                end_delta = 
 
                end_delta = 
-                       (entry->offset + start_delta + (old_end - old_start)) <=
+                       (VME_OFFSET(entry) + start_delta + (old_end - old_start)) <=
                        submap_entry->vme_end ?
                        submap_entry->vme_end ?
-                       0 : (entry->offset + 
+                       0 : (VME_OFFSET(entry) + 
                             (old_end - old_start))
                        - submap_entry->vme_end; 
 
                             (old_end - old_start))
                        - submap_entry->vme_end; 
 
@@ -8688,7 +11108,9 @@ submap_recurse:
                        goto submap_recurse;
                }
 
                        goto submap_recurse;
                }
 
-               if(((fault_type & VM_PROT_WRITE) && cow_sub_map_parent)) {
+               if (((fault_type & VM_PROT_WRITE) ||
+                    force_copy)
+                   && cow_sub_map_parent) {
 
                        vm_object_t     sub_object, copy_object;
                        vm_object_offset_t copy_offset;
 
                        vm_object_t     sub_object, copy_object;
                        vm_object_offset_t copy_offset;
@@ -8704,15 +11126,15 @@ submap_recurse:
                        }
 
 
                        }
 
 
-                       sub_object = submap_entry->object.vm_object;
+                       sub_object = VME_OBJECT(submap_entry);
                        if (sub_object == VM_OBJECT_NULL) {
                                sub_object =
                                        vm_object_allocate(
                                                (vm_map_size_t)
                                                (submap_entry->vme_end -
                                                 submap_entry->vme_start));
                        if (sub_object == VM_OBJECT_NULL) {
                                sub_object =
                                        vm_object_allocate(
                                                (vm_map_size_t)
                                                (submap_entry->vme_end -
                                                 submap_entry->vme_start));
-                               submap_entry->object.vm_object = sub_object;
-                               submap_entry->offset = 0;
+                               VME_OBJECT_SET(submap_entry, sub_object);
+                               VME_OFFSET_SET(submap_entry, 0);
                        }
                        local_start =  local_vaddr - 
                                (cow_parent_vaddr - old_start);
                        }
                        local_start =  local_vaddr - 
                                (cow_parent_vaddr - old_start);
@@ -8720,8 +11142,10 @@ submap_recurse:
                                (old_end - cow_parent_vaddr);
                        vm_map_clip_start(map, submap_entry, local_start);
                        vm_map_clip_end(map, submap_entry, local_end);
                                (old_end - cow_parent_vaddr);
                        vm_map_clip_start(map, submap_entry, local_start);
                        vm_map_clip_end(map, submap_entry, local_end);
-                       /* unnesting was done in vm_map_clip_start/end() */
-                       assert(!submap_entry->use_pmap);
+                       if (submap_entry->is_sub_map) {
+                               /* unnesting was done when clipping */
+                               assert(!submap_entry->use_pmap);
+                       }
 
                        /* This is the COW case, lets connect */
                        /* an entry in our space to the underlying */
 
                        /* This is the COW case, lets connect */
                        /* an entry in our space to the underlying */
@@ -8734,7 +11158,7 @@ submap_recurse:
                            MEMORY_OBJECT_COPY_NONE)) {
                                vm_object_lock(sub_object);
                                vm_object_copy_slowly(sub_object,
                            MEMORY_OBJECT_COPY_NONE)) {
                                vm_object_lock(sub_object);
                                vm_object_copy_slowly(sub_object,
-                                                     submap_entry->offset,
+                                                     VME_OFFSET(submap_entry),
                                                      (submap_entry->vme_end -
                                                       submap_entry->vme_start),
                                                      FALSE,
                                                      (submap_entry->vme_end -
                                                       submap_entry->vme_start),
                                                      FALSE,
@@ -8744,22 +11168,28 @@ submap_recurse:
                                
                                /* set up shadow object */
                                copy_object = sub_object;
                                
                                /* set up shadow object */
                                copy_object = sub_object;
-                               vm_object_reference(copy_object);
+                               vm_object_lock(sub_object);
+                               vm_object_reference_locked(sub_object);
                                sub_object->shadowed = TRUE;
                                sub_object->shadowed = TRUE;
+                               vm_object_unlock(sub_object);
+
+                               assert(submap_entry->wired_count == 0);
                                submap_entry->needs_copy = TRUE;
 
                                prot = submap_entry->protection & ~VM_PROT_WRITE;
 
                                submap_entry->needs_copy = TRUE;
 
                                prot = submap_entry->protection & ~VM_PROT_WRITE;
 
-                               if (override_nx(map, submap_entry->alias) && prot)
+                               if (override_nx(old_map,
+                                               VME_ALIAS(submap_entry))
+                                   && prot)
                                        prot |= VM_PROT_EXECUTE;
 
                                vm_object_pmap_protect(
                                        sub_object,
                                        prot |= VM_PROT_EXECUTE;
 
                                vm_object_pmap_protect(
                                        sub_object,
-                                       submap_entry->offset,
+                                       VME_OFFSET(submap_entry),
                                        submap_entry->vme_end - 
                                        submap_entry->vme_start,
                                        (submap_entry->is_shared 
                                        submap_entry->vme_end - 
                                        submap_entry->vme_start,
                                        (submap_entry->is_shared 
-                                        || map->mapped) ?
+                                        || map->mapped_in_other_pmaps) ?
                                        PMAP_NULL : map->pmap,
                                        submap_entry->vme_start,
                                        prot);
                                        PMAP_NULL : map->pmap,
                                        submap_entry->vme_start,
                                        prot);
@@ -8770,7 +11200,7 @@ submap_recurse:
                         */
                        copy_offset = (local_vaddr -
                                       submap_entry->vme_start +
                         */
                        copy_offset = (local_vaddr -
                                       submap_entry->vme_start +
-                                      submap_entry->offset);
+                                      VME_OFFSET(submap_entry));
 
                        /* This works diffently than the   */
                        /* normal submap case. We go back  */
 
                        /* This works diffently than the   */
                        /* normal submap case. We go back  */
@@ -8824,25 +11254,30 @@ submap_recurse:
 
                        vm_map_clip_start(map, entry, local_start);
                        vm_map_clip_end(map, entry, local_end);
 
                        vm_map_clip_start(map, entry, local_start);
                        vm_map_clip_end(map, entry, local_end);
-                       /* unnesting was done in vm_map_clip_start/end() */
-                       assert(!entry->use_pmap);
+                       if (entry->is_sub_map) {
+                               /* unnesting was done when clipping */
+                               assert(!entry->use_pmap);
+                       }
 
                        /* substitute copy object for */
                        /* shared map entry           */
 
                        /* substitute copy object for */
                        /* shared map entry           */
-                       vm_map_deallocate(entry->object.sub_map);
+                       vm_map_deallocate(VME_SUBMAP(entry));
+                       assert(!entry->iokit_acct);
                        entry->is_sub_map = FALSE;
                        entry->is_sub_map = FALSE;
-                       entry->object.vm_object = copy_object;
+                       entry->use_pmap = TRUE;
+                       VME_OBJECT_SET(entry, copy_object);
 
                        /* propagate the submap entry's protections */
                        entry->protection |= submap_entry->protection;
                        entry->max_protection |= submap_entry->max_protection;
 
                        if(copied_slowly) {
 
                        /* propagate the submap entry's protections */
                        entry->protection |= submap_entry->protection;
                        entry->max_protection |= submap_entry->max_protection;
 
                        if(copied_slowly) {
-                               entry->offset = local_start - old_start;
+                               VME_OFFSET_SET(entry, local_start - old_start);
                                entry->needs_copy = FALSE;
                                entry->is_shared = FALSE;
                        } else {
                                entry->needs_copy = FALSE;
                                entry->is_shared = FALSE;
                        } else {
-                               entry->offset = copy_offset;
+                               VME_OFFSET_SET(entry, copy_offset);
+                               assert(entry->wired_count == 0);
                                entry->needs_copy = TRUE;
                                if(entry->inheritance == VM_INHERIT_SHARE) 
                                        entry->inheritance = VM_INHERIT_COPY;
                                entry->needs_copy = TRUE;
                                if(entry->inheritance == VM_INHERIT_SHARE) 
                                        entry->inheritance = VM_INHERIT_COPY;
@@ -8871,7 +11306,7 @@ submap_recurse:
 
        prot = entry->protection;
 
 
        prot = entry->protection;
 
-       if (override_nx(map, entry->alias) && prot) {
+       if (override_nx(old_map, VME_ALIAS(entry)) && prot) {
                /*
                 * HACK -- if not a stack, then allow execution
                 */
                /*
                 * HACK -- if not a stack, then allow execution
                 */
@@ -8884,7 +11319,8 @@ submap_recurse:
                        goto protection_failure;
                }
        }
                        goto protection_failure;
                }
        }
-       if ((fault_type & (prot)) != fault_type) {
+       if (((fault_type & prot) != fault_type)
+           ) {
        protection_failure:
                if (*real_map != map) {
                        vm_map_unlock(*real_map);
        protection_failure:
                if (*real_map != map) {
                        vm_map_unlock(*real_map);
@@ -8920,7 +11356,7 @@ submap_recurse:
                 *      demote the permissions allowed.
                 */
 
                 *      demote the permissions allowed.
                 */
 
-               if ((fault_type & VM_PROT_WRITE) || *wired) {
+               if ((fault_type & VM_PROT_WRITE) || *wired || force_copy) {
                        /*
                         *      Make a new object, and place it in the
                         *      object chain.  Note that no new references
                        /*
                         *      Make a new object, and place it in the
                         *      object chain.  Note that no new references
@@ -8932,16 +11368,20 @@ submap_recurse:
                                vm_map_lock_read(map);
                                goto RetryLookup;
                        }
                                vm_map_lock_read(map);
                                goto RetryLookup;
                        }
-                       vm_object_shadow(&entry->object.vm_object,
-                                        &entry->offset,
-                                        (vm_map_size_t) (entry->vme_end -
-                                                         entry->vme_start));
 
 
-                       entry->object.vm_object->shadowed = TRUE;
+                       if (VME_OBJECT(entry)->shadowed == FALSE) {
+                               vm_object_lock(VME_OBJECT(entry));
+                               VME_OBJECT(entry)->shadowed = TRUE;
+                               vm_object_unlock(VME_OBJECT(entry));
+                       }
+                       VME_OBJECT_SHADOW(entry,
+                                         (vm_map_size_t) (entry->vme_end -
+                                                          entry->vme_start));
                        entry->needs_copy = FALSE;
                        entry->needs_copy = FALSE;
+
                        vm_map_lock_write_to_read(map);
                }
                        vm_map_lock_write_to_read(map);
                }
-               else {
+               if ((fault_type & VM_PROT_WRITE) == 0 && *wired == 0) {
                        /*
                         *      We're attempting to read a copy-on-write
                         *      page -- don't allow writes.
                        /*
                         *      We're attempting to read a copy-on-write
                         *      page -- don't allow writes.
@@ -8954,16 +11394,18 @@ submap_recurse:
        /*
         *      Create an object if necessary.
         */
        /*
         *      Create an object if necessary.
         */
-       if (entry->object.vm_object == VM_OBJECT_NULL) {
+       if (VME_OBJECT(entry) == VM_OBJECT_NULL) {
 
                if (vm_map_lock_read_to_write(map)) {
                        vm_map_lock_read(map);
                        goto RetryLookup;
                }
 
 
                if (vm_map_lock_read_to_write(map)) {
                        vm_map_lock_read(map);
                        goto RetryLookup;
                }
 
-               entry->object.vm_object = vm_object_allocate(
-                       (vm_map_size_t)(entry->vme_end - entry->vme_start));
-               entry->offset = 0;
+               VME_OBJECT_SET(entry,
+                              vm_object_allocate(
+                                      (vm_map_size_t)(entry->vme_end -
+                                                      entry->vme_start)));
+               VME_OFFSET_SET(entry, 0);
                vm_map_lock_write_to_read(map);
        }
 
                vm_map_lock_write_to_read(map);
        }
 
@@ -8973,23 +11415,35 @@ submap_recurse:
         *      return the protection.
         */
 
         *      return the protection.
         */
 
-        *offset = (vaddr - entry->vme_start) + entry->offset;
-        *object = entry->object.vm_object;
+        *offset = (vaddr - entry->vme_start) + VME_OFFSET(entry);
+        *object = VME_OBJECT(entry);
        *out_prot = prot;
 
        if (fault_info) {
                fault_info->interruptible = THREAD_UNINT; /* for now... */
                /* ... the caller will change "interruptible" if needed */
                fault_info->cluster_size = 0;
        *out_prot = prot;
 
        if (fault_info) {
                fault_info->interruptible = THREAD_UNINT; /* for now... */
                /* ... the caller will change "interruptible" if needed */
                fault_info->cluster_size = 0;
-               fault_info->user_tag = entry->alias;
+               fault_info->user_tag = VME_ALIAS(entry);
+               fault_info->pmap_options = 0;
+               if (entry->iokit_acct ||
+                   (!entry->is_sub_map && !entry->use_pmap)) {
+                       fault_info->pmap_options |= PMAP_OPTIONS_ALT_ACCT;
+               }
                fault_info->behavior = entry->behavior;
                fault_info->behavior = entry->behavior;
-               fault_info->lo_offset = entry->offset;
-               fault_info->hi_offset = (entry->vme_end - entry->vme_start) + entry->offset;
+               fault_info->lo_offset = VME_OFFSET(entry);
+               fault_info->hi_offset =
+                       (entry->vme_end - entry->vme_start) + VME_OFFSET(entry);
                fault_info->no_cache  = entry->no_cache;
                fault_info->stealth = FALSE;
                fault_info->io_sync = FALSE;
                fault_info->no_cache  = entry->no_cache;
                fault_info->stealth = FALSE;
                fault_info->io_sync = FALSE;
-               fault_info->cs_bypass = (entry->used_for_jit)? TRUE : FALSE;
+               if (entry->used_for_jit ||
+                   entry->vme_resilient_codesign) {
+                       fault_info->cs_bypass = TRUE;
+               } else {
+                       fault_info->cs_bypass = FALSE;
+               }
                fault_info->mark_zf_absent = FALSE;
                fault_info->mark_zf_absent = FALSE;
+               fault_info->batch_pmap_op = FALSE;
        }
 
        /*
        }
 
        /*
@@ -9019,8 +11473,8 @@ submap_recurse:
  */
 boolean_t
 vm_map_verify(
  */
 boolean_t
 vm_map_verify(
-       register vm_map_t               map,
-       register vm_map_version_t       *version)       /* REF */
+       vm_map_t                map,
+       vm_map_version_t        *version)       /* REF */
 {
        boolean_t       result;
 
 {
        boolean_t       result;
 
@@ -9052,6 +11506,10 @@ vm_map_verify(
  *
  */
 
  *
  */
 
+#if DEVELOPMENT || DEBUG
+int vm_region_footprint = 0;
+#endif /* DEVELOPMENT || DEBUG */
+
 kern_return_t
 vm_map_region_recurse_64(
        vm_map_t                 map,
 kern_return_t
 vm_map_region_recurse_64(
        vm_map_t                 map,
@@ -9061,6 +11519,7 @@ vm_map_region_recurse_64(
        vm_region_submap_info_64_t      submap_info,    /* IN/OUT */
        mach_msg_type_number_t  *count) /* IN/OUT */
 {
        vm_region_submap_info_64_t      submap_info,    /* IN/OUT */
        mach_msg_type_number_t  *count) /* IN/OUT */
 {
+       mach_msg_type_number_t  original_count;
        vm_region_extended_info_data_t  extended;
        vm_map_entry_t                  tmp_entry;
        vm_map_offset_t                 user_address;
        vm_region_extended_info_data_t  extended;
        vm_map_entry_t                  tmp_entry;
        vm_map_offset_t                 user_address;
@@ -9113,29 +11572,40 @@ vm_map_region_recurse_64(
                return KERN_INVALID_ARGUMENT;
        }
 
                return KERN_INVALID_ARGUMENT;
        }
 
-       if (*count < VM_REGION_SUBMAP_INFO_COUNT_64) {
-               if (*count < VM_REGION_SUBMAP_SHORT_INFO_COUNT_64) {
-                       /*
-                        * "info" structure is not big enough and
-                        * would overflow
-                        */
-                       return KERN_INVALID_ARGUMENT;
-               } else {
-                       look_for_pages = FALSE;
-                       *count = VM_REGION_SUBMAP_SHORT_INFO_COUNT_64;
-                       short_info = (vm_region_submap_short_info_64_t) submap_info;
-                       submap_info = NULL;
-               }
+       
+       if (*count < VM_REGION_SUBMAP_SHORT_INFO_COUNT_64) {
+               /*
+                * "info" structure is not big enough and
+                * would overflow
+                */
+               return KERN_INVALID_ARGUMENT;
+       }
+       
+       original_count = *count;
+       
+       if (original_count < VM_REGION_SUBMAP_INFO_V0_COUNT_64) {
+               *count = VM_REGION_SUBMAP_SHORT_INFO_COUNT_64;
+               look_for_pages = FALSE;
+               short_info = (vm_region_submap_short_info_64_t) submap_info;
+               submap_info = NULL;
        } else {
                look_for_pages = TRUE;
        } else {
                look_for_pages = TRUE;
-               *count = VM_REGION_SUBMAP_INFO_COUNT_64;
+               *count = VM_REGION_SUBMAP_INFO_V0_COUNT_64;
                short_info = NULL;
                short_info = NULL;
+               
+               if (original_count >= VM_REGION_SUBMAP_INFO_V1_COUNT_64) {
+                       *count = VM_REGION_SUBMAP_INFO_V1_COUNT_64;
+               }
        }
        }
-
-
+       
        user_address = *address;
        user_max_depth = *nesting_depth;
        
        user_address = *address;
        user_max_depth = *nesting_depth;
        
+       if (not_in_kdp) {
+               vm_map_lock_read(map);
+       }
+
+recurse_again:
        curr_entry = NULL;
        curr_map = map;
        curr_address = user_address;
        curr_entry = NULL;
        curr_map = map;
        curr_address = user_address;
@@ -9154,10 +11624,6 @@ vm_map_region_recurse_64(
        next_max_above = (vm_map_offset_t) -1;
        next_max_below = (vm_map_offset_t) -1;
 
        next_max_above = (vm_map_offset_t) -1;
        next_max_below = (vm_map_offset_t) -1;
 
-       if (not_in_kdp) {
-               vm_map_lock_read(curr_map);
-       }
-
        for (;;) {
                if (vm_map_lookup_entry(curr_map,
                                        curr_address,
        for (;;) {
                if (vm_map_lookup_entry(curr_map,
                                        curr_address,
@@ -9182,6 +11648,7 @@ vm_map_region_recurse_64(
                                }
                                curr_entry = NULL;
                                curr_map = NULL;
                                }
                                curr_entry = NULL;
                                curr_map = NULL;
+                               curr_skip = 0;
                                curr_offset = 0;
                                curr_depth = 0;
                                curr_max_above = 0;
                                curr_offset = 0;
                                curr_depth = 0;
                                curr_max_above = 0;
@@ -9192,7 +11659,7 @@ vm_map_region_recurse_64(
                        /* adjust current address and offset */
                        skip = curr_entry->vme_start - curr_address;
                        curr_address = curr_entry->vme_start;
                        /* adjust current address and offset */
                        skip = curr_entry->vme_start - curr_address;
                        curr_address = curr_entry->vme_start;
-                       curr_skip = skip;
+                       curr_skip += skip;
                        curr_offset += skip;
                        curr_max_above -= skip;
                        curr_max_below = 0;
                        curr_offset += skip;
                        curr_max_above -= skip;
                        curr_max_below = 0;
@@ -9231,6 +11698,7 @@ vm_map_region_recurse_64(
                        next_depth = curr_depth;
                        next_address = next_entry->vme_start;
                        next_skip = curr_skip;
                        next_depth = curr_depth;
                        next_address = next_entry->vme_start;
                        next_skip = curr_skip;
+                       next_skip += (next_address - curr_address);
                        next_offset = curr_offset;
                        next_offset += (next_address - curr_address);
                        next_max_above = MIN(next_max_above, curr_max_above);
                        next_offset = curr_offset;
                        next_offset += (next_address - curr_address);
                        next_max_above = MIN(next_max_above, curr_max_above);
@@ -9247,7 +11715,7 @@ vm_map_region_recurse_64(
                 * the rest of that submap is irrelevant to us, since it's not
                 * mapped here.
                 * The relevant portion of the map starts at
                 * the rest of that submap is irrelevant to us, since it's not
                 * mapped here.
                 * The relevant portion of the map starts at
-                * "curr_entry->offset" up to the size of "curr_entry".
+                * "VME_OFFSET(curr_entry)" up to the size of "curr_entry".
                 */
                curr_max_above = MIN(curr_max_above,
                                     curr_entry->vme_end - curr_address);
                 */
                curr_max_above = MIN(curr_max_above,
                                     curr_entry->vme_end - curr_address);
@@ -9274,7 +11742,7 @@ vm_map_region_recurse_64(
                 * later.
                 */
                if (not_in_kdp) {
                 * later.
                 */
                if (not_in_kdp) {
-                       vm_map_lock_read(curr_entry->object.sub_map);
+                       vm_map_lock_read(VME_SUBMAP(curr_entry));
                }
                if (curr_map == next_map) {
                        /* keep "next_map" locked in case we need it */
                }
                if (curr_map == next_map) {
                        /* keep "next_map" locked in case we need it */
@@ -9287,23 +11755,74 @@ vm_map_region_recurse_64(
                /*
                 * Adjust the offset.  "curr_entry" maps the submap
                 * at relative address "curr_entry->vme_start" in the
                /*
                 * Adjust the offset.  "curr_entry" maps the submap
                 * at relative address "curr_entry->vme_start" in the
-                * curr_map but skips the first "curr_entry->offset"
+                * curr_map but skips the first "VME_OFFSET(curr_entry)"
                 * bytes of the submap.
                 * "curr_offset" always represents the offset of a virtual
                 * address in the curr_map relative to the absolute address
                 * space (i.e. the top-level VM map).
                 */
                curr_offset +=
                 * bytes of the submap.
                 * "curr_offset" always represents the offset of a virtual
                 * address in the curr_map relative to the absolute address
                 * space (i.e. the top-level VM map).
                 */
                curr_offset +=
-                       (curr_entry->offset - curr_entry->vme_start);
+                       (VME_OFFSET(curr_entry) - curr_entry->vme_start);
                curr_address = user_address + curr_offset;
                /* switch to the submap */
                curr_address = user_address + curr_offset;
                /* switch to the submap */
-               curr_map = curr_entry->object.sub_map;
+               curr_map = VME_SUBMAP(curr_entry);
                curr_depth++;
                curr_entry = NULL;
        }
 
        if (curr_entry == NULL) {
                /* no VM region contains the address... */
                curr_depth++;
                curr_entry = NULL;
        }
 
        if (curr_entry == NULL) {
                /* no VM region contains the address... */
+#if DEVELOPMENT || DEBUG
+               if (vm_region_footprint && /* we want footprint numbers */
+                   look_for_pages && /* & we want page counts */
+                   next_entry == NULL && /* & there are no more regions */
+                   /* & we haven't already provided our fake region: */
+                   user_address == vm_map_last_entry(map)->vme_end) {
+                       ledger_amount_t nonvol, nonvol_compressed;
+                       /*
+                        * Add a fake memory region to account for
+                        * purgeable memory that counts towards this
+                        * task's memory footprint, i.e. the resident
+                        * compressed pages of non-volatile objects
+                        * owned by that task.
+                        */
+                       ledger_get_balance(
+                               map->pmap->ledger,
+                               task_ledgers.purgeable_nonvolatile,
+                               &nonvol);
+                       ledger_get_balance(
+                               map->pmap->ledger,
+                               task_ledgers.purgeable_nonvolatile_compressed,
+                               &nonvol_compressed);
+                       if (nonvol + nonvol_compressed == 0) {
+                               /* no purgeable memory usage to report */
+                               return KERN_FAILURE;
+                       }
+                       /* fake region to show nonvolatile footprint */
+                       submap_info->protection = VM_PROT_DEFAULT;
+                       submap_info->max_protection = VM_PROT_DEFAULT;
+                       submap_info->inheritance = VM_INHERIT_DEFAULT;
+                       submap_info->offset = 0;
+                       submap_info->user_tag = 0;
+                       submap_info->pages_resident = (unsigned int) (nonvol / PAGE_SIZE);
+                       submap_info->pages_shared_now_private = 0;
+                       submap_info->pages_swapped_out = (unsigned int) (nonvol_compressed / PAGE_SIZE);
+                       submap_info->pages_dirtied = submap_info->pages_resident;
+                       submap_info->ref_count = 1;
+                       submap_info->shadow_depth = 0;
+                       submap_info->external_pager = 0;
+                       submap_info->share_mode = SM_PRIVATE;
+                       submap_info->is_submap = 0;
+                       submap_info->behavior = VM_BEHAVIOR_DEFAULT;
+                       submap_info->object_id = 0x11111111;
+                       submap_info->user_wired_count = 0;
+                       submap_info->pages_reusable = 0;
+                       *nesting_depth = 0;
+                       *size = (vm_map_size_t) (nonvol + nonvol_compressed);
+                       *address = user_address;
+                       return KERN_SUCCESS;
+               }
+#endif /* DEVELOPMENT || DEBUG */
                if (next_entry == NULL) {
                        /* ... and no VM region follows it either */
                        return KERN_INVALID_ADDRESS;
                if (next_entry == NULL) {
                        /* ... and no VM region follows it either */
                        return KERN_INVALID_ADDRESS;
@@ -9317,9 +11836,6 @@ vm_map_region_recurse_64(
                curr_depth = next_depth;
                curr_max_above = next_max_above;
                curr_max_below = next_max_below;
                curr_depth = next_depth;
                curr_max_above = next_max_above;
                curr_max_below = next_max_below;
-               if (curr_map == map) {
-                       user_address = curr_address;
-               }
        } else {
                /* we won't need "next_entry" after all */
                if (next_entry != NULL) {
        } else {
                /* we won't need "next_entry" after all */
                if (next_entry != NULL) {
@@ -9337,6 +11853,18 @@ vm_map_region_recurse_64(
        next_max_below = -1;
        next_max_above = -1;
 
        next_max_below = -1;
        next_max_above = -1;
 
+       if (curr_entry->is_sub_map &&
+           curr_depth < user_max_depth) {
+               /*
+                * We're not as deep as we could be:  we must have
+                * gone back up after not finding anything mapped
+                * below the original top-level map entry's.
+                * Let's move "curr_address" forward and recurse again.
+                */
+               user_address = curr_address;
+               goto recurse_again;
+       }
+
        *nesting_depth = curr_depth;
        *size = curr_max_above + curr_max_below;
        *address = user_address + curr_skip - curr_max_below;
        *nesting_depth = curr_depth;
        *size = curr_max_above + curr_max_below;
        *address = user_address + curr_skip - curr_max_below;
@@ -9344,36 +11872,39 @@ vm_map_region_recurse_64(
 // LP64todo: all the current tools are 32bit, obviously never worked for 64b
 // so probably should be a real 32b ID vs. ptr.
 // Current users just check for equality
 // LP64todo: all the current tools are 32bit, obviously never worked for 64b
 // so probably should be a real 32b ID vs. ptr.
 // Current users just check for equality
-#define INFO_MAKE_OBJECT_ID(p) ((uint32_t)(uintptr_t)p)
+#define INFO_MAKE_OBJECT_ID(p) ((uint32_t)(uintptr_t)VM_KERNEL_ADDRPERM(p))
 
        if (look_for_pages) {
 
        if (look_for_pages) {
-               submap_info->user_tag = curr_entry->alias;
-               submap_info->offset = curr_entry->offset
+               submap_info->user_tag = VME_ALIAS(curr_entry);
+               submap_info->offset = VME_OFFSET(curr_entry)
                submap_info->protection = curr_entry->protection;
                submap_info->inheritance = curr_entry->inheritance;
                submap_info->max_protection = curr_entry->max_protection;
                submap_info->behavior = curr_entry->behavior;
                submap_info->user_wired_count = curr_entry->user_wired_count;
                submap_info->is_submap = curr_entry->is_sub_map;
                submap_info->protection = curr_entry->protection;
                submap_info->inheritance = curr_entry->inheritance;
                submap_info->max_protection = curr_entry->max_protection;
                submap_info->behavior = curr_entry->behavior;
                submap_info->user_wired_count = curr_entry->user_wired_count;
                submap_info->is_submap = curr_entry->is_sub_map;
-               submap_info->object_id = INFO_MAKE_OBJECT_ID(curr_entry->object.vm_object);
+               submap_info->object_id = INFO_MAKE_OBJECT_ID(VME_OBJECT(curr_entry));
        } else {
        } else {
-               short_info->user_tag = curr_entry->alias;
-               short_info->offset = curr_entry->offset
+               short_info->user_tag = VME_ALIAS(curr_entry);
+               short_info->offset = VME_OFFSET(curr_entry)
                short_info->protection = curr_entry->protection;
                short_info->inheritance = curr_entry->inheritance;
                short_info->max_protection = curr_entry->max_protection;
                short_info->behavior = curr_entry->behavior;
                short_info->user_wired_count = curr_entry->user_wired_count;
                short_info->is_submap = curr_entry->is_sub_map;
                short_info->protection = curr_entry->protection;
                short_info->inheritance = curr_entry->inheritance;
                short_info->max_protection = curr_entry->max_protection;
                short_info->behavior = curr_entry->behavior;
                short_info->user_wired_count = curr_entry->user_wired_count;
                short_info->is_submap = curr_entry->is_sub_map;
-               short_info->object_id = INFO_MAKE_OBJECT_ID(curr_entry->object.vm_object);
+               short_info->object_id = INFO_MAKE_OBJECT_ID(VME_OBJECT(curr_entry));
        }
 
        extended.pages_resident = 0;
        extended.pages_swapped_out = 0;
        extended.pages_shared_now_private = 0;
        extended.pages_dirtied = 0;
        }
 
        extended.pages_resident = 0;
        extended.pages_swapped_out = 0;
        extended.pages_shared_now_private = 0;
        extended.pages_dirtied = 0;
+       extended.pages_reusable = 0;
        extended.external_pager = 0;
        extended.shadow_depth = 0;
        extended.external_pager = 0;
        extended.shadow_depth = 0;
+       extended.share_mode = SM_EMPTY;
+       extended.ref_count = 0;
 
        if (not_in_kdp) {
                if (!curr_entry->is_sub_map) {
 
        if (not_in_kdp) {
                if (!curr_entry->is_sub_map) {
@@ -9385,12 +11916,12 @@ vm_map_region_recurse_64(
                        vm_map_region_walk(curr_map,
                                           range_start,
                                           curr_entry,
                        vm_map_region_walk(curr_map,
                                           range_start,
                                           curr_entry,
-                                          (curr_entry->offset +
+                                          (VME_OFFSET(curr_entry) +
                                            (range_start -
                                             curr_entry->vme_start)),
                                           range_end - range_start,
                                           &extended,
                                            (range_start -
                                             curr_entry->vme_start)),
                                           range_end - range_start,
                                           &extended,
-                                          look_for_pages);
+                                          look_for_pages, VM_REGION_EXTENDED_INFO_COUNT);
                        if (extended.external_pager &&
                            extended.ref_count == 2 &&
                            extended.share_mode == SM_SHARED) {
                        if (extended.external_pager &&
                            extended.ref_count == 2 &&
                            extended.share_mode == SM_SHARED) {
@@ -9402,8 +11933,7 @@ vm_map_region_recurse_64(
                        } else {
                                extended.share_mode = SM_PRIVATE;
                        }
                        } else {
                                extended.share_mode = SM_PRIVATE;
                        }
-                       extended.ref_count =
-                               curr_entry->object.sub_map->ref_count;
+                       extended.ref_count = VME_SUBMAP(curr_entry)->ref_count;
                }
        }
 
                }
        }
 
@@ -9417,6 +11947,10 @@ vm_map_region_recurse_64(
                submap_info->shadow_depth = extended.shadow_depth;
                submap_info->share_mode = extended.share_mode;
                submap_info->ref_count = extended.ref_count;
                submap_info->shadow_depth = extended.shadow_depth;
                submap_info->share_mode = extended.share_mode;
                submap_info->ref_count = extended.ref_count;
+               
+               if (original_count >= VM_REGION_SUBMAP_INFO_V1_COUNT_64) {
+                       submap_info->pages_reusable = extended.pages_reusable;
+               }
        } else {
                short_info->external_pager = extended.external_pager;
                short_info->shadow_depth = extended.shadow_depth;
        } else {
                short_info->external_pager = extended.external_pager;
                short_info->shadow_depth = extended.shadow_depth;
@@ -9487,7 +12021,7 @@ vm_map_region(
 
                start = entry->vme_start;
 
 
                start = entry->vme_start;
 
-               basic->offset = (uint32_t)entry->offset;
+               basic->offset = (uint32_t)VME_OFFSET(entry);
                basic->protection = entry->protection;
                basic->inheritance = entry->inheritance;
                basic->max_protection = entry->max_protection;
                basic->protection = entry->protection;
                basic->inheritance = entry->inheritance;
                basic->max_protection = entry->max_protection;
@@ -9532,7 +12066,7 @@ vm_map_region(
 
                start = entry->vme_start;
 
 
                start = entry->vme_start;
 
-               basic->offset = entry->offset;
+               basic->offset = VME_OFFSET(entry);
                basic->protection = entry->protection;
                basic->inheritance = entry->inheritance;
                basic->max_protection = entry->max_protection;
                basic->protection = entry->protection;
                basic->inheritance = entry->inheritance;
                basic->max_protection = entry->max_protection;
@@ -9553,14 +12087,18 @@ vm_map_region(
                return(KERN_SUCCESS);
        }
        case VM_REGION_EXTENDED_INFO:
                return(KERN_SUCCESS);
        }
        case VM_REGION_EXTENDED_INFO:
-       {
-               vm_region_extended_info_t       extended;
-
                if (*count < VM_REGION_EXTENDED_INFO_COUNT)
                        return(KERN_INVALID_ARGUMENT);
                if (*count < VM_REGION_EXTENDED_INFO_COUNT)
                        return(KERN_INVALID_ARGUMENT);
+               /*fallthru*/
+       case VM_REGION_EXTENDED_INFO__legacy:
+               if (*count < VM_REGION_EXTENDED_INFO_COUNT__legacy)
+                       return KERN_INVALID_ARGUMENT;
+
+       {
+               vm_region_extended_info_t       extended;
+               mach_msg_type_number_t original_count;
 
                extended = (vm_region_extended_info_t) info;
 
                extended = (vm_region_extended_info_t) info;
-               *count = VM_REGION_EXTENDED_INFO_COUNT;
 
                vm_map_lock_read(map);
 
 
                vm_map_lock_read(map);
 
@@ -9576,7 +12114,7 @@ vm_map_region(
                start = entry->vme_start;
 
                extended->protection = entry->protection;
                start = entry->vme_start;
 
                extended->protection = entry->protection;
-               extended->user_tag = entry->alias;
+               extended->user_tag = VME_ALIAS(entry);
                extended->pages_resident = 0;
                extended->pages_swapped_out = 0;
                extended->pages_shared_now_private = 0;
                extended->pages_resident = 0;
                extended->pages_swapped_out = 0;
                extended->pages_shared_now_private = 0;
@@ -9584,7 +12122,15 @@ vm_map_region(
                extended->external_pager = 0;
                extended->shadow_depth = 0;
 
                extended->external_pager = 0;
                extended->shadow_depth = 0;
 
-               vm_map_region_walk(map, start, entry, entry->offset, entry->vme_end - start, extended, TRUE);
+               original_count = *count;
+               if (flavor == VM_REGION_EXTENDED_INFO__legacy) {
+                       *count = VM_REGION_EXTENDED_INFO_COUNT__legacy;
+               } else {
+                       extended->pages_reusable = 0;
+                       *count = VM_REGION_EXTENDED_INFO_COUNT;
+               }
+
+               vm_map_region_walk(map, start, entry, VME_OFFSET(entry), entry->vme_end - start, extended, TRUE, *count);
 
                if (extended->external_pager && extended->ref_count == 2 && extended->share_mode == SM_SHARED)
                        extended->share_mode = SM_PRIVATE;
 
                if (extended->external_pager && extended->ref_count == 2 && extended->share_mode == SM_SHARED)
                        extended->share_mode = SM_PRIVATE;
@@ -9651,7 +12197,7 @@ vm_map_region_top_walk(
        vm_region_top_info_t       top)
 {
 
        vm_region_top_info_t       top)
 {
 
-       if (entry->object.vm_object == 0 || entry->is_sub_map) {
+       if (VME_OBJECT(entry) == 0 || entry->is_sub_map) {
                top->share_mode = SM_EMPTY;
                top->ref_count = 0;
                top->obj_id = 0;
                top->share_mode = SM_EMPTY;
                top->ref_count = 0;
                top->obj_id = 0;
@@ -9665,7 +12211,7 @@ vm_map_region_top_walk(
 
                entry_size = (uint32_t) ((entry->vme_end - entry->vme_start) / PAGE_SIZE_64);
 
 
                entry_size = (uint32_t) ((entry->vme_end - entry->vme_start) / PAGE_SIZE_64);
 
-               obj = entry->object.vm_object;
+               obj = VME_OBJECT(entry);
 
                vm_object_lock(obj);
 
 
                vm_object_lock(obj);
 
@@ -9709,9 +12255,9 @@ vm_map_region_top_walk(
                                if (ref_count == 1 ||
                                    (ref_count == 2 && !(obj->pager_trusted) && !(obj->internal))) {
                                        top->share_mode = SM_PRIVATE;
                                if (ref_count == 1 ||
                                    (ref_count == 2 && !(obj->pager_trusted) && !(obj->internal))) {
                                        top->share_mode = SM_PRIVATE;
-                                       top->private_pages_resident =
-                                               OBJ_RESIDENT_COUNT(obj,
-                                                                  entry_size);
+                                               top->private_pages_resident =
+                                                       OBJ_RESIDENT_COUNT(obj,
+                                                                          entry_size);
                                } else {
                                        top->share_mode = SM_SHARED;
                                        top->shared_pages_resident =
                                } else {
                                        top->share_mode = SM_SHARED;
                                        top->shared_pages_resident =
@@ -9722,7 +12268,7 @@ vm_map_region_top_walk(
                        top->ref_count = ref_count;
                }
                /* XXX K64: obj_id will be truncated */
                        top->ref_count = ref_count;
                }
                /* XXX K64: obj_id will be truncated */
-               top->obj_id = (unsigned int) (uintptr_t)obj;
+               top->obj_id = (unsigned int) (uintptr_t)VM_KERNEL_ADDRPERM(obj);
 
                vm_object_unlock(obj);
        }
 
                vm_object_unlock(obj);
        }
@@ -9736,18 +12282,19 @@ vm_map_region_walk(
        vm_object_offset_t              offset,
        vm_object_size_t                range,
        vm_region_extended_info_t       extended,
        vm_object_offset_t              offset,
        vm_object_size_t                range,
        vm_region_extended_info_t       extended,
-       boolean_t                       look_for_pages)
+       boolean_t                       look_for_pages,
+       mach_msg_type_number_t count)
 {
 {
-        register struct vm_object *obj, *tmp_obj;
-       register vm_map_offset_t       last_offset;
-       register int               i;
-       register int               ref_count;
+        struct vm_object *obj, *tmp_obj;
+       vm_map_offset_t       last_offset;
+       int               i;
+       int               ref_count;
        struct vm_object        *shadow_object;
        int                     shadow_depth;
 
        struct vm_object        *shadow_object;
        int                     shadow_depth;
 
-       if ((entry->object.vm_object == 0) ||
+       if ((VME_OBJECT(entry) == 0) ||
            (entry->is_sub_map) ||
            (entry->is_sub_map) ||
-           (entry->object.vm_object->phys_contiguous &&
+           (VME_OBJECT(entry)->phys_contiguous &&
             !entry->superpage_size)) {
                extended->share_mode = SM_EMPTY;
                extended->ref_count = 0;
             !entry->superpage_size)) {
                extended->share_mode = SM_EMPTY;
                extended->ref_count = 0;
@@ -9764,97 +12311,138 @@ vm_map_region_walk(
                return;
        }
 
                return;
        }
 
-       {
-               obj = entry->object.vm_object;
+       obj = VME_OBJECT(entry);
 
 
-               vm_object_lock(obj);
+       vm_object_lock(obj);
 
 
-               if ((ref_count = obj->ref_count) > 1 && obj->paging_in_progress)
-                       ref_count--;
+       if ((ref_count = obj->ref_count) > 1 && obj->paging_in_progress)
+               ref_count--;
 
 
-               if (look_for_pages) {
-                       for (last_offset = offset + range;
-                            offset < last_offset;
-                            offset += PAGE_SIZE_64, va += PAGE_SIZE)
-                               vm_map_region_look_for_page(map, va, obj,
-                                                           offset, ref_count,
-                                                           0, extended);
-               } else {
-                       shadow_object = obj->shadow;
-                       shadow_depth = 0;
-
-                       if ( !(obj->pager_trusted) && !(obj->internal))
-                               extended->external_pager = 1;
-
-                       if (shadow_object != VM_OBJECT_NULL) {
-                               vm_object_lock(shadow_object);
-                               for (;
-                                    shadow_object != VM_OBJECT_NULL;
-                                    shadow_depth++) {
-                                       vm_object_t     next_shadow;
-
-                                       if ( !(shadow_object->pager_trusted) &&
-                                            !(shadow_object->internal))
-                                               extended->external_pager = 1;
-
-                                       next_shadow = shadow_object->shadow;
-                                       if (next_shadow) {
-                                               vm_object_lock(next_shadow);
+       if (look_for_pages) {
+               for (last_offset = offset + range;
+                    offset < last_offset;
+                    offset += PAGE_SIZE_64, va += PAGE_SIZE) {
+#if DEVELOPMENT || DEBUG
+                       if (vm_region_footprint) {
+                               if (obj->purgable != VM_PURGABLE_DENY) {
+                                       /* alternate accounting */
+                               } else if (entry->iokit_acct) {
+                                       /* alternate accounting */
+                                       extended->pages_resident++;
+                                       extended->pages_dirtied++;
+                               } else {
+                                       int disp;
+
+                                       disp = 0;
+                                       pmap_query_page_info(map->pmap, va, &disp);
+                                       if (disp & PMAP_QUERY_PAGE_PRESENT) {
+                                               extended->pages_resident++;
+                                               if (disp & PMAP_QUERY_PAGE_REUSABLE) {
+                                                       extended->pages_reusable++;
+                                               } else if (!(disp & PMAP_QUERY_PAGE_INTERNAL) ||
+                                                          (disp & PMAP_QUERY_PAGE_ALTACCT)) {
+                                                       /* alternate accounting */
+                                               } else {
+                                                       extended->pages_dirtied++;
+                                               }
+                                       } else if (disp & PMAP_QUERY_PAGE_COMPRESSED) {
+                                               if (disp & PMAP_QUERY_PAGE_COMPRESSED_ALTACCT) {
+                                                       /* alternate accounting */
+                                               } else {
+                                                       extended->pages_swapped_out++;
+                                               }
                                        }
                                        }
-                                       vm_object_unlock(shadow_object);
-                                       shadow_object = next_shadow;
                                }
                                }
+                               continue;
                        }
                        }
-                       extended->shadow_depth = shadow_depth;
+#endif /* DEVELOPMENT || DEBUG */
+                       vm_map_region_look_for_page(map, va, obj,
+                                                   offset, ref_count,
+                                                   0, extended, count);
                }
                }
+#if DEVELOPMENT || DEBUG
+               if (vm_region_footprint) {
+                       goto collect_object_info;
+               }
+#endif /* DEVELOPMENT || DEBUG */
+       } else {
+#if DEVELOPMENT || DEBUG
+       collect_object_info:
+#endif /* DEVELOPMENT || DEBUG */
+               shadow_object = obj->shadow;
+               shadow_depth = 0;
 
 
-               if (extended->shadow_depth || entry->needs_copy)
-                       extended->share_mode = SM_COW;
-               else {
-                       if (ref_count == 1)
-                               extended->share_mode = SM_PRIVATE;
-                       else {
-                               if (obj->true_share)
-                                       extended->share_mode = SM_TRUESHARED;
-                               else
-                                       extended->share_mode = SM_SHARED;
+               if ( !(obj->pager_trusted) && !(obj->internal))
+                       extended->external_pager = 1;
+
+               if (shadow_object != VM_OBJECT_NULL) {
+                       vm_object_lock(shadow_object);
+                       for (;
+                            shadow_object != VM_OBJECT_NULL;
+                            shadow_depth++) {
+                               vm_object_t     next_shadow;
+
+                               if ( !(shadow_object->pager_trusted) &&
+                                    !(shadow_object->internal))
+                                       extended->external_pager = 1;
+
+                               next_shadow = shadow_object->shadow;
+                               if (next_shadow) {
+                                       vm_object_lock(next_shadow);
+                               }
+                               vm_object_unlock(shadow_object);
+                               shadow_object = next_shadow;
                        }
                }
                        }
                }
-               extended->ref_count = ref_count - extended->shadow_depth;
-           
-               for (i = 0; i < extended->shadow_depth; i++) {
-                       if ((tmp_obj = obj->shadow) == 0)
-                               break;
-                       vm_object_lock(tmp_obj);
-                       vm_object_unlock(obj);
-
-                       if ((ref_count = tmp_obj->ref_count) > 1 && tmp_obj->paging_in_progress)
-                               ref_count--;
+               extended->shadow_depth = shadow_depth;
+       }
 
 
-                       extended->ref_count += ref_count;
-                       obj = tmp_obj;
+       if (extended->shadow_depth || entry->needs_copy)
+               extended->share_mode = SM_COW;
+       else {
+               if (ref_count == 1)
+                       extended->share_mode = SM_PRIVATE;
+               else {
+                       if (obj->true_share)
+                               extended->share_mode = SM_TRUESHARED;
+                       else
+                               extended->share_mode = SM_SHARED;
                }
                }
+       }
+       extended->ref_count = ref_count - extended->shadow_depth;
+           
+       for (i = 0; i < extended->shadow_depth; i++) {
+               if ((tmp_obj = obj->shadow) == 0)
+                       break;
+               vm_object_lock(tmp_obj);
                vm_object_unlock(obj);
 
                vm_object_unlock(obj);
 
-               if (extended->share_mode == SM_SHARED) {
-                       register vm_map_entry_t      cur;
-                       register vm_map_entry_t      last;
-                       int      my_refs;
+               if ((ref_count = tmp_obj->ref_count) > 1 && tmp_obj->paging_in_progress)
+                       ref_count--;
+
+               extended->ref_count += ref_count;
+               obj = tmp_obj;
+       }
+       vm_object_unlock(obj);
 
 
-                       obj = entry->object.vm_object;
-                       last = vm_map_to_entry(map);
-                       my_refs = 0;
+       if (extended->share_mode == SM_SHARED) {
+               vm_map_entry_t       cur;
+               vm_map_entry_t       last;
+               int      my_refs;
 
 
-                       if ((ref_count = obj->ref_count) > 1 && obj->paging_in_progress)
-                               ref_count--;
-                       for (cur = vm_map_first_entry(map); cur != last; cur = cur->vme_next)
-                               my_refs += vm_map_region_count_obj_refs(cur, obj);
+               obj = VME_OBJECT(entry);
+               last = vm_map_to_entry(map);
+               my_refs = 0;
 
 
-                       if (my_refs == ref_count)
-                               extended->share_mode = SM_PRIVATE_ALIASED;
-                       else if (my_refs > 1)
-                               extended->share_mode = SM_SHARED_ALIASED;
-               }
+               if ((ref_count = obj->ref_count) > 1 && obj->paging_in_progress)
+                       ref_count--;
+               for (cur = vm_map_first_entry(map); cur != last; cur = cur->vme_next)
+                       my_refs += vm_map_region_count_obj_refs(cur, obj);
+
+               if (my_refs == ref_count)
+                       extended->share_mode = SM_PRIVATE_ALIASED;
+               else if (my_refs > 1)
+                       extended->share_mode = SM_SHARED_ALIASED;
        }
 }
 
        }
 }
 
@@ -9870,15 +12458,14 @@ vm_map_region_look_for_page(
        vm_object_offset_t              offset,
        int                             max_refcnt,
        int                             depth,
        vm_object_offset_t              offset,
        int                             max_refcnt,
        int                             depth,
-       vm_region_extended_info_t       extended)
+       vm_region_extended_info_t       extended,
+       mach_msg_type_number_t count)
 {
 {
-        register vm_page_t     p;
-        register vm_object_t   shadow;
-       register int            ref_count;
-       vm_object_t             caller_object;
-#if    MACH_PAGEMAP
-       kern_return_t           kr;
-#endif
+        vm_page_t      p;
+        vm_object_t    shadow;
+       int             ref_count;
+       vm_object_t     caller_object;
+
        shadow = object->shadow;
        caller_object = object;
 
        shadow = object->shadow;
        caller_object = object;
 
@@ -9892,50 +12479,29 @@ vm_map_region_look_for_page(
                        if (shadow && (max_refcnt == 1))
                                extended->pages_shared_now_private++;
 
                        if (shadow && (max_refcnt == 1))
                                extended->pages_shared_now_private++;
 
-                       if (!p->fictitious && 
-                           (p->dirty || pmap_is_modified(p->phys_page)))
+                       if (!p->fictitious &&
+                           (p->dirty || pmap_is_modified(VM_PAGE_GET_PHYS_PAGE(p))))
                                extended->pages_dirtied++;
                                extended->pages_dirtied++;
+                       else if (count >= VM_REGION_EXTENDED_INFO_COUNT) {
+                               if (p->reusable || object->all_reusable) {
+                                       extended->pages_reusable++;
+                               }
+                       }
 
 
-                       extended->pages_resident++;
+                       extended->pages_resident++;
 
                        if(object != caller_object)
                                vm_object_unlock(object);
 
                        return;
                }
 
                        if(object != caller_object)
                                vm_object_unlock(object);
 
                        return;
                }
-#if    MACH_PAGEMAP
-               if (object->existence_map) {
-                       if (vm_external_state_get(object->existence_map, offset) == VM_EXTERNAL_STATE_EXISTS) {
-
-                               extended->pages_swapped_out++;
-
-                               if(object != caller_object)
-                                       vm_object_unlock(object);
-
-                               return;
-                       }
-               } else if (object->internal &&
-                          object->alive &&
-                          !object->terminating &&
-                          object->pager_ready) {
-
-                       memory_object_t pager;
-
-                       vm_object_paging_begin(object);
-                       pager = object->pager;
-                       vm_object_unlock(object);
-
-                       kr = memory_object_data_request(
-                               pager,
-                               offset + object->paging_offset,
-                               0, /* just poke the pager */
-                               VM_PROT_READ,
-                               NULL);
-
-                       vm_object_lock(object);
-                       vm_object_paging_end(object);
+               if (object->internal &&
+                   object->alive &&
+                   !object->terminating &&
+                   object->pager_ready) {
 
 
-                       if (kr == KERN_SUCCESS) {
+                       if (VM_COMPRESSOR_PAGER_STATE_GET(object, offset)
+                           == VM_EXTERNAL_STATE_EXISTS) {
                                /* the pager has that page */
                                extended->pages_swapped_out++;
                                if (object != caller_object)
                                /* the pager has that page */
                                extended->pages_swapped_out++;
                                if (object != caller_object)
@@ -9943,7 +12509,6 @@ vm_map_region_look_for_page(
                                return;
                        }
                }
                                return;
                        }
                }
-#endif /* MACH_PAGEMAP */
 
                if (shadow) {
                        vm_object_lock(shadow);
 
                if (shadow) {
                        vm_object_lock(shadow);
@@ -9976,11 +12541,11 @@ vm_map_region_count_obj_refs(
         vm_map_entry_t    entry,
        vm_object_t       object)
 {
         vm_map_entry_t    entry,
        vm_object_t       object)
 {
-        register int ref_count;
-       register vm_object_t chk_obj;
-       register vm_object_t tmp_obj;
+        int ref_count;
+       vm_object_t chk_obj;
+       vm_object_t tmp_obj;
 
 
-       if (entry->object.vm_object == 0)
+       if (VME_OBJECT(entry) == 0)
                return(0);
 
         if (entry->is_sub_map)
                return(0);
 
         if (entry->is_sub_map)
@@ -9988,7 +12553,7 @@ vm_map_region_count_obj_refs(
        else {
                ref_count = 0;
 
        else {
                ref_count = 0;
 
-               chk_obj = entry->object.vm_object;
+               chk_obj = VME_OBJECT(entry);
                vm_object_lock(chk_obj);
 
                while (chk_obj) {
                vm_object_lock(chk_obj);
 
                while (chk_obj) {
@@ -10036,42 +12601,59 @@ vm_map_simplify_entry(
            (prev_entry->vme_end == this_entry->vme_start) &&
 
            (prev_entry->is_sub_map == this_entry->is_sub_map) &&
            (prev_entry->vme_end == this_entry->vme_start) &&
 
            (prev_entry->is_sub_map == this_entry->is_sub_map) &&
-
-           (prev_entry->object.vm_object == this_entry->object.vm_object) &&
-           ((prev_entry->offset + (prev_entry->vme_end -
+           (VME_OBJECT(prev_entry) == VME_OBJECT(this_entry)) &&
+           ((VME_OFFSET(prev_entry) + (prev_entry->vme_end -
                                    prev_entry->vme_start))
                                    prev_entry->vme_start))
-            == this_entry->offset) &&
+            == VME_OFFSET(this_entry)) &&
 
 
-           (prev_entry->inheritance == this_entry->inheritance) &&
+           (prev_entry->behavior == this_entry->behavior) &&
+           (prev_entry->needs_copy == this_entry->needs_copy) &&
            (prev_entry->protection == this_entry->protection) &&
            (prev_entry->max_protection == this_entry->max_protection) &&
            (prev_entry->protection == this_entry->protection) &&
            (prev_entry->max_protection == this_entry->max_protection) &&
-           (prev_entry->behavior == this_entry->behavior) &&
-           (prev_entry->alias == this_entry->alias) &&
-           (prev_entry->zero_wired_pages == this_entry->zero_wired_pages) &&
+           (prev_entry->inheritance == this_entry->inheritance) &&
+           (prev_entry->use_pmap == this_entry->use_pmap) &&
+           (VME_ALIAS(prev_entry) == VME_ALIAS(this_entry)) &&
            (prev_entry->no_cache == this_entry->no_cache) &&
            (prev_entry->no_cache == this_entry->no_cache) &&
+           (prev_entry->permanent == this_entry->permanent) &&
+           (prev_entry->map_aligned == this_entry->map_aligned) &&
+           (prev_entry->zero_wired_pages == this_entry->zero_wired_pages) &&
+           (prev_entry->used_for_jit == this_entry->used_for_jit) &&
+           /* from_reserved_zone: OK if that field doesn't match */
+           (prev_entry->iokit_acct == this_entry->iokit_acct) &&
+           (prev_entry->vme_resilient_codesign ==
+            this_entry->vme_resilient_codesign) &&
+           (prev_entry->vme_resilient_media ==
+            this_entry->vme_resilient_media) &&
+
            (prev_entry->wired_count == this_entry->wired_count) &&
            (prev_entry->user_wired_count == this_entry->user_wired_count) &&
 
            (prev_entry->wired_count == this_entry->wired_count) &&
            (prev_entry->user_wired_count == this_entry->user_wired_count) &&
 
-           (prev_entry->needs_copy == this_entry->needs_copy) &&
-           (prev_entry->permanent == this_entry->permanent) &&
-
-           (prev_entry->use_pmap == FALSE) &&
-           (this_entry->use_pmap == FALSE) &&
+           ((prev_entry->vme_atomic == FALSE) && (this_entry->vme_atomic == FALSE)) &&
            (prev_entry->in_transition == FALSE) &&
            (this_entry->in_transition == FALSE) &&
            (prev_entry->needs_wakeup == FALSE) &&
            (this_entry->needs_wakeup == FALSE) &&
            (prev_entry->is_shared == FALSE) &&
            (prev_entry->in_transition == FALSE) &&
            (this_entry->in_transition == FALSE) &&
            (prev_entry->needs_wakeup == FALSE) &&
            (this_entry->needs_wakeup == FALSE) &&
            (prev_entry->is_shared == FALSE) &&
-           (this_entry->is_shared == FALSE)
+           (this_entry->is_shared == FALSE) &&
+           (prev_entry->superpage_size == FALSE) &&
+           (this_entry->superpage_size == FALSE)
                ) {
                ) {
-               _vm_map_store_entry_unlink(&map->hdr, prev_entry);
+               vm_map_store_entry_unlink(map, prev_entry);
                assert(prev_entry->vme_start < this_entry->vme_end);
                assert(prev_entry->vme_start < this_entry->vme_end);
+               if (prev_entry->map_aligned)
+                       assert(VM_MAP_PAGE_ALIGNED(prev_entry->vme_start,
+                                                  VM_MAP_PAGE_MASK(map)));
                this_entry->vme_start = prev_entry->vme_start;
                this_entry->vme_start = prev_entry->vme_start;
-               this_entry->offset = prev_entry->offset;
+               VME_OFFSET_SET(this_entry, VME_OFFSET(prev_entry));
+
+               if (map->holelistenabled) {
+                       vm_map_store_update_first_free(map, this_entry, TRUE);
+               }
+
                if (prev_entry->is_sub_map) {
                if (prev_entry->is_sub_map) {
-                       vm_map_deallocate(prev_entry->object.sub_map);
+                       vm_map_deallocate(VME_SUBMAP(prev_entry));
                } else {
                } else {
-                       vm_object_deallocate(prev_entry->object.vm_object);
+                       vm_object_deallocate(VME_OBJECT(prev_entry));
                }
                vm_map_entry_dispose(map, prev_entry);
                SAVE_HINT_MAP_WRITE(map, this_entry);
                }
                vm_map_entry_dispose(map, prev_entry);
                SAVE_HINT_MAP_WRITE(map, this_entry);
@@ -10112,8 +12694,10 @@ vm_map_simplify_range(
                return;
        }
 
                return;
        }
 
-       start = vm_map_trunc_page(start);
-       end = vm_map_round_page(end);
+       start = vm_map_trunc_page(start,
+                                 VM_MAP_PAGE_MASK(map));
+       end = vm_map_round_page(end,
+                               VM_MAP_PAGE_MASK(map));
 
        if (!vm_map_lookup_entry(map, start, &entry)) {
                /* "start" is not mapped and "entry" ends before "start" */
 
        if (!vm_map_lookup_entry(map, start, &entry)) {
                /* "start" is not mapped and "entry" ends before "start" */
@@ -10195,15 +12779,15 @@ vm_map_machine_attribute(
                                vm_map_offset_t sub_end;
 
                                sub_start = (start - entry->vme_start) 
                                vm_map_offset_t sub_end;
 
                                sub_start = (start - entry->vme_start) 
-                                       + entry->offset;
+                                       + VME_OFFSET(entry);
                                sub_end = sub_start + sub_size;
                                vm_map_machine_attribute(
                                sub_end = sub_start + sub_size;
                                vm_map_machine_attribute(
-                                       entry->object.sub_map
+                                       VME_SUBMAP(entry)
                                        sub_start,
                                        sub_end,
                                        attribute, value);
                        } else {
                                        sub_start,
                                        sub_end,
                                        attribute, value);
                        } else {
-                               if(entry->object.vm_object) {
+                               if (VME_OBJECT(entry)) {
                                        vm_page_t               m;
                                        vm_object_t             object;
                                        vm_object_t             base_object;
                                        vm_page_t               m;
                                        vm_object_t             object;
                                        vm_object_t             base_object;
@@ -10213,9 +12797,9 @@ vm_map_machine_attribute(
                                        vm_map_size_t           range;
                                        range = sub_size;
                                        offset = (start - entry->vme_start)
                                        vm_map_size_t           range;
                                        range = sub_size;
                                        offset = (start - entry->vme_start)
-                                               + entry->offset;
+                                               + VME_OFFSET(entry);
                                        base_offset = offset;
                                        base_offset = offset;
-                                       object = entry->object.vm_object;
+                                       object = VME_OBJECT(entry);
                                        base_object = object;
                                        last_object = NULL;
 
                                        base_object = object;
                                        last_object = NULL;
 
@@ -10228,7 +12812,7 @@ vm_map_machine_attribute(
                                                if (m && !m->fictitious) {
                                                        ret = 
                                                                pmap_attribute_cache_sync(
                                                if (m && !m->fictitious) {
                                                        ret = 
                                                                pmap_attribute_cache_sync(
-                                                                       m->phys_page,   
+                                                                       VM_PAGE_GET_PHYS_PAGE(m),       
                                                                        PAGE_SIZE, 
                                                                        attribute, value);
                                                        
                                                                        PAGE_SIZE, 
                                                                        attribute, value);
                                                        
@@ -10282,7 +12866,7 @@ vm_map_behavior_set(
        vm_map_offset_t end,
        vm_behavior_t   new_behavior)
 {
        vm_map_offset_t end,
        vm_behavior_t   new_behavior)
 {
-       register vm_map_entry_t entry;
+       vm_map_entry_t  entry;
        vm_map_entry_t  temp_entry;
 
        XPR(XPR_VM_MAP,
        vm_map_entry_t  temp_entry;
 
        XPR(XPR_VM_MAP,
@@ -10328,7 +12912,9 @@ vm_map_behavior_set(
        
                while ((entry != vm_map_to_entry(map)) && (entry->vme_start < end)) {
                        vm_map_clip_end(map, entry, end);
        
                while ((entry != vm_map_to_entry(map)) && (entry->vme_start < end)) {
                        vm_map_clip_end(map, entry, end);
-                       assert(!entry->use_pmap);
+                       if (entry->is_sub_map) {
+                               assert(!entry->use_pmap);
+                       }
        
                        if( new_behavior == VM_BEHAVIOR_ZERO_WIRED_PAGES ) {
                                entry->zero_wired_pages = TRUE;
        
                        if( new_behavior == VM_BEHAVIOR_ZERO_WIRED_PAGES ) {
                                entry->zero_wired_pages = TRUE;
@@ -10365,6 +12951,11 @@ vm_map_behavior_set(
        case VM_BEHAVIOR_CAN_REUSE:
                return vm_map_can_reuse(map, start, end);
 
        case VM_BEHAVIOR_CAN_REUSE:
                return vm_map_can_reuse(map, start, end);
 
+#if MACH_ASSERT
+       case VM_BEHAVIOR_PAGEOUT:
+               return vm_map_pageout(map, start, end);
+#endif /* MACH_ASSERT */
+
        default:
                return(KERN_INVALID_ARGUMENT);
        }
        default:
                return(KERN_INVALID_ARGUMENT);
        }
@@ -10410,6 +13001,7 @@ vm_map_willneed(
        fault_info.io_sync = FALSE;
        fault_info.cs_bypass = FALSE;
        fault_info.mark_zf_absent = FALSE;
        fault_info.io_sync = FALSE;
        fault_info.cs_bypass = FALSE;
        fault_info.mark_zf_absent = FALSE;
+       fault_info.batch_pmap_op = FALSE;
 
        /*
         * The MADV_WILLNEED operation doesn't require any changes to the
 
        /*
         * The MADV_WILLNEED operation doesn't require any changes to the
@@ -10440,7 +13032,7 @@ vm_map_willneed(
                 * correspond.  After that, the offset will always be zero to
                 * correspond to the beginning of the current vm_map_entry.
                 */
                 * correspond.  After that, the offset will always be zero to
                 * correspond to the beginning of the current vm_map_entry.
                 */
-               offset = (start - entry->vme_start) + entry->offset;
+               offset = (start - entry->vme_start) + VME_OFFSET(entry);
 
                /*
                 * Set the length so we don't go beyond the end of the
 
                /*
                 * Set the length so we don't go beyond the end of the
@@ -10461,7 +13053,12 @@ vm_map_willneed(
                fault_info.cluster_size = (vm_size_t) len;
                fault_info.lo_offset    = offset; 
                fault_info.hi_offset    = offset + len;
                fault_info.cluster_size = (vm_size_t) len;
                fault_info.lo_offset    = offset; 
                fault_info.hi_offset    = offset + len;
-               fault_info.user_tag     = entry->alias;
+               fault_info.user_tag     = VME_ALIAS(entry);
+               fault_info.pmap_options = 0;
+               if (entry->iokit_acct ||
+                   (!entry->is_sub_map && !entry->use_pmap)) {
+                       fault_info.pmap_options |= PMAP_OPTIONS_ALT_ACCT;
+               }
 
                /*
                 * If there's no read permission to this mapping, then just
 
                /*
                 * If there's no read permission to this mapping, then just
@@ -10499,7 +13096,7 @@ vm_map_willneed(
                 *
                 * Note that memory_object_data_request() places limits on the
                 * amount of I/O it will do.  Regardless of the len we
                 *
                 * Note that memory_object_data_request() places limits on the
                 * amount of I/O it will do.  Regardless of the len we
-                * specified, it won't do more than MAX_UPL_TRANSFER and it
+                * specified, it won't do more than MAX_UPL_TRANSFER_BYTES and it
                 * silently truncates the len to that size.  This isn't
                 * necessarily bad since madvise shouldn't really be used to
                 * page in unlimited amounts of data.  Other Unix variants
                 * silently truncates the len to that size.  This isn't
                 * necessarily bad since madvise shouldn't really be used to
                 * page in unlimited amounts of data.  Other Unix variants
@@ -10554,9 +13151,37 @@ static boolean_t
 vm_map_entry_is_reusable(
        vm_map_entry_t entry)
 {
 vm_map_entry_is_reusable(
        vm_map_entry_t entry)
 {
+       /* Only user map entries */
+
        vm_object_t object;
 
        vm_object_t object;
 
-       if (entry->is_shared ||
+       if (entry->is_sub_map) {
+               return FALSE;
+       }
+
+       switch (VME_ALIAS(entry)) {
+       case VM_MEMORY_MALLOC:
+       case VM_MEMORY_MALLOC_SMALL:
+       case VM_MEMORY_MALLOC_LARGE:
+       case VM_MEMORY_REALLOC:
+       case VM_MEMORY_MALLOC_TINY:
+       case VM_MEMORY_MALLOC_LARGE_REUSABLE:
+       case VM_MEMORY_MALLOC_LARGE_REUSED:
+               /*
+                * This is a malloc() memory region: check if it's still
+                * in its original state and can be re-used for more
+                * malloc() allocations.
+                */
+               break;
+       default:
+               /*
+                * Not a malloc() memory region: let the caller decide if
+                * it's re-usable.
+                */
+               return TRUE;
+       }
+
+       if (entry->is_shared ||
            entry->is_sub_map ||
            entry->in_transition ||
            entry->protection != VM_PROT_DEFAULT ||
            entry->is_sub_map ||
            entry->in_transition ||
            entry->protection != VM_PROT_DEFAULT ||
@@ -10564,18 +13189,33 @@ vm_map_entry_is_reusable(
            entry->inheritance != VM_INHERIT_DEFAULT ||
            entry->no_cache ||
            entry->permanent ||
            entry->inheritance != VM_INHERIT_DEFAULT ||
            entry->no_cache ||
            entry->permanent ||
-           entry->superpage_size != 0 ||
+           entry->superpage_size != FALSE ||
            entry->zero_wired_pages ||
            entry->wired_count != 0 ||
            entry->user_wired_count != 0) {
                return FALSE;
        }
 
            entry->zero_wired_pages ||
            entry->wired_count != 0 ||
            entry->user_wired_count != 0) {
                return FALSE;
        }
 
-       object = entry->object.vm_object;
+       object = VME_OBJECT(entry);
        if (object == VM_OBJECT_NULL) {
                return TRUE;
        }
        if (object == VM_OBJECT_NULL) {
                return TRUE;
        }
-       if (object->ref_count == 1 &&
+       if (
+#if 0
+               /*
+                * Let's proceed even if the VM object is potentially
+                * shared.
+                * We check for this later when processing the actual
+                * VM pages, so the contents will be safe if shared.
+                * 
+                * But we can still mark this memory region as "reusable" to
+                * acknowledge that the caller did let us know that the memory
+                * could be re-used and should not be penalized for holding
+                * on to it.  This allows its "resident size" to not include
+                * the reusable range.
+                */
+           object->ref_count == 1 &&
+#endif
            object->wired_page_count == 0 &&
            object->copy == VM_OBJECT_NULL &&
            object->shadow == VM_OBJECT_NULL &&
            object->wired_page_count == 0 &&
            object->copy == VM_OBJECT_NULL &&
            object->shadow == VM_OBJECT_NULL &&
@@ -10607,6 +13247,7 @@ vm_map_reuse_pages(
         */
 
        vm_map_lock_read(map);
         */
 
        vm_map_lock_read(map);
+       assert(map->pmap != kernel_pmap);       /* protect alias access */
 
        /*
         * The madvise semantics require that the address range be fully
 
        /*
         * The madvise semantics require that the address range be fully
@@ -10645,10 +13286,11 @@ vm_map_reuse_pages(
                        start_offset = 0;
                }
                end_offset = MIN(end, entry->vme_end) - entry->vme_start;
                        start_offset = 0;
                }
                end_offset = MIN(end, entry->vme_end) - entry->vme_start;
-               start_offset += entry->offset;
-               end_offset += entry->offset;
+               start_offset += VME_OFFSET(entry);
+               end_offset += VME_OFFSET(entry);
 
 
-               object = entry->object.vm_object;
+               assert(!entry->is_sub_map);
+               object = VME_OBJECT(entry);
                if (object != VM_OBJECT_NULL) {
                        vm_object_lock(object);
                        vm_object_reuse_pages(object, start_offset, end_offset,
                if (object != VM_OBJECT_NULL) {
                        vm_object_lock(object);
                        vm_object_reuse_pages(object, start_offset, end_offset,
@@ -10656,7 +13298,7 @@ vm_map_reuse_pages(
                        vm_object_unlock(object);
                }
 
                        vm_object_unlock(object);
                }
 
-               if (entry->alias == VM_MEMORY_MALLOC_LARGE_REUSABLE) {
+               if (VME_ALIAS(entry) == VM_MEMORY_MALLOC_LARGE_REUSABLE) {
                        /*
                         * XXX
                         * We do not hold the VM map exclusively here.
                        /*
                         * XXX
                         * We do not hold the VM map exclusively here.
@@ -10665,7 +13307,7 @@ vm_map_reuse_pages(
                         * one that can be modified while holding the VM map
                         * "shared".
                         */
                         * one that can be modified while holding the VM map
                         * "shared".
                         */
-                       entry->alias = VM_MEMORY_MALLOC_LARGE_REUSED;
+                       VME_ALIAS_SET(entry, VM_MEMORY_MALLOC_LARGE_REUSED);
                }
        }
        
                }
        }
        
@@ -10684,6 +13326,7 @@ vm_map_reusable_pages(
        vm_map_entry_t                  entry;
        vm_object_t                     object;
        vm_object_offset_t              start_offset, end_offset;
        vm_map_entry_t                  entry;
        vm_object_t                     object;
        vm_object_offset_t              start_offset, end_offset;
+       vm_map_offset_t                 pmap_offset;
 
        /*
         * The MADV_REUSABLE operation doesn't require any changes to the
 
        /*
         * The MADV_REUSABLE operation doesn't require any changes to the
@@ -10691,6 +13334,7 @@ vm_map_reusable_pages(
         */
 
        vm_map_lock_read(map);
         */
 
        vm_map_lock_read(map);
+       assert(map->pmap != kernel_pmap);       /* protect alias access */
 
        /*
         * The madvise semantics require that the address range be fully
 
        /*
         * The madvise semantics require that the address range be fully
@@ -10720,6 +13364,14 @@ vm_map_reusable_pages(
                        return KERN_INVALID_ADDRESS;
                }
 
                        return KERN_INVALID_ADDRESS;
                }
 
+               if (! (entry->protection & VM_PROT_WRITE) && !entry->used_for_jit) {
+                       /* not writable: can't discard contents */
+                       vm_map_unlock_read(map);
+                       vm_page_stats_reusable.reusable_nonwritable++;
+                       vm_page_stats_reusable.reusable_pages_failure++;
+                       return KERN_PROTECTION_FAILURE;
+               }
+
                /*
                 * The first time through, the start address could be anywhere
                 * within the vm_map_entry we found.  So adjust the offset to
                /*
                 * The first time through, the start address could be anywhere
                 * within the vm_map_entry we found.  So adjust the offset to
@@ -10727,36 +13379,58 @@ vm_map_reusable_pages(
                 */
                if (entry->vme_start < start) {
                        start_offset = start - entry->vme_start;
                 */
                if (entry->vme_start < start) {
                        start_offset = start - entry->vme_start;
+                       pmap_offset = start;
                } else {
                        start_offset = 0;
                } else {
                        start_offset = 0;
+                       pmap_offset = entry->vme_start;
                }
                end_offset = MIN(end, entry->vme_end) - entry->vme_start;
                }
                end_offset = MIN(end, entry->vme_end) - entry->vme_start;
-               start_offset += entry->offset;
-               end_offset += entry->offset;
+               start_offset += VME_OFFSET(entry);
+               end_offset += VME_OFFSET(entry);
 
 
-               object = entry->object.vm_object;
+               assert(!entry->is_sub_map);
+               object = VME_OBJECT(entry);
                if (object == VM_OBJECT_NULL)
                        continue;
 
 
                vm_object_lock(object);
                if (object == VM_OBJECT_NULL)
                        continue;
 
 
                vm_object_lock(object);
-               if (object->ref_count == 1 && !object->shadow)
+               if (((object->ref_count == 1) ||
+                    (object->copy_strategy != MEMORY_OBJECT_COPY_SYMMETRIC &&
+                     object->copy == VM_OBJECT_NULL)) &&
+                   object->shadow == VM_OBJECT_NULL &&
+                   /*
+                    * "iokit_acct" entries are billed for their virtual size
+                    * (rather than for their resident pages only), so they
+                    * wouldn't benefit from making pages reusable, and it
+                    * would be hard to keep track of pages that are both
+                    * "iokit_acct" and "reusable" in the pmap stats and
+                    * ledgers.
+                    */
+                   !(entry->iokit_acct ||
+                     (!entry->is_sub_map && !entry->use_pmap))) {
+                       if (object->ref_count != 1) {
+                               vm_page_stats_reusable.reusable_shared++;
+                       }
                        kill_pages = 1;
                        kill_pages = 1;
-               else
+               } else {
                        kill_pages = -1;
                        kill_pages = -1;
+               }
                if (kill_pages != -1) {
                        vm_object_deactivate_pages(object,
                                                   start_offset,
                                                   end_offset - start_offset,
                                                   kill_pages,
                if (kill_pages != -1) {
                        vm_object_deactivate_pages(object,
                                                   start_offset,
                                                   end_offset - start_offset,
                                                   kill_pages,
-                                                  TRUE /*reusable_pages*/);
+                                                  TRUE /*reusable_pages*/,
+                                                  map->pmap,
+                                                  pmap_offset);
                } else {
                        vm_page_stats_reusable.reusable_pages_shared++;
                }
                vm_object_unlock(object);
 
                } else {
                        vm_page_stats_reusable.reusable_pages_shared++;
                }
                vm_object_unlock(object);
 
-               if (entry->alias == VM_MEMORY_MALLOC_LARGE ||
-                   entry->alias == VM_MEMORY_MALLOC_LARGE_REUSED) {
+               if (VME_ALIAS(entry) == VM_MEMORY_MALLOC_LARGE ||
+                   VME_ALIAS(entry) == VM_MEMORY_MALLOC_LARGE_REUSED) {
                        /*
                         * XXX
                         * We do not hold the VM map exclusively here.
                        /*
                         * XXX
                         * We do not hold the VM map exclusively here.
@@ -10765,7 +13439,7 @@ vm_map_reusable_pages(
                         * one that can be modified while holding the VM map
                         * "shared".
                         */
                         * one that can be modified while holding the VM map
                         * "shared".
                         */
-                       entry->alias = VM_MEMORY_MALLOC_LARGE_REUSABLE;
+                       VME_ALIAS_SET(entry, VM_MEMORY_MALLOC_LARGE_REUSABLE);
                }
        }
        
                }
        }
        
@@ -10789,6 +13463,7 @@ vm_map_can_reuse(
         */
 
        vm_map_lock_read(map);
         */
 
        vm_map_lock_read(map);
+       assert(map->pmap != kernel_pmap);       /* protect alias access */
 
        /*
         * The madvise semantics require that the address range be fully
 
        /*
         * The madvise semantics require that the address range be fully
@@ -10823,299 +13498,96 @@ vm_map_can_reuse(
 }
 
 
 }
 
 
-
-#include <mach_kdb.h>
-#if    MACH_KDB
-#include <ddb/db_output.h>
-#include <vm/vm_print.h>
-
-#define        printf  db_printf
-
-/*
- * Forward declarations for internal functions.
- */
-extern void vm_map_links_print(
-       struct vm_map_links     *links);
-
-extern void vm_map_header_print(
-       struct vm_map_header    *header);
-
-extern void vm_map_entry_print(
-       vm_map_entry_t          entry);
-
-extern void vm_follow_entry(
-       vm_map_entry_t          entry);
-
-extern void vm_follow_map(
-       vm_map_t                map);
-
-/*
- *     vm_map_links_print:     [ debug ]
- */
-void
-vm_map_links_print(
-       struct vm_map_links     *links)
-{
-       iprintf("prev = %08X  next = %08X  start = %016llX  end = %016llX\n",
-               links->prev,
-               links->next,
-               (unsigned long long)links->start,
-               (unsigned long long)links->end);
-}
-
-/*
- *     vm_map_header_print:    [ debug ]
- */
-void
-vm_map_header_print(
-       struct vm_map_header    *header)
-{
-       vm_map_links_print(&header->links);
-       iprintf("nentries = %08X, %sentries_pageable\n",
-               header->nentries,
-               (header->entries_pageable ? "" : "!"));
-}
-
-/*
- *     vm_follow_entry:        [ debug ]
- */
-void
-vm_follow_entry(
-       vm_map_entry_t entry)
-{
-       int shadows;
-
-       iprintf("map entry %08X\n", entry);
-
-       db_indent += 2;
-
-       shadows = vm_follow_object(entry->object.vm_object);
-       iprintf("Total objects : %d\n",shadows);
-
-       db_indent -= 2;
-}
-
-/*
- *     vm_map_entry_print:     [ debug ]
- */
-void
-vm_map_entry_print(
-       register vm_map_entry_t entry)
-{
-       static const char *inheritance_name[4] =
-               { "share", "copy", "none", "?"};
-       static const char *behavior_name[4] =
-               { "dflt", "rand", "seqtl", "rseqntl" };
-       
-       iprintf("map entry %08X - prev = %08X  next = %08X\n", entry, entry->vme_prev, entry->vme_next);
-
-       db_indent += 2;
-
-       vm_map_links_print(&entry->links);
-
-       iprintf("start = %016llX  end = %016llX - prot=%x/%x/%s\n",
-               (unsigned long long)entry->vme_start,
-               (unsigned long long)entry->vme_end,
-               entry->protection,
-               entry->max_protection,
-               inheritance_name[(entry->inheritance & 0x3)]);
-
-       iprintf("behavior = %s, wired_count = %d, user_wired_count = %d\n",
-               behavior_name[(entry->behavior & 0x3)],
-               entry->wired_count,
-               entry->user_wired_count);
-       iprintf("%sin_transition, %sneeds_wakeup\n",
-               (entry->in_transition ? "" : "!"),
-               (entry->needs_wakeup ? "" : "!"));
-
-       if (entry->is_sub_map) {
-               iprintf("submap = %08X - offset = %016llX\n",
-                       entry->object.sub_map,
-                       (unsigned long long)entry->offset);
-       } else {
-               iprintf("object = %08X  offset = %016llX - ",
-                       entry->object.vm_object,
-                       (unsigned long long)entry->offset);
-               printf("%sis_shared, %sneeds_copy\n",
-                      (entry->is_shared ? "" : "!"),
-                      (entry->needs_copy ? "" : "!"));
-       }
-
-       db_indent -= 2;
-}
-
-/*
- *     vm_follow_map:  [ debug ]
- */
-void
-vm_follow_map(
-       vm_map_t map)
-{
-       register vm_map_entry_t entry;
-
-       iprintf("task map %08X\n", map);
-
-       db_indent += 2;
-
-       for (entry = vm_map_first_entry(map);
-            entry && entry != vm_map_to_entry(map);
-            entry = entry->vme_next) {
-               vm_follow_entry(entry);
-       }
-
-       db_indent -= 2;
-}
-
-/*
- *     vm_map_print:   [ debug ]
- */
-void
-vm_map_print(
-       db_addr_t inmap)
+#if MACH_ASSERT
+static kern_return_t
+vm_map_pageout(
+       vm_map_t        map,
+       vm_map_offset_t start,
+       vm_map_offset_t end)
 {
 {
-       register vm_map_entry_t entry;
-       vm_map_t map;
-#if TASK_SWAPPER
-       char *swstate;
-#endif /* TASK_SWAPPER */
-
-       map = (vm_map_t)(long)
-               inmap;  /* Make sure we have the right type */
-
-       iprintf("task map %08X\n", map);
-
-       db_indent += 2;
+       vm_map_entry_t                  entry;
 
 
-       vm_map_header_print(&map->hdr);
+       /*
+        * The MADV_PAGEOUT operation doesn't require any changes to the
+        * vm_map_entry_t's, so the read lock is sufficient.
+        */
 
 
-       iprintf("pmap = %08X  size = %08X  ref = %d  hint = %08X  first_free = %08X\n",
-               map->pmap,
-               map->size,
-               map->ref_count,
-               map->hint,
-               map->first_free);
+       vm_map_lock_read(map);
 
 
-       iprintf("%swait_for_space, %swiring_required, timestamp = %d\n",
-               (map->wait_for_space ? "" : "!"),
-               (map->wiring_required ? "" : "!"),
-               map->timestamp);
+       /*
+        * The madvise semantics require that the address range be fully
+        * allocated with no holes.  Otherwise, we're required to return
+        * an error.
+        */
 
 
-#if    TASK_SWAPPER
-       switch (map->sw_state) {
-       case MAP_SW_IN:
-               swstate = "SW_IN";
-               break;
-       case MAP_SW_OUT:
-               swstate = "SW_OUT";
-               break;
-       default:
-               swstate = "????";
-               break;
+       if (!vm_map_range_check(map, start, end, &entry)) {
+               vm_map_unlock_read(map);
+               return KERN_INVALID_ADDRESS;
        }
        }
-       iprintf("res = %d, sw_state = %s\n", map->res_count, swstate);
-#endif /* TASK_SWAPPER */
 
 
-       for (entry = vm_map_first_entry(map);
-            entry && entry != vm_map_to_entry(map);
+       /*
+        * Examine each vm_map_entry_t in the range.
+        */
+       for (; entry != vm_map_to_entry(map) && entry->vme_start < end;
             entry = entry->vme_next) {
             entry = entry->vme_next) {
-               vm_map_entry_print(entry);
-       }
+               vm_object_t     object;
 
 
-       db_indent -= 2;
-}
-
-/*
- *     Routine:        vm_map_copy_print
- *     Purpose:
- *             Pretty-print a copy object for ddb.
- */
-
-void
-vm_map_copy_print(
-       db_addr_t       incopy)
-{
-       vm_map_copy_t copy;
-       vm_map_entry_t entry;
-
-       copy = (vm_map_copy_t)(long)
-               incopy; /* Make sure we have the right type */
-
-       printf("copy object 0x%x\n", copy);
-
-       db_indent += 2;
+               /*
+                * Sanity check on the VM map entry.
+                */
+               if (entry->is_sub_map) {
+                       vm_map_t submap;
+                       vm_map_offset_t submap_start;
+                       vm_map_offset_t submap_end;
+                       vm_map_entry_t submap_entry;
+
+                       submap = VME_SUBMAP(entry);
+                       submap_start = VME_OFFSET(entry);
+                       submap_end = submap_start + (entry->vme_end - 
+                                                    entry->vme_start);
+
+                       vm_map_lock_read(submap);
+
+                       if (! vm_map_range_check(submap,
+                                                submap_start,
+                                                submap_end,
+                                                &submap_entry)) {
+                               vm_map_unlock_read(submap);
+                               vm_map_unlock_read(map);
+                               return KERN_INVALID_ADDRESS;
+                       }
 
 
-       iprintf("type=%d", copy->type);
-       switch (copy->type) {
-       case VM_MAP_COPY_ENTRY_LIST:
-               printf("[entry_list]");
-               break;
-               
-       case VM_MAP_COPY_OBJECT:
-               printf("[object]");
-               break;
-               
-       case VM_MAP_COPY_KERNEL_BUFFER:
-               printf("[kernel_buffer]");
-               break;
+                       object = VME_OBJECT(submap_entry);
+                       if (submap_entry->is_sub_map ||
+                           object == VM_OBJECT_NULL ||
+                           !object->internal) {
+                               vm_map_unlock_read(submap);
+                               continue;
+                       }
 
 
-       default:
-               printf("[bad type]");
-               break;
-       }
-       printf(", offset=0x%llx", (unsigned long long)copy->offset);
-       printf(", size=0x%x\n", copy->size);
+                       vm_object_pageout(object);
 
 
-       switch (copy->type) {
-       case VM_MAP_COPY_ENTRY_LIST:
-               vm_map_header_print(&copy->cpy_hdr);
-               for (entry = vm_map_copy_first_entry(copy);
-                    entry && entry != vm_map_copy_to_entry(copy);
-                    entry = entry->vme_next) {
-                       vm_map_entry_print(entry);
+                       vm_map_unlock_read(submap);
+                       submap = VM_MAP_NULL;
+                       submap_entry = VM_MAP_ENTRY_NULL;
+                       continue;
                }
                }
-               break;
-
-       case VM_MAP_COPY_OBJECT:
-               iprintf("object=0x%x\n", copy->cpy_object);
-               break;
-
-       case VM_MAP_COPY_KERNEL_BUFFER:
-               iprintf("kernel buffer=0x%x", copy->cpy_kdata);
-               printf(", kalloc_size=0x%x\n", copy->cpy_kalloc_size);
-               break;
-
-       }
-
-       db_indent -=2;
-}
-
-/*
- *     db_vm_map_total_size(map)       [ debug ]
- *
- *     return the total virtual size (in bytes) of the map
- */
-vm_map_size_t
-db_vm_map_total_size(
-       db_addr_t       inmap)
-{
-       vm_map_entry_t  entry;
-       vm_map_size_t   total;
-       vm_map_t map;
 
 
-       map = (vm_map_t)(long)
-               inmap;  /* Make sure we have the right type */
+               object = VME_OBJECT(entry);
+               if (entry->is_sub_map ||
+                   object == VM_OBJECT_NULL ||
+                   !object->internal) {
+                       continue;
+               }
 
 
-       total = 0;
-       for (entry = vm_map_first_entry(map);
-            entry != vm_map_to_entry(map);
-            entry = entry->vme_next) {
-               total += entry->vme_end - entry->vme_start;
+               vm_object_pageout(object);
        }
        }
-
-       return total;
+       
+       vm_map_unlock_read(map);
+       return KERN_SUCCESS;
 }
 }
+#endif /* MACH_ASSERT */
 
 
-#endif /* MACH_KDB */
 
 /*
  *     Routine:        vm_map_entry_insert
 
 /*
  *     Routine:        vm_map_entry_insert
@@ -11140,24 +13612,43 @@ vm_map_entry_insert(
        unsigned                wired_count,
        boolean_t               no_cache,
        boolean_t               permanent,
        unsigned                wired_count,
        boolean_t               no_cache,
        boolean_t               permanent,
-       unsigned int            superpage_size)
+       unsigned int            superpage_size,
+       boolean_t               clear_map_aligned,
+       boolean_t               is_submap)
 {
        vm_map_entry_t  new_entry;
 
        assert(insp_entry != (vm_map_entry_t)0);
 
 {
        vm_map_entry_t  new_entry;
 
        assert(insp_entry != (vm_map_entry_t)0);
 
-       new_entry = vm_map_entry_create(map);
+       new_entry = vm_map_entry_create(map, !map->hdr.entries_pageable);
+
+       if (VM_MAP_PAGE_SHIFT(map) != PAGE_SHIFT) {
+               new_entry->map_aligned = TRUE;
+       } else {
+               new_entry->map_aligned = FALSE;
+       }
+       if (clear_map_aligned &&
+           (! VM_MAP_PAGE_ALIGNED(start, VM_MAP_PAGE_MASK(map)) ||
+            ! VM_MAP_PAGE_ALIGNED(end, VM_MAP_PAGE_MASK(map)))) {
+               new_entry->map_aligned = FALSE;
+       }
 
        new_entry->vme_start = start;
        new_entry->vme_end = end;
        assert(page_aligned(new_entry->vme_start));
        assert(page_aligned(new_entry->vme_end));
 
        new_entry->vme_start = start;
        new_entry->vme_end = end;
        assert(page_aligned(new_entry->vme_start));
        assert(page_aligned(new_entry->vme_end));
+       if (new_entry->map_aligned) {
+               assert(VM_MAP_PAGE_ALIGNED(new_entry->vme_start,
+                                          VM_MAP_PAGE_MASK(map)));
+               assert(VM_MAP_PAGE_ALIGNED(new_entry->vme_end,
+                                          VM_MAP_PAGE_MASK(map)));
+       }
        assert(new_entry->vme_start < new_entry->vme_end);
 
        assert(new_entry->vme_start < new_entry->vme_end);
 
-       new_entry->object.vm_object = object;
-       new_entry->offset = offset;
+       VME_OBJECT_SET(new_entry, object);
+       VME_OFFSET_SET(new_entry, offset);
        new_entry->is_shared = is_shared;
        new_entry->is_shared = is_shared;
-       new_entry->is_sub_map = FALSE;
+       new_entry->is_sub_map = is_submap;
        new_entry->needs_copy = needs_copy;
        new_entry->in_transition = in_transition;
        new_entry->needs_wakeup = FALSE;
        new_entry->needs_copy = needs_copy;
        new_entry->in_transition = in_transition;
        new_entry->needs_wakeup = FALSE;
@@ -11167,13 +13658,32 @@ vm_map_entry_insert(
        new_entry->behavior = behavior;
        new_entry->wired_count = wired_count;
        new_entry->user_wired_count = 0;
        new_entry->behavior = behavior;
        new_entry->wired_count = wired_count;
        new_entry->user_wired_count = 0;
-       new_entry->use_pmap = FALSE;
-       new_entry->alias = 0;
+       if (is_submap) {
+               /*
+                * submap: "use_pmap" means "nested".
+                * default: false.
+                */
+               new_entry->use_pmap = FALSE;
+       } else {
+               /*
+                * object: "use_pmap" means "use pmap accounting" for footprint.
+                * default: true.
+                */
+               new_entry->use_pmap = TRUE;
+       }
+       VME_ALIAS_SET(new_entry, 0);
        new_entry->zero_wired_pages = FALSE;
        new_entry->no_cache = no_cache;
        new_entry->permanent = permanent;
        new_entry->zero_wired_pages = FALSE;
        new_entry->no_cache = no_cache;
        new_entry->permanent = permanent;
-       new_entry->superpage_size = superpage_size;
+       if (superpage_size)
+               new_entry->superpage_size = TRUE;
+       else
+               new_entry->superpage_size = FALSE;
        new_entry->used_for_jit = FALSE;
        new_entry->used_for_jit = FALSE;
+       new_entry->iokit_acct = FALSE;
+       new_entry->vme_resilient_codesign = FALSE;
+       new_entry->vme_resilient_media = FALSE;
+       new_entry->vme_atomic = FALSE;
 
        /*
         *      Insert the new entry into the list.
 
        /*
         *      Insert the new entry into the list.
@@ -11206,7 +13716,8 @@ vm_map_remap_extract(
        vm_prot_t               *max_protection,
        /* What, no behavior? */
        vm_inherit_t            inheritance,
        vm_prot_t               *max_protection,
        /* What, no behavior? */
        vm_inherit_t            inheritance,
-       boolean_t               pageable)
+       boolean_t               pageable,
+       boolean_t               same_map)
 {
        kern_return_t           result;
        vm_map_size_t           mapped_size;
 {
        kern_return_t           result;
        vm_map_size_t           mapped_size;
@@ -11223,7 +13734,8 @@ vm_map_remap_extract(
        boolean_t               new_entry_needs_copy;
 
        assert(map != VM_MAP_NULL);
        boolean_t               new_entry_needs_copy;
 
        assert(map != VM_MAP_NULL);
-       assert(size != 0 && size == vm_map_round_page(size));
+       assert(size != 0);
+       assert(size == vm_map_round_page(size, PAGE_MASK));
        assert(inheritance == VM_INHERIT_NONE ||
               inheritance == VM_INHERIT_COPY ||
               inheritance == VM_INHERIT_SHARE);
        assert(inheritance == VM_INHERIT_NONE ||
               inheritance == VM_INHERIT_COPY ||
               inheritance == VM_INHERIT_SHARE);
@@ -11231,8 +13743,9 @@ vm_map_remap_extract(
        /*
         *      Compute start and end of region.
         */
        /*
         *      Compute start and end of region.
         */
-       src_start = vm_map_trunc_page(addr);
-       src_end = vm_map_round_page(src_start + size);
+       src_start = vm_map_trunc_page(addr, PAGE_MASK);
+       src_end = vm_map_round_page(src_start + size, PAGE_MASK);
+
 
        /*
         *      Initialize map_header.
 
        /*
         *      Initialize map_header.
@@ -11241,6 +13754,7 @@ vm_map_remap_extract(
        map_header->links.prev = (struct vm_map_entry *)&map_header->links;
        map_header->nentries = 0;
        map_header->entries_pageable = pageable;
        map_header->links.prev = (struct vm_map_entry *)&map_header->links;
        map_header->nentries = 0;
        map_header->entries_pageable = pageable;
+       map_header->page_shift = PAGE_SHIFT;
 
        vm_map_store_init( map_header );
 
 
        vm_map_store_init( map_header );
 
@@ -11281,15 +13795,33 @@ vm_map_remap_extract(
                                             src_entry->vme_start);
 
                if(src_entry->is_sub_map) {
                                             src_entry->vme_start);
 
                if(src_entry->is_sub_map) {
-                       vm_map_reference(src_entry->object.sub_map);
+                       vm_map_reference(VME_SUBMAP(src_entry));
                        object = VM_OBJECT_NULL;
                } else {
                        object = VM_OBJECT_NULL;
                } else {
-                       object = src_entry->object.vm_object;
+                       object = VME_OBJECT(src_entry);
+                       if (src_entry->iokit_acct) {
+                               /*
+                                * This entry uses "IOKit accounting".
+                                */
+                       } else if (object != VM_OBJECT_NULL &&
+                                  object->purgable != VM_PURGABLE_DENY) {
+                               /*
+                                * Purgeable objects have their own accounting:
+                                * no pmap accounting for them.
+                                */
+                               assert(!src_entry->use_pmap);
+                       } else {
+                               /*
+                                * Not IOKit or purgeable:
+                                * must be accounted by pmap stats.
+                                */
+                               assert(src_entry->use_pmap);
+                       }
 
                        if (object == VM_OBJECT_NULL) {
                                object = vm_object_allocate(entry_size);
 
                        if (object == VM_OBJECT_NULL) {
                                object = vm_object_allocate(entry_size);
-                               src_entry->offset = 0;
-                               src_entry->object.vm_object = object;
+                               VME_OFFSET_SET(src_entry, 0);
+                               VME_OBJECT_SET(src_entry, object);
                        } else if (object->copy_strategy !=
                                   MEMORY_OBJECT_COPY_SYMMETRIC) {
                                /*
                        } else if (object->copy_strategy !=
                                   MEMORY_OBJECT_COPY_SYMMETRIC) {
                                /*
@@ -11303,9 +13835,7 @@ vm_map_remap_extract(
                                    !src_entry->is_shared &&
                                    object->vo_size > entry_size)) {
 
                                    !src_entry->is_shared &&
                                    object->vo_size > entry_size)) {
 
-                               vm_object_shadow(&src_entry->object.vm_object,
-                                                &src_entry->offset,
-                                                entry_size);
+                               VME_OBJECT_SHADOW(src_entry, entry_size);
 
                                if (!src_entry->needs_copy &&
                                    (src_entry->protection & VM_PROT_WRITE)) {
 
                                if (!src_entry->needs_copy &&
                                    (src_entry->protection & VM_PROT_WRITE)) {
@@ -11313,13 +13843,15 @@ vm_map_remap_extract(
 
                                        prot = src_entry->protection & ~VM_PROT_WRITE;
 
 
                                        prot = src_entry->protection & ~VM_PROT_WRITE;
 
-                                       if (override_nx(map, src_entry->alias) && prot)
+                                       if (override_nx(map,
+                                                       VME_ALIAS(src_entry))
+                                           && prot)
                                                prot |= VM_PROT_EXECUTE;
 
                                                prot |= VM_PROT_EXECUTE;
 
-                                       if(map->mapped) {
+                                       if(map->mapped_in_other_pmaps) {
                                                vm_object_pmap_protect(
                                                vm_object_pmap_protect(
-                                                       src_entry->object.vm_object,
-                                                       src_entry->offset,
+                                                       VME_OBJECT(src_entry),
+                                                       VME_OFFSET(src_entry),
                                                        entry_size,
                                                        PMAP_NULL,
                                                        src_entry->vme_start,
                                                        entry_size,
                                                        PMAP_NULL,
                                                        src_entry->vme_start,
@@ -11332,7 +13864,7 @@ vm_map_remap_extract(
                                        }
                                }
 
                                        }
                                }
 
-                               object = src_entry->object.vm_object;
+                               object = VME_OBJECT(src_entry);
                                src_entry->needs_copy = FALSE;
                        }
 
                                src_entry->needs_copy = FALSE;
                        }
 
@@ -11347,23 +13879,37 @@ vm_map_remap_extract(
                        vm_object_unlock(object);
                }
 
                        vm_object_unlock(object);
                }
 
-               offset = src_entry->offset + (src_start - src_entry->vme_start);
+               offset = (VME_OFFSET(src_entry) +
+                         (src_start - src_entry->vme_start));
 
 
-               new_entry = _vm_map_entry_create(map_header);
+               new_entry = _vm_map_entry_create(map_header, !map_header->entries_pageable);
                vm_map_entry_copy(new_entry, src_entry);
                vm_map_entry_copy(new_entry, src_entry);
-               new_entry->use_pmap = FALSE; /* clr address space specifics */
+               if (new_entry->is_sub_map) {
+                       /* clr address space specifics */
+                       new_entry->use_pmap = FALSE;
+               }
+
+               new_entry->map_aligned = FALSE;
 
                new_entry->vme_start = map_address;
                new_entry->vme_end = map_address + tmp_size;
                assert(new_entry->vme_start < new_entry->vme_end);
                new_entry->inheritance = inheritance;
 
                new_entry->vme_start = map_address;
                new_entry->vme_end = map_address + tmp_size;
                assert(new_entry->vme_start < new_entry->vme_end);
                new_entry->inheritance = inheritance;
-               new_entry->offset = offset;
+               VME_OFFSET_SET(new_entry, offset);
 
                /*
                 * The new region has to be copied now if required.
                 */
        RestartCopy:
                if (!copy) {
 
                /*
                 * The new region has to be copied now if required.
                 */
        RestartCopy:
                if (!copy) {
+                       /*
+                        * Cannot allow an entry describing a JIT
+                        * region to be shared across address spaces.
+                        */
+                       if (src_entry->used_for_jit == TRUE && !same_map) {
+                               result = KERN_INVALID_ARGUMENT;
+                               break;
+                       }
                        src_entry->is_shared = TRUE;
                        new_entry->is_shared = TRUE;
                        if (!(new_entry->is_sub_map)) 
                        src_entry->is_shared = TRUE;
                        new_entry->is_shared = TRUE;
                        if (!(new_entry->is_sub_map)) 
@@ -11371,11 +13917,12 @@ vm_map_remap_extract(
 
                } else if (src_entry->is_sub_map) {
                        /* make this a COW sub_map if not already */
 
                } else if (src_entry->is_sub_map) {
                        /* make this a COW sub_map if not already */
+                       assert(new_entry->wired_count == 0);
                        new_entry->needs_copy = TRUE;
                        object = VM_OBJECT_NULL;
                } else if (src_entry->wired_count == 0 &&
                        new_entry->needs_copy = TRUE;
                        object = VM_OBJECT_NULL;
                } else if (src_entry->wired_count == 0 &&
-                          vm_object_copy_quickly(&new_entry->object.vm_object,
-                                                 new_entry->offset,
+                          vm_object_copy_quickly(&VME_OBJECT(new_entry),
+                                                 VME_OFFSET(new_entry),
                                                  (new_entry->vme_end -
                                                   new_entry->vme_start),
                                                  &src_needs_copy,
                                                  (new_entry->vme_end -
                                                   new_entry->vme_start),
                                                  &src_needs_copy,
@@ -11392,18 +13939,21 @@ vm_map_remap_extract(
 
                                prot = src_entry->protection & ~VM_PROT_WRITE;
 
 
                                prot = src_entry->protection & ~VM_PROT_WRITE;
 
-                               if (override_nx(map, src_entry->alias) && prot)
+                               if (override_nx(map,
+                                               VME_ALIAS(src_entry))
+                                   && prot)
                                        prot |= VM_PROT_EXECUTE;
 
                                vm_object_pmap_protect(object,
                                                       offset,
                                                       entry_size,
                                                       ((src_entry->is_shared 
                                        prot |= VM_PROT_EXECUTE;
 
                                vm_object_pmap_protect(object,
                                                       offset,
                                                       entry_size,
                                                       ((src_entry->is_shared 
-                                                        || map->mapped) ?
+                                                        || map->mapped_in_other_pmaps) ?
                                                        PMAP_NULL : map->pmap),
                                                       src_entry->vme_start,
                                                       prot);
 
                                                        PMAP_NULL : map->pmap),
                                                       src_entry->vme_start,
                                                       prot);
 
+                               assert(src_entry->wired_count == 0);
                                src_entry->needs_copy = TRUE;
                        }
                        /*
                                src_entry->needs_copy = TRUE;
                        }
                        /*
@@ -11434,18 +13984,24 @@ vm_map_remap_extract(
                                        offset,
                                        entry_size,
                                        THREAD_UNINT,
                                        offset,
                                        entry_size,
                                        THREAD_UNINT,
-                                       &new_entry->object.vm_object);
+                                       &VME_OBJECT(new_entry));
 
 
-                               new_entry->offset = 0;
+                               VME_OFFSET_SET(new_entry, 0);
                                new_entry->needs_copy = FALSE;
                        } else {
                                new_entry->needs_copy = FALSE;
                        } else {
+                               vm_object_offset_t new_offset;
+
+                               new_offset = VME_OFFSET(new_entry);
                                result = vm_object_copy_strategically(
                                        object,
                                        offset,
                                        entry_size,
                                result = vm_object_copy_strategically(
                                        object,
                                        offset,
                                        entry_size,
-                                       &new_entry->object.vm_object,
-                                       &new_entry->offset,
+                                       &VME_OBJECT(new_entry),
+                                       &new_offset,
                                        &new_entry_needs_copy);
                                        &new_entry_needs_copy);
+                               if (new_offset != VME_OFFSET(new_entry)) {
+                                       VME_OFFSET_SET(new_entry, new_offset);
+                               }
 
                                new_entry->needs_copy = new_entry_needs_copy;
                        }
 
                                new_entry->needs_copy = new_entry_needs_copy;
                        }
@@ -11458,6 +14014,7 @@ vm_map_remap_extract(
                        if (result != KERN_SUCCESS &&
                            result != KERN_MEMORY_RESTART_COPY) {
                                _vm_map_entry_dispose(map_header, new_entry);
                        if (result != KERN_SUCCESS &&
                            result != KERN_MEMORY_RESTART_COPY) {
                                _vm_map_entry_dispose(map_header, new_entry);
+                               vm_map_lock(map);
                                break;
                        }
 
                                break;
                        }
 
@@ -11474,8 +14031,7 @@ vm_map_remap_extract(
                                 * Retry the lookup and verify that the
                                 * same object/offset are still present.
                                 */
                                 * Retry the lookup and verify that the
                                 * same object/offset are still present.
                                 */
-                               vm_object_deallocate(new_entry->
-                                                    object.vm_object);
+                               vm_object_deallocate(VME_OBJECT(new_entry));
                                _vm_map_entry_dispose(map_header, new_entry);
                                if (result == KERN_MEMORY_RESTART_COPY)
                                        result = KERN_SUCCESS;
                                _vm_map_entry_dispose(map_header, new_entry);
                                if (result == KERN_MEMORY_RESTART_COPY)
                                        result = KERN_SUCCESS;
@@ -11512,7 +14068,11 @@ vm_map_remap_extract(
                     src_entry = new_entry) {
                        new_entry = src_entry->vme_next;
                        _vm_map_store_entry_unlink(map_header, src_entry);
                     src_entry = new_entry) {
                        new_entry = src_entry->vme_next;
                        _vm_map_store_entry_unlink(map_header, src_entry);
-                       vm_object_deallocate(src_entry->object.vm_object);
+                       if (src_entry->is_sub_map) {
+                               vm_map_deallocate(VME_SUBMAP(src_entry));
+                       } else {
+                               vm_object_deallocate(VME_OBJECT(src_entry));
+                       }
                        _vm_map_entry_dispose(map_header, src_entry);
                }
        }
                        _vm_map_entry_dispose(map_header, src_entry);
                }
        }
@@ -11549,6 +14109,7 @@ vm_map_remap(
        vm_map_entry_t          insp_entry = VM_MAP_ENTRY_NULL;
        vm_map_entry_t          new_entry;
        struct vm_map_header    map_header;
        vm_map_entry_t          insp_entry = VM_MAP_ENTRY_NULL;
        vm_map_entry_t          new_entry;
        struct vm_map_header    map_header;
+       vm_map_offset_t         offset_in_mapping;
 
        if (target_map == VM_MAP_NULL)
                return KERN_INVALID_ARGUMENT;
 
        if (target_map == VM_MAP_NULL)
                return KERN_INVALID_ARGUMENT;
@@ -11564,15 +14125,40 @@ vm_map_remap(
                return KERN_INVALID_ARGUMENT;
        }
 
                return KERN_INVALID_ARGUMENT;
        }
 
-       size = vm_map_round_page(size);
+       /* 
+        * If the user is requesting that we return the address of the 
+        * first byte of the data (rather than the base of the page), 
+        * then we use different rounding semantics: specifically, 
+        * we assume that (memory_address, size) describes a region
+        * all of whose pages we must cover, rather than a base to be truncated
+        * down and a size to be added to that base.  So we figure out
+        * the highest page that the requested region includes and make
+        * sure that the size will cover it.
+        * 
+        * The key example we're worried about it is of the form:
+        *
+        *              memory_address = 0x1ff0, size = 0x20
+        * 
+        * With the old semantics, we round down the memory_address to 0x1000 
+        * and round up the size to 0x1000, resulting in our covering *only*
+        * page 0x1000.  With the new semantics, we'd realize that the region covers
+        * 0x1ff0-0x2010, and compute a size of 0x2000.  Thus, we cover both page 
+        * 0x1000 and page 0x2000 in the region we remap.
+        */
+       if ((flags & VM_FLAGS_RETURN_DATA_ADDR) != 0) {
+               offset_in_mapping = memory_address - vm_map_trunc_page(memory_address, PAGE_MASK);
+               size = vm_map_round_page(memory_address + size - vm_map_trunc_page(memory_address, PAGE_MASK), PAGE_MASK);
+       } else {
+               size = vm_map_round_page(size, PAGE_MASK);
+       } 
 
        result = vm_map_remap_extract(src_map, memory_address,
                                      size, copy, &map_header,
                                      cur_protection,
                                      max_protection,
                                      inheritance,
 
        result = vm_map_remap_extract(src_map, memory_address,
                                      size, copy, &map_header,
                                      cur_protection,
                                      max_protection,
                                      inheritance,
-                                     target_map->hdr.
-                                     entries_pageable);
+                                     target_map->hdr.entries_pageable,
+                                     src_map == target_map);
 
        if (result != KERN_SUCCESS) {
                return result;
 
        if (result != KERN_SUCCESS) {
                return result;
@@ -11582,7 +14168,8 @@ vm_map_remap(
         * Allocate/check a range of free virtual address
         * space for the target
         */
         * Allocate/check a range of free virtual address
         * space for the target
         */
-       *address = vm_map_trunc_page(*address);
+       *address = vm_map_trunc_page(*address,
+                                    VM_MAP_PAGE_MASK(target_map));
        vm_map_lock(target_map);
        result = vm_map_remap_range_allocate(target_map, address, size,
                                             mask, flags, &insp_entry);
        vm_map_lock(target_map);
        result = vm_map_remap_range_allocate(target_map, address, size,
                                             mask, flags, &insp_entry);
@@ -11593,21 +14180,35 @@ vm_map_remap(
                new_entry = entry->vme_next;
                _vm_map_store_entry_unlink(&map_header, entry);
                if (result == KERN_SUCCESS) {
                new_entry = entry->vme_next;
                _vm_map_store_entry_unlink(&map_header, entry);
                if (result == KERN_SUCCESS) {
+                       if (flags & VM_FLAGS_RESILIENT_CODESIGN) {
+                               /* no codesigning -> read-only access */
+                               assert(!entry->used_for_jit);
+                               entry->max_protection = VM_PROT_READ;
+                               entry->protection = VM_PROT_READ;
+                               entry->vme_resilient_codesign = TRUE;
+                       }
                        entry->vme_start += *address;
                        entry->vme_end += *address;
                        entry->vme_start += *address;
                        entry->vme_end += *address;
+                       assert(!entry->map_aligned);
                        vm_map_store_entry_link(target_map, insp_entry, entry);
                        insp_entry = entry;
                } else {
                        if (!entry->is_sub_map) {
                        vm_map_store_entry_link(target_map, insp_entry, entry);
                        insp_entry = entry;
                } else {
                        if (!entry->is_sub_map) {
-                               vm_object_deallocate(entry->object.vm_object);
+                               vm_object_deallocate(VME_OBJECT(entry));
                        } else {
                        } else {
-                               vm_map_deallocate(entry->object.sub_map);
+                               vm_map_deallocate(VME_SUBMAP(entry));
                        }
                        _vm_map_entry_dispose(&map_header, entry);
                }
        }
 
                        }
                        _vm_map_entry_dispose(&map_header, entry);
                }
        }
 
+       if (flags & VM_FLAGS_RESILIENT_CODESIGN) {
+               *cur_protection = VM_PROT_READ;
+               *max_protection = VM_PROT_READ;
+       }
+
        if( target_map->disable_vmentry_reuse == TRUE) {
        if( target_map->disable_vmentry_reuse == TRUE) {
+               assert(!target_map->is_nested_map);
                if( target_map->highest_entry_end < insp_entry->vme_end ){
                        target_map->highest_entry_end = insp_entry->vme_end;
                }
                if( target_map->highest_entry_end < insp_entry->vme_end ){
                        target_map->highest_entry_end = insp_entry->vme_end;
                }
@@ -11621,7 +14222,17 @@ vm_map_remap(
 
        if (result == KERN_SUCCESS && target_map->wiring_required)
                result = vm_map_wire(target_map, *address,
 
        if (result == KERN_SUCCESS && target_map->wiring_required)
                result = vm_map_wire(target_map, *address,
-                                    *address + size, *cur_protection, TRUE);
+                                    *address + size, *cur_protection | VM_PROT_MEMORY_TAG_MAKE(VM_KERN_MEMORY_MLOCK),
+                                    TRUE);
+
+       /* 
+        * If requested, return the address of the data pointed to by the 
+        * request, rather than the base of the resulting page.
+        */
+       if ((flags & VM_FLAGS_RETURN_DATA_ADDR) != 0) {
+               *address += offset_in_mapping;
+       }
+
        return result;
 }
 
        return result;
 }
 
@@ -11649,6 +14260,7 @@ vm_map_remap_range_allocate(
        vm_map_offset_t start;
        vm_map_offset_t end;
        kern_return_t   kr;
        vm_map_offset_t start;
        vm_map_offset_t end;
        kern_return_t   kr;
+       vm_map_entry_t          hole_entry;
 
 StartAgain: ;
 
 
 StartAgain: ;
 
@@ -11656,6 +14268,18 @@ StartAgain: ;
 
        if (flags & VM_FLAGS_ANYWHERE)
        {
 
        if (flags & VM_FLAGS_ANYWHERE)
        {
+               if (flags & VM_FLAGS_RANDOM_ADDR)
+               {
+                       /*
+                        * Get a random start address.
+                        */
+                       kr = vm_map_random_address_for_size(map, address, size);
+                       if (kr != KERN_SUCCESS) {
+                               return(kr);
+                       }
+                       start = *address;
+               }
+
                /*
                 *      Calculate the first possible address.
                 */
                /*
                 *      Calculate the first possible address.
                 */
@@ -11674,26 +14298,64 @@ StartAgain: ;
                if( map->disable_vmentry_reuse == TRUE) {
                        VM_MAP_HIGHEST_ENTRY(map, entry, start);
                } else {
                if( map->disable_vmentry_reuse == TRUE) {
                        VM_MAP_HIGHEST_ENTRY(map, entry, start);
                } else {
-                       assert(first_free_is_valid(map));
-                       if (start == map->min_offset) {
-                               if ((entry = map->first_free) != vm_map_to_entry(map))
-                                       start = entry->vme_end;
-                       } else {
-                               vm_map_entry_t  tmp_entry;
-                               if (vm_map_lookup_entry(map, start, &tmp_entry))
-                                       start = tmp_entry->vme_end;
-                               entry = tmp_entry;
-                       }
-               }
-               
-               /*
-                *      In any case, the "entry" always precedes
+
+                       if (map->holelistenabled) {
+                               hole_entry = (vm_map_entry_t)map->holes_list;
+
+                               if (hole_entry == NULL) {
+                                       /*
+                                        * No more space in the map?
+                                        */
+                                       return(KERN_NO_SPACE);
+                               } else {
+
+                                       boolean_t found_hole = FALSE;
+
+                                       do {
+                                               if (hole_entry->vme_start >= start) {
+                                                       start = hole_entry->vme_start;
+                                                       found_hole = TRUE;
+                                                       break;
+                                               }
+
+                                               if (hole_entry->vme_end > start) {
+                                                       found_hole = TRUE;
+                                                       break;
+                                               }
+                                               hole_entry = hole_entry->vme_next;
+
+                                       } while (hole_entry != (vm_map_entry_t) map->holes_list);
+
+                                       if (found_hole == FALSE) {
+                                               return (KERN_NO_SPACE);
+                                       }
+
+                                       entry = hole_entry;
+                               }
+                       } else {
+                               assert(first_free_is_valid(map));
+                               if (start == map->min_offset) {
+                                       if ((entry = map->first_free) != vm_map_to_entry(map))
+                                               start = entry->vme_end;
+                               } else {
+                                       vm_map_entry_t  tmp_entry;
+                                       if (vm_map_lookup_entry(map, start, &tmp_entry))
+                                               start = tmp_entry->vme_end;
+                                       entry = tmp_entry;
+                               }
+                       }
+                       start = vm_map_round_page(start,
+                                                 VM_MAP_PAGE_MASK(map));
+               }
+               
+               /*
+                *      In any case, the "entry" always precedes
                 *      the proposed new region throughout the
                 *      loop:
                 */
 
                while (TRUE) {
                 *      the proposed new region throughout the
                 *      loop:
                 */
 
                while (TRUE) {
-                       register vm_map_entry_t next;
+                       vm_map_entry_t  next;
 
                        /*
                         *      Find the end of the proposed new region.
 
                        /*
                         *      Find the end of the proposed new region.
@@ -11702,6 +14364,8 @@ StartAgain: ;
                         */
 
                        end = ((start + mask) & ~mask);
                         */
 
                        end = ((start + mask) & ~mask);
+                       end = vm_map_round_page(end,
+                                               VM_MAP_PAGE_MASK(map));
                        if (end < start)
                                return(KERN_NO_SPACE);
                        start = end;
                        if (end < start)
                                return(KERN_NO_SPACE);
                        start = end;
@@ -11722,30 +14386,56 @@ StartAgain: ;
                                return(KERN_NO_SPACE);
                        }
 
                                return(KERN_NO_SPACE);
                        }
 
-                       /*
-                        *      If there are no more entries, we must win.
-                        */
-
                        next = entry->vme_next;
                        next = entry->vme_next;
-                       if (next == vm_map_to_entry(map))
-                               break;
 
 
-                       /*
-                        *      If there is another entry, it must be
-                        *      after the end of the potential new region.
-                        */
+                       if (map->holelistenabled) {
+                               if (entry->vme_end >= end)
+                                       break;
+                       } else {
+                               /*
+                                *      If there are no more entries, we must win.
+                                *
+                                *      OR
+                                *
+                                *      If there is another entry, it must be
+                                *      after the end of the potential new region.
+                                */
 
 
-                       if (next->vme_start >= end)
-                               break;
+                               if (next == vm_map_to_entry(map))
+                                       break;
+
+                               if (next->vme_start >= end)
+                                       break;
+                       }
 
                        /*
                         *      Didn't fit -- move to the next entry.
                         */
 
                        entry = next;
 
                        /*
                         *      Didn't fit -- move to the next entry.
                         */
 
                        entry = next;
-                       start = entry->vme_end;
+
+                       if (map->holelistenabled) {
+                               if (entry == (vm_map_entry_t) map->holes_list) {
+                                       /*
+                                        * Wrapped around
+                                        */
+                                       return(KERN_NO_SPACE);
+                               }
+                               start = entry->vme_start;
+                       } else {
+                               start = entry->vme_end;
+                       }
                }
                }
+
+               if (map->holelistenabled) {
+
+                       if (vm_map_lookup_entry(map, entry->vme_start, &entry)) {
+                               panic("Found an existing entry (%p) instead of potential hole at address: 0x%llx.\n", entry, (unsigned long long)entry->vme_start);
+                       }
+               }
+
                *address = start;
                *address = start;
+
        } else {
                vm_map_entry_t          temp_entry;
        
        } else {
                vm_map_entry_t          temp_entry;
        
@@ -11786,14 +14476,17 @@ StartAgain: ;
                         */
                        zap_map = vm_map_create(PMAP_NULL,
                                                start,
                         */
                        zap_map = vm_map_create(PMAP_NULL,
                                                start,
-                                               end - start,
+                                               end,
                                                map->hdr.entries_pageable);
                        if (zap_map == VM_MAP_NULL) {
                                return KERN_RESOURCE_SHORTAGE;
                        }
                                                map->hdr.entries_pageable);
                        if (zap_map == VM_MAP_NULL) {
                                return KERN_RESOURCE_SHORTAGE;
                        }
+                       vm_map_set_page_shift(zap_map, VM_MAP_PAGE_SHIFT(map));
+                       vm_map_disable_hole_optimization(zap_map);
 
                        kr = vm_map_delete(map, start, end,
 
                        kr = vm_map_delete(map, start, end,
-                                          VM_MAP_REMOVE_SAVE_ENTRIES,
+                                          (VM_MAP_REMOVE_SAVE_ENTRIES |
+                                           VM_MAP_REMOVE_NO_MAP_ALIGN),
                                           zap_map);
                        if (kr == KERN_SUCCESS) {
                                vm_map_destroy(zap_map,
                                           zap_map);
                        if (kr == KERN_SUCCESS) {
                                vm_map_destroy(zap_map,
@@ -12008,6 +14701,7 @@ vm_map_purgable_control(
        vm_map_entry_t          entry;
        vm_object_t             object;
        kern_return_t           kr;
        vm_map_entry_t          entry;
        vm_object_t             object;
        kern_return_t           kr;
+       boolean_t               was_nonvolatile;
 
        /*
         * Vet all the input parameters and current type and state of the
 
        /*
         * Vet all the input parameters and current type and state of the
@@ -12050,10 +14744,11 @@ vm_map_purgable_control(
                return(KERN_PROTECTION_FAILURE);
        }
 
                return(KERN_PROTECTION_FAILURE);
        }
 
-       object = entry->object.vm_object;
-       if (object == VM_OBJECT_NULL) {
+       object = VME_OBJECT(entry);
+       if (object == VM_OBJECT_NULL ||
+           object->purgable == VM_PURGABLE_DENY) {
                /*
                /*
-                * Object must already be present or it can't be purgable.
+                * Object must already be present and be purgeable.
                 */
                vm_map_unlock_read(map);
                return KERN_INVALID_ARGUMENT;
                 */
                vm_map_unlock_read(map);
                return KERN_INVALID_ARGUMENT;
@@ -12061,7 +14756,8 @@ vm_map_purgable_control(
                     
        vm_object_lock(object);
 
                     
        vm_object_lock(object);
 
-       if (entry->offset != 0 || 
+#if 00
+       if (VME_OFFSET(entry) != 0 || 
            entry->vme_end - entry->vme_start != object->vo_size) {
                /*
                 * Can only apply purgable controls to the whole (existing)
            entry->vme_end - entry->vme_start != object->vo_size) {
                /*
                 * Can only apply purgable controls to the whole (existing)
@@ -12071,11 +14767,25 @@ vm_map_purgable_control(
                vm_object_unlock(object);
                return KERN_INVALID_ARGUMENT;
        }
                vm_object_unlock(object);
                return KERN_INVALID_ARGUMENT;
        }
-               
+#endif
+
+       assert(!entry->is_sub_map);
+       assert(!entry->use_pmap); /* purgeable has its own accounting */
+
        vm_map_unlock_read(map);
 
        vm_map_unlock_read(map);
 
+       was_nonvolatile = (object->purgable == VM_PURGABLE_NONVOLATILE);
+
        kr = vm_object_purgable_control(object, control, state);
 
        kr = vm_object_purgable_control(object, control, state);
 
+       if (was_nonvolatile &&
+           object->purgable != VM_PURGABLE_NONVOLATILE &&
+           map->pmap == kernel_pmap) {
+#if DEBUG
+               object->vo_purgeable_volatilizer = kernel_task;
+#endif /* DEBUG */
+       }
+
        vm_object_unlock(object);
 
        return kr;
        vm_object_unlock(object);
 
        return kr;
@@ -12120,12 +14830,10 @@ vm_map_page_info(
        vm_map_entry_t          map_entry;
        vm_object_t             object;
        vm_page_t               m;
        vm_map_entry_t          map_entry;
        vm_object_t             object;
        vm_page_t               m;
-       kern_return_t           kr;
        kern_return_t           retval = KERN_SUCCESS;
        boolean_t               top_object;
        int                     disposition;
        int                     ref_count;
        kern_return_t           retval = KERN_SUCCESS;
        boolean_t               top_object;
        int                     disposition;
        int                     ref_count;
-       vm_object_id_t          object_id;
        vm_page_info_basic_t    basic_info;
        int                     depth;
        vm_map_offset_t         offset_in_page;
        vm_page_info_basic_t    basic_info;
        int                     depth;
        vm_map_offset_t         offset_in_page;
@@ -12148,13 +14856,12 @@ vm_map_page_info(
 
        disposition = 0;
        ref_count = 0;
 
        disposition = 0;
        ref_count = 0;
-       object_id = 0;
        top_object = TRUE;
        depth = 0;
 
        retval = KERN_SUCCESS;
        offset_in_page = offset & PAGE_MASK;
        top_object = TRUE;
        depth = 0;
 
        retval = KERN_SUCCESS;
        offset_in_page = offset & PAGE_MASK;
-       offset = vm_map_trunc_page(offset);
+       offset = vm_map_trunc_page(offset, PAGE_MASK);
 
        vm_map_lock_read(map);
 
 
        vm_map_lock_read(map);
 
@@ -12170,12 +14877,12 @@ vm_map_page_info(
                /* compute offset from this map entry's start */
                offset -= map_entry->vme_start;
                /* compute offset into this map entry's object (or submap) */
                /* compute offset from this map entry's start */
                offset -= map_entry->vme_start;
                /* compute offset into this map entry's object (or submap) */
-               offset += map_entry->offset;
+               offset += VME_OFFSET(map_entry);
 
                if (map_entry->is_sub_map) {
                        vm_map_t sub_map;
 
 
                if (map_entry->is_sub_map) {
                        vm_map_t sub_map;
 
-                       sub_map = map_entry->object.sub_map;
+                       sub_map = VME_SUBMAP(map_entry);
                        vm_map_lock_read(sub_map);
                        vm_map_unlock_read(map);
 
                        vm_map_lock_read(sub_map);
                        vm_map_unlock_read(map);
 
@@ -12187,7 +14894,7 @@ vm_map_page_info(
                break;
        }
 
                break;
        }
 
-       object = map_entry->object.vm_object;
+       object = VME_OBJECT(map_entry);
        if (object == VM_OBJECT_NULL) {
                /* no object -> no page */
                vm_map_unlock_read(map);
        if (object == VM_OBJECT_NULL) {
                /* no object -> no page */
                vm_map_unlock_read(map);
@@ -12210,51 +14917,17 @@ vm_map_page_info(
                        disposition |= VM_PAGE_QUERY_PAGE_PRESENT;
                        break;
                } else {
                        disposition |= VM_PAGE_QUERY_PAGE_PRESENT;
                        break;
                } else {
-#if MACH_PAGEMAP
-                       if (object->existence_map) {
-                               if (vm_external_state_get(object->existence_map,
-                                                         offset) ==
-                                   VM_EXTERNAL_STATE_EXISTS) {
-                                       /*
-                                        * this page has been paged out
-                                        */
-                                       disposition |= VM_PAGE_QUERY_PAGE_PAGED_OUT;
+                       if (object->internal &&
+                           object->alive &&
+                           !object->terminating &&
+                           object->pager_ready) {
+
+                               if (VM_COMPRESSOR_PAGER_STATE_GET(object, offset)
+                                   == VM_EXTERNAL_STATE_EXISTS) {
+                                       /* the pager has that page */
+                                       disposition |= VM_PAGE_QUERY_PAGE_PAGED_OUT;
                                        break;
                                }
                                        break;
                                }
-                       } else
-#endif
-                       {
-                               if (object->internal &&
-                                   object->alive &&
-                                   !object->terminating &&
-                                   object->pager_ready) {
-
-                                       memory_object_t pager;
-
-                                       vm_object_paging_begin(object);
-                                       pager = object->pager;
-                                       vm_object_unlock(object);
-
-                                       /*
-                                        * Ask the default pager if
-                                        * it has this page.
-                                        */
-                                       kr = memory_object_data_request(
-                                               pager,
-                                               offset + object->paging_offset,
-                                               0, /* just poke the pager */
-                                               VM_PROT_READ,
-                                               NULL);
-
-                                       vm_object_lock(object);
-                                       vm_object_paging_end(object);
-
-                                       if (kr == KERN_SUCCESS) {
-                                               /* the default pager has it */
-                                               disposition |= VM_PAGE_QUERY_PAGE_PAGED_OUT;
-                                               break;
-                                       }
-                               }
                        }
 
                        if (object->shadow != VM_OBJECT_NULL) {
                        }
 
                        if (object->shadow != VM_OBJECT_NULL) {
@@ -12301,19 +14974,21 @@ vm_map_page_info(
                disposition |= VM_PAGE_QUERY_PAGE_FICTITIOUS;
                goto done_with_object;
        }
                disposition |= VM_PAGE_QUERY_PAGE_FICTITIOUS;
                goto done_with_object;
        }
-       if (m->dirty || pmap_is_modified(m->phys_page))
+       if (m->dirty || pmap_is_modified(VM_PAGE_GET_PHYS_PAGE(m)))
                disposition |= VM_PAGE_QUERY_PAGE_DIRTY;
 
                disposition |= VM_PAGE_QUERY_PAGE_DIRTY;
 
-       if (m->reference || pmap_is_referenced(m->phys_page))
+       if (m->reference || pmap_is_referenced(VM_PAGE_GET_PHYS_PAGE(m)))
                disposition |= VM_PAGE_QUERY_PAGE_REF;
 
                disposition |= VM_PAGE_QUERY_PAGE_REF;
 
-       if (m->speculative)
+       if (m->vm_page_q_state == VM_PAGE_ON_SPECULATIVE_Q)
                disposition |= VM_PAGE_QUERY_PAGE_SPECULATIVE;
 
        if (m->cs_validated)
                disposition |= VM_PAGE_QUERY_PAGE_CS_VALIDATED;
        if (m->cs_tainted)
                disposition |= VM_PAGE_QUERY_PAGE_CS_TAINTED;
                disposition |= VM_PAGE_QUERY_PAGE_SPECULATIVE;
 
        if (m->cs_validated)
                disposition |= VM_PAGE_QUERY_PAGE_CS_VALIDATED;
        if (m->cs_tainted)
                disposition |= VM_PAGE_QUERY_PAGE_CS_TAINTED;
+       if (m->cs_nx)
+               disposition |= VM_PAGE_QUERY_PAGE_CS_NX;
 
 done_with_object:
        vm_object_unlock(object);
 
 done_with_object:
        vm_object_unlock(object);
@@ -12324,7 +14999,8 @@ done:
                basic_info = (vm_page_info_basic_t) info;
                basic_info->disposition = disposition;
                basic_info->ref_count = ref_count;
                basic_info = (vm_page_info_basic_t) info;
                basic_info->disposition = disposition;
                basic_info->ref_count = ref_count;
-               basic_info->object_id = (vm_object_id_t) (uintptr_t) object;
+               basic_info->object_id = (vm_object_id_t) (uintptr_t)
+                       VM_KERNEL_ADDRPERM(object);
                basic_info->offset =
                        (memory_object_offset_t) offset + offset_in_page;
                basic_info->depth = depth;
                basic_info->offset =
                        (memory_object_offset_t) offset + offset_in_page;
                basic_info->depth = depth;
@@ -12388,6 +15064,7 @@ vm_map_msync(
        boolean_t               do_sync_req;
        boolean_t               had_hole = FALSE;
        memory_object_t         pager;
        boolean_t               do_sync_req;
        boolean_t               had_hole = FALSE;
        memory_object_t         pager;
+       vm_map_offset_t         pmap_offset;
        
        if ((sync_flags & VM_SYNC_ASYNCHRONOUS) &&
            (sync_flags & VM_SYNC_SYNCHRONOUS))
        
        if ((sync_flags & VM_SYNC_ASYNCHRONOUS) &&
            (sync_flags & VM_SYNC_SYNCHRONOUS))
@@ -12396,8 +15073,12 @@ vm_map_msync(
        /*
         * align address and size on page boundaries
         */
        /*
         * align address and size on page boundaries
         */
-       size = vm_map_round_page(address + size) - vm_map_trunc_page(address);
-       address = vm_map_trunc_page(address);
+       size = (vm_map_round_page(address + size,
+                                 VM_MAP_PAGE_MASK(map)) -
+               vm_map_trunc_page(address,
+                                 VM_MAP_PAGE_MASK(map)));
+       address = vm_map_trunc_page(address,
+                                   VM_MAP_PAGE_MASK(map));
 
         if (map == VM_MAP_NULL)
                 return(KERN_INVALID_TASK);
 
         if (map == VM_MAP_NULL)
                 return(KERN_INVALID_TASK);
@@ -12414,7 +15095,8 @@ vm_map_msync(
 
                vm_map_lock(map);
                if (!vm_map_lookup_entry(map,
 
                vm_map_lock(map);
                if (!vm_map_lookup_entry(map,
-                                        vm_map_trunc_page(address), &entry)) {
+                                        address,
+                                        &entry)) {
 
                        vm_map_size_t   skip;
 
 
                        vm_map_size_t   skip;
 
@@ -12423,6 +15105,18 @@ vm_map_msync(
                         */
                        had_hole = TRUE;
 
                         */
                        had_hole = TRUE;
 
+                       if (sync_flags & VM_SYNC_KILLPAGES) {
+                               /*
+                                * For VM_SYNC_KILLPAGES, there should be
+                                * no holes in the range, since we couldn't
+                                * prevent someone else from allocating in
+                                * that hole and we wouldn't want to "kill"
+                                * their pages.
+                                */
+                               vm_map_unlock(map);
+                               break;
+                       }
+
                        /*
                         * Check for empty map.
                         */
                        /*
                         * Check for empty map.
                         */
@@ -12454,6 +15148,7 @@ vm_map_msync(
                }
 
                offset = address - entry->vme_start;
                }
 
                offset = address - entry->vme_start;
+               pmap_offset = address;
 
                /*
                 * do we have more to flush than is contained in this
 
                /*
                 * do we have more to flush than is contained in this
@@ -12472,8 +15167,8 @@ vm_map_msync(
                        vm_map_t        local_map;
                        vm_map_offset_t local_offset;
 
                        vm_map_t        local_map;
                        vm_map_offset_t local_offset;
 
-                       local_map = entry->object.sub_map;
-                       local_offset = entry->offset;
+                       local_map = VME_SUBMAP(entry);
+                       local_offset = VME_OFFSET(entry);
                        vm_map_unlock(map);
                        if (vm_map_msync(
                                    local_map,
                        vm_map_unlock(map);
                        if (vm_map_msync(
                                    local_map,
@@ -12484,7 +15179,7 @@ vm_map_msync(
                        }
                        continue;
                }
                        }
                        continue;
                }
-               object = entry->object.vm_object;
+               object = VME_OBJECT(entry);
 
                /*
                 * We can't sync this object if the object has not been
 
                /*
                 * We can't sync this object if the object has not been
@@ -12494,7 +15189,7 @@ vm_map_msync(
                        vm_map_unlock(map);
                        continue;
                }
                        vm_map_unlock(map);
                        continue;
                }
-               offset += entry->offset;
+               offset += VME_OFFSET(entry);
 
                 vm_object_lock(object);
 
 
                 vm_object_lock(object);
 
@@ -12503,14 +15198,28 @@ vm_map_msync(
                        boolean_t reusable_pages = FALSE;
 
                        if (sync_flags & VM_SYNC_KILLPAGES) {
                        boolean_t reusable_pages = FALSE;
 
                        if (sync_flags & VM_SYNC_KILLPAGES) {
-                               if (object->ref_count == 1 && !object->shadow)
+                               if (((object->ref_count == 1) ||
+                                    ((object->copy_strategy !=
+                                      MEMORY_OBJECT_COPY_SYMMETRIC) &&
+                                     (object->copy == VM_OBJECT_NULL))) &&
+                                   (object->shadow == VM_OBJECT_NULL)) {
+                                       if (object->ref_count != 1) {
+                                               vm_page_stats_reusable.free_shared++;
+                                       }
                                        kill_pages = 1;
                                        kill_pages = 1;
-                               else
+                               } else {
                                        kill_pages = -1;
                                        kill_pages = -1;
+                               }
                        }
                        if (kill_pages != -1)
                        }
                        if (kill_pages != -1)
-                               vm_object_deactivate_pages(object, offset, 
-                                                          (vm_object_size_t)flush_size, kill_pages, reusable_pages);
+                               vm_object_deactivate_pages(
+                                       object,
+                                       offset,
+                                       (vm_object_size_t) flush_size,
+                                       kill_pages,
+                                       reusable_pages,
+                                       map->pmap,
+                                       pmap_offset);
                        vm_object_unlock(object);
                        vm_map_unlock(map);
                        continue;
                        vm_object_unlock(object);
                        vm_map_unlock(map);
                        continue;
@@ -12584,6 +15293,8 @@ vm_map_msync(
                if (pager == MEMORY_OBJECT_NULL) {
                        vm_object_unlock(object);
                        vm_object_deallocate(object);
                if (pager == MEMORY_OBJECT_NULL) {
                        vm_object_unlock(object);
                        vm_object_deallocate(object);
+                       msync_req_free(new_msr);
+                       new_msr = NULL;
                        continue;
                }
 
                        continue;
                }
 
@@ -12727,45 +15438,35 @@ vm_object_t
 convert_port_entry_to_object(
        ipc_port_t      port)
 {
 convert_port_entry_to_object(
        ipc_port_t      port)
 {
-       vm_object_t object;
+       vm_object_t             object = VM_OBJECT_NULL;
        vm_named_entry_t        named_entry;
        vm_named_entry_t        named_entry;
-       uint32_t        try_failed_count = 0;
-
-       if(IP_VALID(port) && (ip_kotype(port) == IKOT_NAMED_ENTRY)) {
-               while(TRUE) {
-                       ip_lock(port);
-                       if(ip_active(port) && (ip_kotype(port) 
-                                              == IKOT_NAMED_ENTRY)) {
-                               named_entry =
-                                       (vm_named_entry_t)port->ip_kobject;
-                               if (!(lck_mtx_try_lock(&(named_entry)->Lock))) {
-                                               ip_unlock(port);
-
-                                       try_failed_count++;
-                                               mutex_pause(try_failed_count);
-                                               continue;
-                               }
-                               named_entry->ref_count++;
-                               lck_mtx_unlock(&(named_entry)->Lock);
+       uint32_t                try_failed_count = 0;
+
+       if (IP_VALID(port) &&
+           (ip_kotype(port) == IKOT_NAMED_ENTRY)) {
+       try_again:
+               ip_lock(port);
+               if (ip_active(port) &&
+                   (ip_kotype(port) == IKOT_NAMED_ENTRY)) {
+                       named_entry = (vm_named_entry_t)port->ip_kobject;
+                       if (!(lck_mtx_try_lock(&(named_entry)->Lock))) {
                                ip_unlock(port);
                                ip_unlock(port);
-                               if ((!named_entry->is_sub_map) &&
-                                   (!named_entry->is_pager) &&
-                                   (named_entry->protection 
-                                    & VM_PROT_WRITE)) {
-                                       object = named_entry->backing.object;
-                               } else {
-                                       mach_destroy_memory_entry(port);
-                                       return (vm_object_t)NULL;
-                               }
-                               vm_object_reference(named_entry->backing.object);
-                               mach_destroy_memory_entry(port);
-                               break;
+                               try_failed_count++;
+                               mutex_pause(try_failed_count);
+                                       goto try_again;
                        }
                        }
-                       else 
-                               return (vm_object_t)NULL;
+                       named_entry->ref_count++;
+                       lck_mtx_unlock(&(named_entry)->Lock);
+                       ip_unlock(port);
+                       if (!(named_entry->is_sub_map) &&
+                           !(named_entry->is_pager) &&
+                           !(named_entry->is_copy) &&
+                           (named_entry->protection & VM_PROT_WRITE)) {
+                               object = named_entry->backing.object;
+                               vm_object_reference(object);
+                       }
+                       mach_destroy_memory_entry(port);
                }
                }
-       } else {
-               return (vm_object_t)NULL;
        }
 
        return object;
        }
 
        return object;
@@ -12792,7 +15493,7 @@ current_map(void)
 #undef vm_map_reference
 void
 vm_map_reference(
 #undef vm_map_reference
 void
 vm_map_reference(
-       register vm_map_t       map)
+       vm_map_t        map)
 {
        if (map == VM_MAP_NULL)
                return;
 {
        if (map == VM_MAP_NULL)
                return;
@@ -12816,7 +15517,7 @@ vm_map_reference(
  */
 void
 vm_map_deallocate(
  */
 void
 vm_map_deallocate(
-       register vm_map_t       map)
+       vm_map_t        map)
 {
        unsigned int            ref;
 
 {
        unsigned int            ref;
 
@@ -12882,12 +15583,27 @@ vm_map_set_64bit(vm_map_t map)
        map->max_offset = (vm_map_offset_t)MACH_VM_MAX_ADDRESS;
 }
 
        map->max_offset = (vm_map_offset_t)MACH_VM_MAX_ADDRESS;
 }
 
+/*
+ * Expand the maximum size of an existing map.
+ */
+void
+vm_map_set_jumbo(vm_map_t map)
+{
+       (void) map;
+}
+
 vm_map_offset_t
 vm_map_offset_t
-vm_compute_max_offset(unsigned is64)
+vm_compute_max_offset(boolean_t is64)
 {
        return (is64 ? (vm_map_offset_t)MACH_VM_MAX_ADDRESS : (vm_map_offset_t)VM_MAX_ADDRESS);
 }
 
 {
        return (is64 ? (vm_map_offset_t)MACH_VM_MAX_ADDRESS : (vm_map_offset_t)VM_MAX_ADDRESS);
 }
 
+uint64_t
+vm_map_get_max_aslr_slide_pages(vm_map_t map) 
+{
+       return (1 << (vm_map_is_64bit(map) ? 16 : 8));
+}
+
 boolean_t
 vm_map_is_64bit(
                vm_map_t map)
 boolean_t
 vm_map_is_64bit(
                vm_map_t map)
@@ -12896,8 +15612,9 @@ vm_map_is_64bit(
 }
 
 boolean_t
 }
 
 boolean_t
-vm_map_has_4GB_pagezero(
-               vm_map_t map)
+vm_map_has_hard_pagezero(
+               vm_map_t        map,
+               vm_map_offset_t pagezero_size)
 {
        /*
         * XXX FBDP
 {
        /*
         * XXX FBDP
@@ -12909,30 +15626,41 @@ vm_map_has_4GB_pagezero(
         * VM map is being torn down, and when a new map is created via
         * load_machfile()/execve().
         */
         * VM map is being torn down, and when a new map is created via
         * load_machfile()/execve().
         */
-       return (map->min_offset >= 0x100000000ULL);
+       return (map->min_offset >= pagezero_size);
 }
 
 }
 
-void
-vm_map_set_4GB_pagezero(vm_map_t map)
+/*
+ * Raise a VM map's maximun offset.
+ */
+kern_return_t
+vm_map_raise_max_offset(
+       vm_map_t        map,
+       vm_map_offset_t new_max_offset)
 {
 {
-#if defined(__i386__)
-       pmap_set_4GB_pagezero(map->pmap);
-#else
-#pragma unused(map)
-#endif
+       kern_return_t   ret;
 
 
-}
+       vm_map_lock(map);
+       ret = KERN_INVALID_ADDRESS;
 
 
-void
-vm_map_clear_4GB_pagezero(vm_map_t map)
-{
-#if defined(__i386__)
-       pmap_clear_4GB_pagezero(map->pmap);
-#else
-#pragma unused(map)
-#endif
+       if (new_max_offset >= map->max_offset) {
+               if (!vm_map_is_64bit(map)) { 
+                       if (new_max_offset <= (vm_map_offset_t)VM_MAX_ADDRESS) {
+                               map->max_offset = new_max_offset;
+                               ret = KERN_SUCCESS;
+                       }
+               } else {
+                       if (new_max_offset <= (vm_map_offset_t)MACH_VM_MAX_ADDRESS) {
+                               map->max_offset = new_max_offset;
+                               ret = KERN_SUCCESS;
+                       }
+               }
+       }
+
+       vm_map_unlock(map);
+       return ret;
 }
 
 }
 
+
 /*
  * Raise a VM map's minimum offset.
  * To strictly enforce "page zero" reservation.
 /*
  * Raise a VM map's minimum offset.
  * To strictly enforce "page zero" reservation.
@@ -12944,7 +15672,8 @@ vm_map_raise_min_offset(
 {
        vm_map_entry_t  first_entry;
 
 {
        vm_map_entry_t  first_entry;
 
-       new_min_offset = vm_map_round_page(new_min_offset);
+       new_min_offset = vm_map_round_page(new_min_offset,
+                                          VM_MAP_PAGE_MASK(map));
 
        vm_map_lock(map);
 
 
        vm_map_lock(map);
 
@@ -12957,6 +15686,11 @@ vm_map_raise_min_offset(
                vm_map_unlock(map);
                return KERN_INVALID_ADDRESS;
        }
                vm_map_unlock(map);
                return KERN_INVALID_ADDRESS;
        }
+       if (new_min_offset >= map->max_offset) {
+               /* can't go beyond the end of the address space */
+               vm_map_unlock(map);
+               return KERN_INVALID_ADDRESS;
+       }
 
        first_entry = vm_map_first_entry(map);
        if (first_entry != vm_map_to_entry(map) &&
 
        first_entry = vm_map_first_entry(map);
        if (first_entry != vm_map_to_entry(map) &&
@@ -12971,6 +15705,10 @@ vm_map_raise_min_offset(
 
        map->min_offset = new_min_offset;
 
 
        map->min_offset = new_min_offset;
 
+       assert(map->holes_list);
+       map->holes_list->start = new_min_offset;
+       assert(new_min_offset < map->holes_list->end);
+
        vm_map_unlock(map);
 
        return KERN_SUCCESS;
        vm_map_unlock(map);
 
        return KERN_SUCCESS;
@@ -12999,6 +15737,29 @@ void vm_map_switch_protect(vm_map_t    map,
        vm_map_unlock(map);
 }
 
        vm_map_unlock(map);
 }
 
+/*
+ * IOKit has mapped a region into this map; adjust the pmap's ledgers appropriately.
+ * phys_footprint is a composite limit consisting of iokit + physmem, so we need to
+ * bump both counters.
+ */
+void
+vm_map_iokit_mapped_region(vm_map_t map, vm_size_t bytes)
+{
+       pmap_t pmap = vm_map_pmap(map);
+
+       ledger_credit(pmap->ledger, task_ledgers.iokit_mapped, bytes);
+       ledger_credit(pmap->ledger, task_ledgers.phys_footprint, bytes);                
+}
+
+void
+vm_map_iokit_unmapped_region(vm_map_t map, vm_size_t bytes)
+{
+       pmap_t pmap = vm_map_pmap(map);
+
+       ledger_debit(pmap->ledger, task_ledgers.iokit_mapped, bytes);
+       ledger_debit(pmap->ledger, task_ledgers.phys_footprint, bytes); 
+}
+
 /* Add (generate) code signature for memory range */
 #if CONFIG_DYNAMIC_CODE_SIGNING
 kern_return_t vm_map_sign(vm_map_t map, 
 /* Add (generate) code signature for memory range */
 #if CONFIG_DYNAMIC_CODE_SIGNING
 kern_return_t vm_map_sign(vm_map_t map, 
@@ -13035,7 +15796,7 @@ kern_return_t vm_map_sign(vm_map_t map,
                return(KERN_INVALID_ARGUMENT);
        }
        
                return(KERN_INVALID_ARGUMENT);
        }
        
-       object = entry->object.vm_object;
+       object = VME_OBJECT(entry);
        if (object == VM_OBJECT_NULL) {
                /*
                 * Object must already be present or we can't sign.
        if (object == VM_OBJECT_NULL) {
                /*
                 * Object must already be present or we can't sign.
@@ -13050,7 +15811,8 @@ kern_return_t vm_map_sign(vm_map_t map,
        while(start < end) {
                uint32_t refmod;
                
        while(start < end) {
                uint32_t refmod;
                
-               m = vm_page_lookup(object, start - entry->vme_start + entry->offset );
+               m = vm_page_lookup(object,
+                                  start - entry->vme_start + VME_OFFSET(entry));
                if (m==VM_PAGE_NULL) {
                        /* shoud we try to fault a page here? we can probably 
                         * demand it exists and is locked for this request */
                if (m==VM_PAGE_NULL) {
                        /* shoud we try to fault a page here? we can probably 
                         * demand it exists and is locked for this request */
@@ -13074,12 +15836,12 @@ kern_return_t vm_map_sign(vm_map_t map,
                 * we'll disconnect the page so we note any future modification
                 * attempts. */
                m->wpmapped = FALSE;
                 * we'll disconnect the page so we note any future modification
                 * attempts. */
                m->wpmapped = FALSE;
-               refmod = pmap_disconnect(m->phys_page);
+               refmod = pmap_disconnect(VM_PAGE_GET_PHYS_PAGE(m));
                
                /* Pull the dirty status from the pmap, since we cleared the 
                 * wpmapped bit */
                if ((refmod & VM_MEM_MODIFIED) && !m->dirty) {
                
                /* Pull the dirty status from the pmap, since we cleared the 
                 * wpmapped bit */
                if ((refmod & VM_MEM_MODIFIED) && !m->dirty) {
-                       m->dirty = TRUE;
+                       SET_PAGE_DIRTY(m, FALSE);
                }
                
                /* On to the next page */
                }
                
                /* On to the next page */
@@ -13091,83 +15853,146 @@ kern_return_t vm_map_sign(vm_map_t map,
 }
 #endif
 
 }
 #endif
 
-#if CONFIG_FREEZE
+kern_return_t vm_map_partial_reap(vm_map_t map, unsigned int *reclaimed_resident, unsigned int *reclaimed_compressed)
+{      
+       vm_map_entry_t  entry = VM_MAP_ENTRY_NULL;
+       vm_map_entry_t next_entry;
+       kern_return_t   kr = KERN_SUCCESS;
+       vm_map_t        zap_map;
 
 
-kern_return_t vm_map_freeze_walk(
-               vm_map_t map,
-               unsigned int *purgeable_count,
-               unsigned int *wired_count,
-               unsigned int *clean_count,
-               unsigned int *dirty_count,
-               boolean_t *has_shared)
+       vm_map_lock(map);
+
+       /*
+        * We use a "zap_map" to avoid having to unlock
+        * the "map" in vm_map_delete().
+        */
+       zap_map = vm_map_create(PMAP_NULL,
+                               map->min_offset,
+                               map->max_offset,
+                               map->hdr.entries_pageable);
+
+       if (zap_map == VM_MAP_NULL) {
+               return KERN_RESOURCE_SHORTAGE;
+       }
+
+       vm_map_set_page_shift(zap_map, 
+                             VM_MAP_PAGE_SHIFT(map));
+       vm_map_disable_hole_optimization(zap_map);
+
+       for (entry = vm_map_first_entry(map);
+            entry != vm_map_to_entry(map);
+            entry = next_entry) {
+               next_entry = entry->vme_next;
+               
+               if (VME_OBJECT(entry) &&
+                   !entry->is_sub_map &&
+                   (VME_OBJECT(entry)->internal == TRUE) &&
+                   (VME_OBJECT(entry)->ref_count == 1)) {
+
+                       *reclaimed_resident += VME_OBJECT(entry)->resident_page_count;
+                       *reclaimed_compressed += vm_compressor_pager_get_count(VME_OBJECT(entry)->pager);
+
+                       (void)vm_map_delete(map, 
+                                           entry->vme_start, 
+                                           entry->vme_end, 
+                                           VM_MAP_REMOVE_SAVE_ENTRIES,
+                                           zap_map);
+               }
+       }
+
+       vm_map_unlock(map);
+
+        /*
+        * Get rid of the "zap_maps" and all the map entries that
+         * they may still contain.
+         */
+        if (zap_map != VM_MAP_NULL) {
+                vm_map_destroy(zap_map, VM_MAP_REMOVE_NO_PMAP_CLEANUP);
+                zap_map = VM_MAP_NULL;
+        }
+
+       return kr;
+}
+
+
+#if DEVELOPMENT || DEBUG
+
+int
+vm_map_disconnect_page_mappings(
+       vm_map_t map,
+       boolean_t do_unnest)
 {
        vm_map_entry_t entry;
 {
        vm_map_entry_t entry;
-       
+       int     page_count = 0;
+
+       if (do_unnest == TRUE) {
+#ifndef NO_NESTED_PMAP
+               vm_map_lock(map);
+
+               for (entry = vm_map_first_entry(map);
+                    entry != vm_map_to_entry(map);
+                    entry = entry->vme_next) {
+
+                       if (entry->is_sub_map && entry->use_pmap) {
+                               /*
+                                * Make sure the range between the start of this entry and
+                                * the end of this entry is no longer nested, so that
+                                * we will only remove mappings from the pmap in use by this
+                                * this task
+                                */
+                               vm_map_clip_unnest(map, entry, entry->vme_start, entry->vme_end);
+                       }
+               }
+               vm_map_unlock(map);
+#endif
+       }
        vm_map_lock_read(map);
        vm_map_lock_read(map);
-       
-       *purgeable_count = *wired_count = *clean_count = *dirty_count = 0;
-       *has_shared = FALSE;
-       
+
+       page_count = map->pmap->stats.resident_count;
+
        for (entry = vm_map_first_entry(map);
             entry != vm_map_to_entry(map);
             entry = entry->vme_next) {
        for (entry = vm_map_first_entry(map);
             entry != vm_map_to_entry(map);
             entry = entry->vme_next) {
-               unsigned int purgeable, clean, dirty, wired;
-               boolean_t shared;
 
 
-               if ((entry->object.vm_object == 0) ||
-                   (entry->is_sub_map) ||
-                   (entry->object.vm_object->phys_contiguous)) {
+               if (!entry->is_sub_map && ((VME_OBJECT(entry) == 0) ||
+                                          (VME_OBJECT(entry)->phys_contiguous))) {
                        continue;
                }
                        continue;
                }
+               if (entry->is_sub_map)
+                       assert(!entry->use_pmap);
 
 
-               vm_object_pack(&purgeable, &wired, &clean, &dirty, &shared, entry->object.vm_object, VM_OBJECT_NULL, NULL, NULL);
-               
-               *purgeable_count += purgeable;
-               *wired_count += wired;
-               *clean_count += clean;
-               *dirty_count += dirty;
-               
-               if (shared) {
-                       *has_shared = TRUE;
-               }
+               pmap_remove_options(map->pmap, entry->vme_start, entry->vme_end, 0);
        }
        }
-
        vm_map_unlock_read(map);
 
        vm_map_unlock_read(map);
 
-       return KERN_SUCCESS;
+       return page_count;
 }
 
 }
 
+#endif
+
+
+#if CONFIG_FREEZE
+
+
+int c_freezer_swapout_count;
+int c_freezer_compression_count = 0;
+AbsoluteTime c_freezer_last_yield_ts = 0;
+
 kern_return_t vm_map_freeze(
                vm_map_t map,
                unsigned int *purgeable_count,
                unsigned int *wired_count,
                unsigned int *clean_count,
                unsigned int *dirty_count,
 kern_return_t vm_map_freeze(
                vm_map_t map,
                unsigned int *purgeable_count,
                unsigned int *wired_count,
                unsigned int *clean_count,
                unsigned int *dirty_count,
+               __unused unsigned int dirty_budget,
                boolean_t *has_shared)
 {      
                boolean_t *has_shared)
 {      
-       vm_map_entry_t entry2 = VM_MAP_ENTRY_NULL;
-       vm_object_t compact_object = VM_OBJECT_NULL;
-       vm_object_offset_t offset = 0x0;
-       kern_return_t kr = KERN_SUCCESS;
-       void *default_freezer_toc = NULL;
-       boolean_t cleanup = FALSE;
+       vm_map_entry_t  entry2 = VM_MAP_ENTRY_NULL;
+       kern_return_t   kr = KERN_SUCCESS;
 
        *purgeable_count = *wired_count = *clean_count = *dirty_count = 0;
        *has_shared = FALSE;
 
 
        *purgeable_count = *wired_count = *clean_count = *dirty_count = 0;
        *has_shared = FALSE;
 
-       /* Create our compact object */
-       compact_object = vm_object_allocate((vm_map_offset_t)(VM_MAX_ADDRESS) - (vm_map_offset_t)(VM_MIN_ADDRESS));
-       if (!compact_object) {
-               kr = KERN_FAILURE;
-               goto done;
-       }
-       
-       default_freezer_toc = default_freezer_mapping_create(compact_object, offset);
-       if (!default_freezer_toc) {
-               kr = KERN_FAILURE;
-               goto done;
-       }
-
        /*
         * We need the exclusive lock here so that we can
         * block any page faults or lookups while we are
        /*
         * We need the exclusive lock here so that we can
         * block any page faults or lookups while we are
@@ -13175,104 +16000,65 @@ kern_return_t vm_map_freeze(
         */
        vm_map_lock(map);
 
         */
        vm_map_lock(map);
 
-       if (map->default_freezer_toc != NULL){
-               /*
-                * This map has already been frozen.
-                */
-               cleanup = TRUE;
-               kr = KERN_SUCCESS;
-               goto done;
-       }
+       assert(VM_CONFIG_COMPRESSOR_IS_PRESENT);
 
 
-       /* Get a mapping in place for the freezing about to commence */
-       map->default_freezer_toc = default_freezer_toc;
+       if (vm_compressor_low_on_space() || vm_swap_low_on_space()) {
+               kr = KERN_NO_SPACE;
+               goto done;      
+       }
 
 
-       vm_object_lock(compact_object);
+       c_freezer_compression_count = 0;
+       clock_get_uptime(&c_freezer_last_yield_ts);
 
        for (entry2 = vm_map_first_entry(map);
             entry2 != vm_map_to_entry(map);
             entry2 = entry2->vme_next) {
        
 
        for (entry2 = vm_map_first_entry(map);
             entry2 != vm_map_to_entry(map);
             entry2 = entry2->vme_next) {
        
-               vm_object_t     src_object = entry2->object.vm_object;
+               vm_object_t     src_object = VME_OBJECT(entry2);
 
 
-               /* If eligible, scan the entry, moving eligible pages over to our parent object */
-               if (entry2->object.vm_object && !entry2->is_sub_map && !entry2->object.vm_object->phys_contiguous) {
-                       unsigned int purgeable, clean, dirty, wired;
-                       boolean_t shared;
-               
-                       vm_object_pack(&purgeable, &wired, &clean, &dirty, &shared,
-                                                       src_object, compact_object, &default_freezer_toc, &offset);
-                                                                        
-                       *purgeable_count += purgeable;
-                       *wired_count += wired;
-                       *clean_count += clean;
-                       *dirty_count += dirty;
+               if (src_object &&
+                   !entry2->is_sub_map &&
+                   !src_object->phys_contiguous) {
+                       /* If eligible, scan the entry, moving eligible pages over to our parent object */
+
+                       if (src_object->internal == TRUE) {
+                                       
+                               if (VM_CONFIG_FREEZER_SWAP_IS_ACTIVE) {
+                                       /*
+                                        * Pages belonging to this object could be swapped to disk.
+                                        * Make sure it's not a shared object because we could end
+                                        * up just bringing it back in again.
+                                        */
+                                       if (src_object->ref_count > 1) {
+                                               continue;
+                                       }
+                               }
+                               vm_object_compressed_freezer_pageout(src_object);
 
 
-                       if (shared) {
-                               *has_shared = TRUE;
+                               if (vm_compressor_low_on_space() || vm_swap_low_on_space()) {
+                                       kr = KERN_NO_SPACE;
+                                       break;  
+                               }
                        }
                }
        }
                        }
                }
        }
-
-       vm_object_unlock(compact_object);       
-       
-       /* Finally, throw out the pages to swap */
-       vm_object_pageout(compact_object);
-
 done:
        vm_map_unlock(map);
 done:
        vm_map_unlock(map);
-
-       /* Unwind if there was a failure */
-       if ((cleanup) || (KERN_SUCCESS != kr)) {
-               if (default_freezer_toc){
-                       default_freezer_mapping_free(&map->default_freezer_toc, TRUE);
-               }
-               if (compact_object){
-                       vm_object_deallocate(compact_object);
-               }
-       }
        
        
-       return kr;
-}
-
-__private_extern__ vm_object_t default_freezer_get_compact_vm_object( void** );
-
-void
-vm_map_thaw(
-       vm_map_t map)
-{
-       void **default_freezer_toc;
-       vm_object_t compact_object;
-
-       vm_map_lock(map);
+       vm_object_compressed_freezer_done();
 
 
-       if (map->default_freezer_toc == NULL){
+       if (VM_CONFIG_FREEZER_SWAP_IS_ACTIVE) {
                /*
                /*
-                * This map is not in a frozen state.
+                * reset the counter tracking the # of swapped c_segs
+                * because we are now done with this freeze session and task.
                 */
                 */
-               goto out;
+               c_freezer_swapout_count = 0;
        }
        }
-       
-       default_freezer_toc = &(map->default_freezer_toc);
-       
-       compact_object = default_freezer_get_compact_vm_object(default_freezer_toc);
-       
-       /* Bring the pages back in */
-       vm_object_pagein(compact_object);
-       
-       /* Shift pages back to their original objects */
-       vm_object_unpack(compact_object, default_freezer_toc);
-
-       vm_object_deallocate(compact_object);
-
-       map->default_freezer_toc = NULL;
-       
-out:
-       vm_map_unlock(map);
+       return kr;
 }
 }
+
 #endif
 
 #endif
 
-#if !CONFIG_EMBEDDED
 /*
  * vm_map_entry_should_cow_for_true_share:
  *
 /*
  * vm_map_entry_should_cow_for_true_share:
  *
@@ -13290,6 +16076,8 @@ out:
  *     - copy_strategy == MEMORY_OBJECT_COPY_SYMMETRIC
  *     - !true_share
  *     - vo_size == ANON_CHUNK_SIZE
  *     - copy_strategy == MEMORY_OBJECT_COPY_SYMMETRIC
  *     - !true_share
  *     - vo_size == ANON_CHUNK_SIZE
+ *
+ * Only non-kernel map entries.
  */
 boolean_t
 vm_map_entry_should_cow_for_true_share(
  */
 boolean_t
 vm_map_entry_should_cow_for_true_share(
@@ -13307,17 +16095,19 @@ vm_map_entry_should_cow_for_true_share(
                return FALSE;
        }
 
                return FALSE;
        }
 
-       if (entry->alias != VM_MEMORY_MALLOC) {
-               /* not tagged as an ObjectiveC's Garbage Collector entry */
+       if (VME_ALIAS(entry) != VM_MEMORY_MALLOC &&
+           VME_ALIAS(entry) != VM_MEMORY_MALLOC_SMALL) {
+               /* not a malloc heap or Obj-C Garbage Collector heap */
                return FALSE;
        }
 
        if (entry->wired_count) {
                /* wired: can't change the map entry... */
                return FALSE;
        }
 
        if (entry->wired_count) {
                /* wired: can't change the map entry... */
+               vm_counters.should_cow_but_wired++;
                return FALSE;
        }
 
                return FALSE;
        }
 
-       object = entry->object.vm_object;
+       object = VME_OBJECT(entry);
 
        if (object == VM_OBJECT_NULL) {
                /* no object yet... */
 
        if (object == VM_OBJECT_NULL) {
                /* no object yet... */
@@ -13339,8 +16129,15 @@ vm_map_entry_should_cow_for_true_share(
                return FALSE;
        }
 
                return FALSE;
        }
 
-       if (object->vo_size != ANON_CHUNK_SIZE) {
-               /* not an object created for the ObjC Garbage Collector */
+       if (VME_ALIAS(entry) == VM_MEMORY_MALLOC &&
+           object->vo_size != ANON_CHUNK_SIZE) {
+               /* ... not an object created for the ObjC Garbage Collector */
+               return FALSE;
+       }
+
+       if (VME_ALIAS(entry) == VM_MEMORY_MALLOC_SMALL &&
+           object->vo_size != 2048 * 4096) {
+               /* ... not a "MALLOC_SMALL" heap */
                return FALSE;
        }
 
                return FALSE;
        }
 
@@ -13352,4 +16149,243 @@ vm_map_entry_should_cow_for_true_share(
         */
        return TRUE;
 }
         */
        return TRUE;
 }
-#endif /* !CONFIG_EMBEDDED */
+
+vm_map_offset_t        
+vm_map_round_page_mask(
+       vm_map_offset_t offset,
+       vm_map_offset_t mask)
+{
+       return VM_MAP_ROUND_PAGE(offset, mask);
+}
+
+vm_map_offset_t        
+vm_map_trunc_page_mask(
+       vm_map_offset_t offset,
+       vm_map_offset_t mask)
+{
+       return VM_MAP_TRUNC_PAGE(offset, mask);
+}
+
+boolean_t
+vm_map_page_aligned(
+       vm_map_offset_t offset,
+       vm_map_offset_t mask)
+{
+       return ((offset) & mask) == 0;
+}
+
+int
+vm_map_page_shift(
+       vm_map_t map)
+{
+       return VM_MAP_PAGE_SHIFT(map);
+}
+
+int
+vm_map_page_size(
+       vm_map_t map)
+{
+       return VM_MAP_PAGE_SIZE(map);
+}
+
+vm_map_offset_t
+vm_map_page_mask(
+       vm_map_t map)
+{
+       return VM_MAP_PAGE_MASK(map);
+}
+
+kern_return_t
+vm_map_set_page_shift(
+       vm_map_t        map,
+       int             pageshift)
+{
+       if (map->hdr.nentries != 0) {
+               /* too late to change page size */
+               return KERN_FAILURE;
+       }
+
+       map->hdr.page_shift = pageshift;
+
+       return KERN_SUCCESS;
+}
+
+kern_return_t
+vm_map_query_volatile(
+       vm_map_t        map,
+       mach_vm_size_t  *volatile_virtual_size_p,
+       mach_vm_size_t  *volatile_resident_size_p,
+       mach_vm_size_t  *volatile_compressed_size_p,
+       mach_vm_size_t  *volatile_pmap_size_p,
+       mach_vm_size_t  *volatile_compressed_pmap_size_p)
+{
+       mach_vm_size_t  volatile_virtual_size;
+       mach_vm_size_t  volatile_resident_count;
+       mach_vm_size_t  volatile_compressed_count;
+       mach_vm_size_t  volatile_pmap_count;
+       mach_vm_size_t  volatile_compressed_pmap_count;
+       mach_vm_size_t  resident_count;
+       vm_map_entry_t  entry;
+       vm_object_t     object;
+
+       /* map should be locked by caller */
+
+       volatile_virtual_size = 0;
+       volatile_resident_count = 0;
+       volatile_compressed_count = 0;
+       volatile_pmap_count = 0;
+       volatile_compressed_pmap_count = 0;
+
+       for (entry = vm_map_first_entry(map);
+            entry != vm_map_to_entry(map);
+            entry = entry->vme_next) {
+               mach_vm_size_t  pmap_resident_bytes, pmap_compressed_bytes;
+
+               if (entry->is_sub_map) {
+                       continue;
+               }
+               if (! (entry->protection & VM_PROT_WRITE)) {
+                       continue;
+               }
+               object = VME_OBJECT(entry);
+               if (object == VM_OBJECT_NULL) {
+                       continue;
+               }
+               if (object->purgable != VM_PURGABLE_VOLATILE &&
+                   object->purgable != VM_PURGABLE_EMPTY) {
+                       continue;
+               }
+               if (VME_OFFSET(entry)) {
+                       /*
+                        * If the map entry has been split and the object now
+                        * appears several times in the VM map, we don't want
+                        * to count the object's resident_page_count more than
+                        * once.  We count it only for the first one, starting
+                        * at offset 0 and ignore the other VM map entries.
+                        */
+                       continue;
+               }
+               resident_count = object->resident_page_count;
+               if ((VME_OFFSET(entry) / PAGE_SIZE) >= resident_count) {
+                       resident_count = 0;
+               } else {
+                       resident_count -= (VME_OFFSET(entry) / PAGE_SIZE);
+               }
+
+               volatile_virtual_size += entry->vme_end - entry->vme_start;
+               volatile_resident_count += resident_count;
+               if (object->pager) {
+                       volatile_compressed_count +=
+                               vm_compressor_pager_get_count(object->pager);
+               }
+               pmap_compressed_bytes = 0;
+               pmap_resident_bytes =
+                       pmap_query_resident(map->pmap,
+                                           entry->vme_start,
+                                           entry->vme_end,
+                                           &pmap_compressed_bytes);
+               volatile_pmap_count += (pmap_resident_bytes / PAGE_SIZE);
+               volatile_compressed_pmap_count += (pmap_compressed_bytes
+                                                  / PAGE_SIZE);
+       }
+
+       /* map is still locked on return */
+
+       *volatile_virtual_size_p = volatile_virtual_size;
+       *volatile_resident_size_p = volatile_resident_count * PAGE_SIZE;
+       *volatile_compressed_size_p = volatile_compressed_count * PAGE_SIZE;
+       *volatile_pmap_size_p = volatile_pmap_count * PAGE_SIZE;
+       *volatile_compressed_pmap_size_p = volatile_compressed_pmap_count * PAGE_SIZE;
+
+       return KERN_SUCCESS;
+}
+
+void
+vm_map_sizes(vm_map_t map,
+               vm_map_size_t * psize,
+               vm_map_size_t * pfree,
+               vm_map_size_t * plargest_free)
+{
+    vm_map_entry_t  entry;
+    vm_map_offset_t prev;
+    vm_map_size_t   free, total_free, largest_free;
+    boolean_t       end;
+
+    if (!map)
+    {
+        *psize = *pfree = *plargest_free = 0;
+        return;
+    }
+    total_free = largest_free = 0;
+
+    vm_map_lock_read(map);
+    if (psize) *psize = map->max_offset - map->min_offset;
+
+    prev = map->min_offset;
+    for (entry = vm_map_first_entry(map);; entry = entry->vme_next)
+    {
+       end = (entry == vm_map_to_entry(map));
+
+       if (end) free = entry->vme_end   - prev;
+       else     free = entry->vme_start - prev;
+
+       total_free += free;
+       if (free > largest_free) largest_free = free;
+
+       if (end) break;
+       prev = entry->vme_end;
+    }
+    vm_map_unlock_read(map);
+    if (pfree)         *pfree = total_free;
+    if (plargest_free) *plargest_free = largest_free;
+}
+
+#if VM_SCAN_FOR_SHADOW_CHAIN
+int vm_map_shadow_max(vm_map_t map);
+int vm_map_shadow_max(
+       vm_map_t map)
+{
+       int             shadows, shadows_max;
+       vm_map_entry_t  entry;
+       vm_object_t     object, next_object;
+
+       if (map == NULL)
+               return 0;
+
+       shadows_max = 0;
+
+       vm_map_lock_read(map);
+       
+       for (entry = vm_map_first_entry(map);
+            entry != vm_map_to_entry(map);
+            entry = entry->vme_next) {
+               if (entry->is_sub_map) {
+                       continue;
+               }
+               object = VME_OBJECT(entry);
+               if (object == NULL) {
+                       continue;
+               }
+               vm_object_lock_shared(object);
+               for (shadows = 0;
+                    object->shadow != NULL;
+                    shadows++, object = next_object) {
+                       next_object = object->shadow;
+                       vm_object_lock_shared(next_object);
+                       vm_object_unlock(object);
+               }
+               vm_object_unlock(object);
+               if (shadows > shadows_max) {
+                       shadows_max = shadows;
+               }
+       }
+
+       vm_map_unlock_read(map);
+
+       return shadows_max;
+}
+#endif /* VM_SCAN_FOR_SHADOW_CHAIN */
+
+void vm_commit_pagezero_status(vm_map_t lmap) {
+       pmap_advise_pagezero_range(lmap->pmap, lmap->min_offset);
+}
mirror of XNU