| blob | 2803f071f79ecf2087d9cdb899f76f4e2bd680ce |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1986, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
25 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
26 /* All Rights Reserved */
28 /*
29 * University Copyright- Copyright (c) 1982, 1986, 1988
30 * The Regents of the University of California
31 * All Rights Reserved
32 *
33 * University Acknowledgment- Portions of this document are derived from
34 * software developed by the University of California, Berkeley, and its
35 * contributors.
36 */
38 /*
39 * VM - shared or copy-on-write from a vnode/anonymous memory.
40 */
42 #include <sys/types.h>
43 #include <sys/param.h>
44 #include <sys/t_lock.h>
45 #include <sys/errno.h>
46 #include <sys/systm.h>
47 #include <sys/mman.h>
48 #include <sys/debug.h>
49 #include <sys/cred.h>
50 #include <sys/vmsystm.h>
51 #include <sys/tuneable.h>
52 #include <sys/bitmap.h>
53 #include <sys/swap.h>
54 #include <sys/kmem.h>
55 #include <sys/sysmacros.h>
56 #include <sys/vtrace.h>
57 #include <sys/cmn_err.h>
58 #include <sys/callb.h>
59 #include <sys/vm.h>
60 #include <sys/dumphdr.h>
61 #include <sys/lgrp.h>
63 #include <vm/hat.h>
64 #include <vm/as.h>
65 #include <vm/seg.h>
66 #include <vm/seg_vn.h>
67 #include <vm/pvn.h>
68 #include <vm/anon.h>
69 #include <vm/page.h>
70 #include <vm/vpage.h>
71 #include <sys/proc.h>
72 #include <sys/task.h>
73 #include <sys/project.h>
74 #include <sys/zone.h>
75 #include <sys/shm_impl.h>
76 /*
77 * Private seg op routines.
78 */
105 uint_t behav);
110 uint_t szc);
117 segvn_dup,
118 segvn_unmap,
119 segvn_free,
120 segvn_fault,
121 segvn_faulta,
122 segvn_setprot,
123 segvn_checkprot,
124 segvn_kluster,
125 segvn_swapout,
126 segvn_sync,
127 segvn_incore,
128 segvn_lockop,
129 segvn_getprot,
130 segvn_getoffset,
131 segvn_gettype,
132 segvn_getvp,
133 segvn_advise,
134 segvn_dump,
135 segvn_pagelock,
136 segvn_setpagesize,
137 segvn_getmemid,
138 segvn_getpolicy,
139 segvn_capable,
140 };
142 /*
143 * Common zfod structures, provided as a shorthand for others to use.
144 */
164 uint_t segvn_pglock_comb_bshift;
209 #ifdef VM_STATS
224 #define CALC_LPG_REGION(pgsz, seg, addr, len, lpgaddr, lpgeaddr) { \
225 if ((len) != 0) { \
226 lpgaddr = (caddr_t)P2ALIGN((uintptr_t)(addr), pgsz); \
227 ASSERT(lpgaddr >= (seg)->s_base); \
228 lpgeaddr = (caddr_t)P2ROUNDUP((uintptr_t)((addr) + \
229 (len)), pgsz); \
230 ASSERT(lpgeaddr > lpgaddr); \
231 ASSERT(lpgeaddr <= (seg)->s_base + (seg)->s_size); \
232 } else { \
233 lpgeaddr = lpgaddr = (addr); \
234 } \
235 }
237 /*ARGSUSED*/
238 static int
240 {
247 }
249 /*ARGSUSED1*/
250 static void
252 {
257 }
259 /*ARGSUSED*/
260 static int
262 {
265 }
267 /*
268 * Patching this variable to non-zero allows the system to run with
269 * stacks marked as "not executable". It's a bit of a kludge, but is
270 * provided as a tweakable for platforms that export those ABIs
271 * (e.g. sparc V8) that have executable stacks enabled by default.
272 * There are also some restrictions for platforms that don't actually
273 * implement 'noexec' protections.
274 *
275 * Once enabled, the system is (therefore) unable to provide a fully
276 * ABI-compliant execution environment, though practically speaking,
277 * most everything works. The exceptions are generally some interpreters
278 * and debuggers that create executable code on the stack and jump
279 * into it (without explicitly mprotecting the address range to include
280 * PROT_EXEC).
281 *
282 * One important class of applications that are disabled are those
283 * that have been transformed into malicious agents using one of the
284 * numerous "buffer overflow" attacks. See 4007890.
285 */
292 ulong_t segvn_vmpss_clrszc_cnt;
293 ulong_t segvn_vmpss_clrszc_err;
294 ulong_t segvn_fltvnpages_clrszc_cnt;
295 ulong_t segvn_fltvnpages_clrszc_err;
296 ulong_t segvn_setpgsz_align_err;
297 ulong_t segvn_setpgsz_anon_align_err;
298 ulong_t segvn_setpgsz_getattr_err;
299 ulong_t segvn_setpgsz_eof_err;
300 ulong_t segvn_faultvnmpss_align_err1;
301 ulong_t segvn_faultvnmpss_align_err2;
302 ulong_t segvn_faultvnmpss_align_err3;
303 ulong_t segvn_faultvnmpss_align_err4;
304 ulong_t segvn_faultvnmpss_align_err5;
305 ulong_t segvn_vmpss_pageio_deadlk_err;
309 /*
310 * Segvn supports text replication optimization for NUMA platforms. Text
311 * replica's are represented by anon maps (amp). There's one amp per text file
312 * region per lgroup. A process chooses the amp for each of its text mappings
313 * based on the lgroup assignment of its main thread (t_tid = 1). All
314 * processes that want a replica on a particular lgroup for the same text file
315 * mapping share the same amp. amp's are looked up in svntr_hashtab hash table
316 * with vp,off,size,szc used as a key. Text replication segments are read only
317 * MAP_PRIVATE|MAP_TEXT segments that map vnode. Replication is achieved by
318 * forcing COW faults from vnode to amp and mapping amp pages instead of vnode
319 * pages. Replication amp is assigned to a segment when it gets its first
320 * pagefault. To handle main thread lgroup rehoming segvn_trasync_thread
321 * rechecks periodically if the process still maps an amp local to the main
322 * thread. If not async thread forces process to remap to an amp in the new
323 * home lgroup of the main thread. Current text replication implementation
324 * only provides the benefit to workloads that do most of their work in the
325 * main thread of a process or all the threads of a process run in the same
326 * lgroup. To extend text replication benefit to different types of
327 * multithreaded workloads further work would be needed in the hat layer to
328 * allow the same virtual address in the same hat to simultaneously map
329 * different physical addresses (i.e. page table replication would be needed
330 * for x86).
331 *
332 * amp pages are used instead of vnode pages as long as segment has a very
333 * simple life cycle. It's created via segvn_create(), handles S_EXEC
334 * (S_READ) pagefaults and is fully unmapped. If anything more complicated
335 * happens such as protection is changed, real COW fault happens, pagesize is
336 * changed, MC_LOCK is requested or segment is partially unmapped we turn off
337 * text replication by converting the segment back to vnode only segment
338 * (unmap segment's address range and set svd->amp to NULL).
339 *
340 * The original file can be changed after amp is inserted into
341 * svntr_hashtab. Processes that are launched after the file is already
342 * changed can't use the replica's created prior to the file change. To
343 * implement this functionality hash entries are timestamped. Replica's can
344 * only be used if current file modification time is the same as the timestamp
345 * saved when hash entry was created. However just timestamps alone are not
346 * sufficient to detect file modification via mmap(MAP_SHARED) mappings. We
347 * deal with file changes via MAP_SHARED mappings differently. When writable
348 * MAP_SHARED mappings are created to vnodes marked as executable we mark all
349 * existing replica's for this vnode as not usable for future text
350 * mappings. And we don't create new replica's for files that currently have
351 * potentially writable MAP_SHARED mappings (i.e. vn_is_mapped(V_WRITE) is
352 * true).
353 */
355 #define SEGVN_TEXTREPL_MAXBYTES_FACTOR (20)
379 ulong_t);
381 /*
382 * Initialize segvn data structures
383 */
384 void
386 {
387 uint_t maxszc;
388 uint_t szc;
400 }
403 /*NOTREACHED*/
404 }
409 /*NOTREACHED*/
410 }
411 szc--;
412 }
415 }
420 KM_SLEEP);
421 }
430 }
436 /*
437 * For now shared regions and text replication segvn support
438 * are mutually exclusive. This is acceptable because
439 * currently significant benefit from text replication was
440 * only observed on AMD64 NUMA platforms (due to relatively
441 * small L2$ size) and currently we don't support shared
442 * regions on x86.
443 */
446 }
448 #if defined(_LP64)
451 ulong_t i;
461 }
463 segvn_textrepl_max_bytes_factor;
469 }
470 #endif
475 }
478 }
480 #define SEGVN_PAGEIO ((void *)0x1)
481 #define SEGVN_NOPAGEIO ((void *)0x2)
483 static void
485 {
498 }
499 /*
500 * set v_mpssdata just once per vnode life
501 * so that it never changes.
502 */
509 }
510 }
512 }
513 }
515 int
517 {
533 /*NOTREACHED*/
534 }
536 /*
537 * Check arguments. If a shared anon structure is given then
538 * it is illegal to also specify a vp.
539 */
542 /*NOTREACHED*/
543 }
547 segvn_use_regions) {
549 }
551 /* MAP_NORESERVE on a MAP_SHARED segment is meaningless. */
569 /*
570 * paranoid check.
571 * hat_page_demote() is not supported
572 * on swapfs pages.
573 */
578 }
584 }
585 }
586 }
587 }
589 /*
590 * If segment may need private pages, reserve them now.
591 */
600 }
602 /*
603 * Reserve any mapping structures that may be required.
604 *
605 * Don't do it for segments that may use regions. It's currently a
606 * noop in the hat implementations anyway.
607 */
610 }
617 }
619 /* Inform the vnode of the new mapping */
630 }
635 }
637 }
638 /*
639 * svntr_hashtab will be NULL if we support shared regions.
640 */
650 }
652 /*
653 * MAP_NORESERVE mappings don't count towards the VSZ of a process
654 * until we fault the pages in.
655 */
659 }
661 /*
662 * If more than one segment in the address space, and they're adjacent
663 * virtually, try to concatenate them. Don't concatenate if an
664 * explicit anon_map structure was supplied (e.g., SystemV shared
665 * memory) or if we'll use text replication for this segment.
666 */
674 /*
675 * Memory policy flags (lgrp_mem_policy_flags) is valid when
676 * extending stack/heap segments.
677 */
682 /*
683 * Get policy when not extending it from another segment
684 */
686 }
688 /*
689 * First, try to concatenate the previous and new segments
690 */
695 /*
696 * Get memory allocation policy from previous segment.
697 * When extension is specified (e.g. for heap) apply
698 * this policy to the new segment regardless of the
699 * outcome of segment concatenation. Extension occurs
700 * for non-default policy otherwise default policy is
701 * used and is based on extended segment size.
702 */
706 LGRP_MP_FLAG_EXTEND_UP) {
713 }
714 }
720 /*
721 * success! now try to concatenate
722 * with following seg
723 */
737 }
738 }
740 /*
741 * Failed, so try to concatenate with following seg
742 */
747 /*
748 * Get memory allocation policy from next segment.
749 * When extension is specified (e.g. for stack) apply
750 * this policy to the new segment regardless of the
751 * outcome of segment concatenation. Extension occurs
752 * for non-default policy otherwise default policy is
753 * used and is based on extended segment size.
754 */
758 LGRP_MP_FLAG_EXTEND_DOWN) {
765 }
766 }
776 }
777 }
778 }
784 }
793 /*
794 * Anonymous mappings have no backing file so the offset is meaningless.
795 */
814 }
819 }
826 /*
827 * Shared mappings to a vp need no other setup.
828 * If we have a shared mapping to an anon_map object
829 * which hasn't been allocated yet, allocate the
830 * struct now so that it will be properly shared
831 * by remembering the swap reservation there.
832 */
835 ANON_SLEEP);
837 }
839 /*
840 * Private mapping (with or without a vp).
841 * Allocate anon_map when needed.
842 */
844 }
846 pgcnt_t anon_num;
848 /*
849 * Mapping to an existing anon_map structure without a vp.
850 * For now we will insure that the segment size isn't larger
851 * than the size - offset gives us. Later on we may wish to
852 * have the anon array dynamically allocated itself so that
853 * we don't always have to allocate all the anon pointer slots.
854 * This of course involves adding extra code to check that we
855 * aren't trying to use an anon pointer slot beyond the end
856 * of the currently allocated anon array.
857 */
860 /*NOTREACHED*/
861 }
866 /*
867 * SHARED mapping to a given anon_map.
868 */
873 }
878 /*
879 * PRIVATE mapping to a given anon_map.
880 * Make sure that all the needed anon
881 * structures are created (so that we will
882 * share the underlying pages if nothing
883 * is written by this mapping) and then
884 * duplicate the anon array as is done
885 * when a privately mapped segment is dup'ed.
886 */
888 caddr_t addr;
889 caddr_t eaddr;
890 ulong_t anon_idx;
895 }
902 /*
903 * Prevent 2 threads from allocating anon
904 * slots simultaneously.
905 */
917 /*
918 * Allocate the anon struct now.
919 * Might as well load up translation
920 * to the page while we're at it...
921 */
925 /*NOTREACHED*/
926 }
928 /*
929 * Re-acquire the anon_map lock and
930 * initialize the anon array entry.
931 */
935 ANON_SLEEP);
945 }
950 }
951 }
953 /*
954 * Set default memory allocation policy for segment
955 *
956 * Always set policy for private memory at least for initialization
957 * even if this is a shared memory segment
958 */
971 HAT_REGION_TEXT);
972 }
978 }
980 /*
981 * Concatenate two existing segments, if possible.
982 * Return 0 on success, -1 if two segments are not compatible
983 * or -2 on memory allocation failure.
984 * If amp_cat == 1 then try and concat segments with anon maps
985 */
986 static int
988 {
1005 }
1007 /* both segments exist, try to merge them */
1008 #define incompat(x) (svd1->x != svd2->x)
1016 #undef incompat
1018 /*
1019 * vp == NULL implies zfod, offset doesn't matter
1020 */
1024 }
1026 /*
1027 * Don't concatenate if either segment uses text replication.
1028 */
1031 }
1033 /*
1034 * Fail early if we're not supposed to concatenate
1035 * segments with non NULL amp.
1036 */
1039 }
1044 }
1048 }
1050 }
1052 /*
1053 * If either seg has vpages, create a new merged vpage array.
1054 */
1064 }
1073 }
1074 }
1083 }
1084 }
1093 }
1094 }
1104 }
1105 }
1106 }
1110 /*
1111 * If either segment has private pages, create a new merged anon
1112 * array. If mergeing shared anon segments just decrement anon map's
1113 * refcnt.
1114 */
1133 }
1135 }
1137 /*
1138 * XXX anon rwlock is not really needed because
1139 * this is a private segment and we are writers.
1140 */
1149 }
1151 }
1152 }
1158 ANON_NOSLEEP)) {
1163 }
1166 }
1168 }
1169 }
1173 }
1183 }
1185 }
1191 }
1192 /*
1193 * Now free the old vpage structures.
1194 */
1198 }
1202 }
1205 }
1208 }
1211 }
1213 }
1215 /* all looks ok, merge segments */
1222 }
1224 /*
1225 * Extend the previous segment (seg1) to include the
1226 * new segment (seg2 + a), if possible.
1227 * Return 0 on success.
1228 */
1229 static int
1234 {
1240 /*
1241 * We don't need any segment level locks for "segvn" data
1242 * since the address space is "write" locked.
1243 */
1248 }
1250 /* second segment is new, try to extend first */
1251 /* XXX - should also check cred */
1258 /* vp == NULL implies zfod, offset doesn't matter */
1265 }
1269 pgcnt_t newpgs;
1271 /*
1272 * Segment has private pages, can data structures
1273 * be expanded?
1274 *
1275 * Acquire the anon_map lock to prevent it from changing,
1276 * if it is shared. This ensures that the anon_map
1277 * will not change while a thread which has a read/write
1278 * lock on an address space references it.
1279 * XXX - Don't need the anon_map lock at all if "refcnt"
1280 * is 1.
1281 *
1282 * Can't grow a MAP_SHARED segment with an anonmap because
1283 * there may be existing anon slots where we want to extend
1284 * the segment and we wouldn't know what to do with them
1285 * (e.g., for tmpfs right thing is to just leave them there,
1286 * for /dev/zero they should be cleared out).
1287 */
1295 }
1302 }
1305 }
1308 new_vpage =
1310 KM_NOSLEEP);
1327 }
1328 }
1329 }
1340 }
1342 }
1344 /*
1345 * Extend the next segment (seg2) to include the
1346 * new segment (seg1 + a), if possible.
1347 * Return 0 on success.
1348 */
1349 static int
1355 {
1361 /*
1362 * We don't need any segment level locks for "segvn" data
1363 * since the address space is "write" locked.
1364 */
1369 }
1371 /* first segment is new, try to extend second */
1372 /* XXX - should also check cred */
1378 /* vp == NULL implies zfod, offset doesn't matter */
1385 }
1389 pgcnt_t newpgs;
1391 /*
1392 * Segment has private pages, can data structures
1393 * be expanded?
1394 *
1395 * Acquire the anon_map lock to prevent it from changing,
1396 * if it is shared. This ensures that the anon_map
1397 * will not change while a thread which has a read/write
1398 * lock on an address space references it.
1399 *
1400 * XXX - Don't need the anon_map lock at all if "refcnt"
1401 * is 1.
1402 */
1410 }
1418 }
1421 }
1424 new_vpage =
1426 KM_NOSLEEP);
1428 /* Not merging segments so adjust anon_index back */
1432 }
1448 }
1449 }
1450 }
1463 }
1465 }
1467 static int
1469 {
1474 uint_t prot;
1481 /*
1482 * If segment has anon reserved, reserve more for the new seg.
1483 * For a MAP_NORESERVE segment swresv will be a count of all the
1484 * allocated anon slots; thus we reserve for the child as many slots
1485 * as the parent has allocated. This semantic prevents the child or
1486 * parent from dieing during a copy-on-write fault caused by trying
1487 * to write a shared pre-existing anon page.
1488 */
1495 }
1508 }
1528 /*
1529 * Not attaching to a shared anon object.
1530 */
1538 }
1542 /* regions for now are only used on pure vnode segments */
1555 /*
1556 * Allocate and initialize new anon_map structure.
1557 */
1559 ANON_SLEEP);
1563 /*
1564 * We don't have to acquire the anon_map lock
1565 * for the new segment (since it belongs to an
1566 * address space that is still not associated
1567 * with any process), or the segment in the old
1568 * address space (since all threads in it
1569 * are stopped while duplicating the address space).
1570 */
1572 /*
1573 * The goal of the following code is to make sure that
1574 * softlocked pages do not end up as copy on write
1575 * pages. This would cause problems where one
1576 * thread writes to a page that is COW and a different
1577 * thread in the same process has softlocked it. The
1578 * softlock lock would move away from this process
1579 * because the write would cause this process to get
1580 * a copy (without the softlock).
1581 *
1582 * The strategy here is to just break the
1583 * sharing on pages that could possibly be
1584 * softlocked.
1585 */
1586 retry:
1590 uint_t vpprot;
1592 caddr_t addr;
1596 /*
1597 * The softlock count might be non zero
1598 * because some pages are still stuck in the
1599 * cache for lazy reclaim. Flush the cache
1600 * now. This should drop the count to zero.
1601 * [or there is really I/O going on to these
1602 * pages]. Note, we have the writers lock so
1603 * nothing gets inserted during the flush.
1604 */
1609 }
1612 /*
1613 * XXX break cow sharing using PAGESIZE
1614 * pages. They will be relocated into larger
1615 * pages at fault time.
1616 */
1619 old_idx)) {
1627 }
1628 /*
1629 * prot need not be computed
1630 * below 'cause anon_private is
1631 * going to ignore it anyway
1632 * as child doesn't inherit
1633 * pagelock from parent.
1634 */
1645 /* no mem abort */
1649 }
1654 }
1656 old_idx++;
1657 new_idx++;
1658 }
1661 /*
1662 * If at least one of anon slots of a
1663 * large page exists then make sure
1664 * all anon slots of a large page
1665 * exist to avoid partial cow sharing
1666 * of a large page in the future.
1667 */
1675 }
1679 }
1680 }
1681 }
1682 /*
1683 * If necessary, create a vpage structure for the new segment.
1684 * Do not copy any page lock indications.
1685 */
1687 uint_t i;
1696 }
1700 /* Inform the vnode of the new mapping */
1705 }
1706 out:
1712 }
1714 }
1717 /*
1718 * callback function to invoke free_vp_pages() for only those pages actually
1719 * processed by the HAT when a shared region is destroyed.
1720 */
1723 static void
1726 {
1727 u_offset_t off;
1740 }
1745 }
1747 /*
1748 * callback function used by segvn_unmap to invoke free_vp_pages() for only
1749 * those pages actually processed by the HAT
1750 */
1751 static void
1753 {
1757 u_offset_t off;
1766 }
1768 /*
1769 * This function determines the number of bytes of swap reserved by
1770 * a segment for which per-page accounting is present. It is used to
1771 * calculate the correct value of a segvn_data's swresv.
1772 */
1773 static size_t
1775 {
1787 nswappages++;
1788 }
1791 }
1793 static int
1795 {
1805 caddr_t nbase;
1810 /*
1811 * We don't need any segment level locks for "segvn" data
1812 * since the address space is "write" locked.
1813 */
1816 /*
1817 * Fail the unmap if pages are SOFTLOCKed through this mapping.
1818 * softlockcnt is protected from change by the as write lock.
1819 */
1820 retry:
1824 /*
1825 * If this is shared segment non 0 softlockcnt
1826 * means locked pages are still in use.
1827 */
1830 }
1832 /*
1833 * since we do have the writers lock nobody can fill
1834 * the cache during the purge. The flush either succeeds
1835 * or we still have pending I/Os.
1836 */
1841 }
1843 }
1845 /*
1846 * Check for bad sizes
1847 */
1851 /*NOTREACHED*/
1852 }
1865 /*
1866 * could pass a flag to segvn_demote_range()
1867 * below to tell it not to do any unloads but
1868 * this case is rare enough to not bother for
1869 * now.
1870 */
1878 }
1883 }
1885 }
1886 }
1888 /* Inform the vnode of the unmapping. */
1899 }
1901 /*
1902 * Remove any page locks set through this mapping.
1903 * If text replication is not off no page locks could have been
1904 * established via this mapping.
1905 */
1908 }
1915 HAT_REGION_TEXT);
1926 }
1927 /*
1928 * Unload any hardware translations in the range to be taken
1929 * out. Use a callback to invoke free_vp_pages() effectively.
1930 */
1935 }
1943 }
1944 }
1946 /*
1947 * Check for entire segment
1948 */
1952 }
1960 /*
1961 * Check for beginning of segment
1962 */
1974 /* free up old vpage */
1976 }
1980 /*
1981 * Shared anon map is no longer in use. Before
1982 * freeing its pages purge all entries from
1983 * pcache that belong to this amp.
1984 */
1989 }
1990 /*
1991 * Free up now unused parts of anon_map array.
1992 */
2001 len);
2002 }
2008 }
2010 /*
2011 * Unreserve swap space for the
2012 * unmapped chunk of this segment in
2013 * case it's MAP_SHARED
2014 */
2019 }
2020 }
2023 }
2055 }
2058 }
2061 }
2064 }
2066 /*
2067 * Check for end of segment
2068 */
2080 /* free up old vpage */
2083 }
2087 /*
2088 * Free up now unused parts of anon_map array.
2089 */
2092 /*
2093 * Shared anon map is no longer in use. Before
2094 * freeing its pages purge all entries from
2095 * pcache that belong to this amp.
2096 */
2101 }
2110 len);
2111 }
2117 }
2119 /*
2120 * Unreserve swap space for the
2121 * unmapped chunk of this segment in
2122 * case it's MAP_SHARED
2123 */
2128 }
2129 }
2131 }
2159 }
2162 }
2165 }
2168 }
2170 /*
2171 * The section to go is in the middle of the segment,
2172 * have to make it into two segments. nseg is made for
2173 * the high end while seg is cut down at the low end.
2174 */
2181 /*NOTREACHED*/
2182 }
2200 }
2206 /* need to split vpage into two arrays */
2224 /* free up old vpage */
2226 }
2232 /*
2233 * Need to create a new anon map for the new segment.
2234 * We'll also allocate a new smaller array for the old
2235 * smaller segment to save space.
2236 */
2240 /*
2241 * Free up now unused parts of anon_map array.
2242 */
2245 /*
2246 * Shared anon map is no longer in use. Before
2247 * freeing its pages purge all entries from
2248 * pcache that belong to this amp.
2249 */
2254 }
2262 len);
2263 }
2268 }
2270 /*
2271 * Unreserve swap space for the
2272 * unmapped chunk of this segment in
2273 * case it's MAP_SHARED
2274 */
2279 }
2280 }
2304 }
2306 }
2335 /*NOTREACHED*/
2336 }
2340 }
2343 }
2346 }
2349 }
2351 static void
2353 {
2359 /*
2360 * We don't need any segment level locks for "segvn" data
2361 * since the address space is "write" locked.
2362 */
2368 /*
2369 * Be sure to unlock pages. XXX Why do things get free'ed instead
2370 * of unmapped? XXX
2371 */
2375 /*
2376 * Deallocate the vpage and anon pointers if necessary and possible.
2377 */
2381 }
2383 /*
2384 * If there are no more references to this anon_map
2385 * structure, then deallocate the structure after freeing
2386 * up all the anon slot pointers that we can.
2387 */
2392 /*
2393 * Private - we only need to anon_free
2394 * the part that this segment refers to.
2395 */
2403 }
2406 /*
2407 * Shared anon map is no longer in use. Before
2408 * freeing its pages purge all entries from
2409 * pcache that belong to this amp.
2410 */
2414 /*
2415 * Shared - anon_free the entire
2416 * anon_map's worth of stuff and
2417 * release any swap reservation.
2418 */
2424 }
2430 }
2431 }
2436 /*
2437 * We had a private mapping which still has
2438 * a held anon_map so just free up all the
2439 * anon slot pointers that we were using.
2440 */
2447 }
2451 }
2452 }
2454 /*
2455 * Release swap reservation.
2456 */
2465 }
2466 /*
2467 * Release claim on vnode, credentials, and finally free the
2468 * private data.
2469 */
2475 }
2482 /*
2483 * Take segfree_syncmtx lock to let segvn_reclaim() finish if it's
2484 * still working with this segment without holding as lock (in case
2485 * it's called by pcache async thread).
2486 */
2493 }
2495 /*
2496 * Do a F_SOFTUNLOCK call over the range requested. The range must have
2497 * already been F_SOFTLOCK'ed.
2498 * Caller must always match addr and len of a softunlock with a previous
2499 * softlock with exactly the same addr and len.
2500 */
2501 static void
2503 {
2506 caddr_t adr;
2508 u_offset_t offset;
2509 ulong_t anon_index;
2524 }
2535 }
2541 }
2543 /*
2544 * Use page_find() instead of page_lookup() to
2545 * find the page since we know that it is locked.
2546 */
2552 /*NOTREACHED*/
2553 }
2564 }
2568 }
2571 /*
2572 * All SOFTLOCKS are gone. Wakeup any waiting
2573 * unmappers so they can try again to unmap.
2574 * Check for waiters first without the mutex
2575 * held so we don't always grab the mutex on
2576 * softunlocks.
2577 */
2583 }
2585 }
2586 }
2587 }
2589 #define PAGE_HANDLED ((page_t *)-1)
2591 /*
2592 * Release all the pages in the NULL terminated ppp list
2593 * which haven't already been converted to PAGE_HANDLED.
2594 */
2595 static void
2597 {
2601 }
2602 }
2606 /*
2607 * Workaround for viking chip bug. See bug id 1220902.
2608 * To fix this down in pagefault() would require importing so
2609 * much as and segvn code as to be unmaintainable.
2610 */
2613 /*
2614 * Handles all the dirty work of getting the right
2615 * anonymous pages and loading up the translations.
2616 * This routine is called only from segvn_fault()
2617 * when looping over the range of addresses requested.
2618 *
2619 * The basic algorithm here is:
2620 * If this is an anon_zero case
2621 * Call anon_zero to allocate page
2622 * Load up translation
2623 * Return
2624 * endif
2625 * If this is an anon page
2626 * Use anon_getpage to get the page
2627 * else
2628 * Find page in pl[] list passed in
2629 * endif
2630 * If not a cow
2631 * Load up the translation to the page
2632 * return
2633 * endif
2634 * Call anon_private to handle cow
2635 * Load up (writable) translation to new page
2636 */
2637 static faultcode_t
2649 {
2655 uint_t prot;
2660 ulong_t anon_index;
2665 anon_sync_obj_t cookie;
2669 }
2675 /*
2676 * Initialize protection value for this page.
2677 * If we have per page protection values check it now.
2678 */
2680 uint_t protchk;
2696 }
2703 }
2707 }
2709 /*
2710 * Always acquire the anon array lock to prevent 2 threads from
2711 * allocating separate anon slots for the same "addr".
2712 */
2719 }
2723 /*
2724 * Allocate a (normally) writable anonymous page of
2725 * zeroes. If no advance reservations, reserve now.
2726 */
2736 }
2737 }
2742 }
2743 /*
2744 * Re-acquire the anon_map lock and
2745 * initialize the anon array entry.
2746 */
2748 ANON_SLEEP);
2752 /*
2753 * Handle pages that have been marked for migration
2754 */
2763 }
2764 /*
2765 * If AS_PAGLCK is set in a_flags (via memcntl(2)
2766 * with MC_LOCKAS, MCL_FUTURE) and this is a
2767 * MAP_NORESERVE segment, we may need to
2768 * permanently lock the page as it is being faulted
2769 * for the first time. The following text applies
2770 * only to MAP_NORESERVE segments:
2771 *
2772 * As per memcntl(2), if this segment was created
2773 * after MCL_FUTURE was applied (a "future"
2774 * segment), its pages must be locked. If this
2775 * segment existed at MCL_FUTURE application (a
2776 * "past" segment), the interface is unclear.
2777 *
2778 * We decide to lock only if vpage is present:
2779 *
2780 * - "future" segments will have a vpage array (see
2781 * as_map), and so will be locked as required
2782 *
2783 * - "past" segments may not have a vpage array,
2784 * depending on whether events (such as
2785 * mprotect) have occurred. Locking if vpage
2786 * exists will preserve legacy behavior. Not
2787 * locking if vpage is absent, will not break
2788 * the interface or legacy behavior. Note that
2789 * allocating vpage here if it's absent requires
2790 * upgrading the segvn reader lock, the cost of
2791 * which does not seem worthwhile.
2792 *
2793 * Usually testing and setting VPP_ISPPLOCK and
2794 * VPP_SETPPLOCK requires holding the segvn lock as
2795 * writer, but in this case all readers are
2796 * serializing on the anon array lock.
2797 */
2812 }
2813 }
2815 }
2825 }
2826 }
2828 /*
2829 * Obtain the page structure via anon_getpage() if it is
2830 * a private copy of an object (the result of a previous
2831 * copy-on-write).
2832 */
2841 /*
2842 * If this is a shared mapping to an
2843 * anon_map, then ignore the write
2844 * permissions returned by anon_getpage().
2845 * They apply to the private mappings
2846 * of this anon_map.
2847 */
2849 }
2851 }
2852 }
2854 /*
2855 * Search the pl[] list passed in if it is from the
2856 * original object (i.e., not a private copy).
2857 */
2859 /*
2860 * Find original page. We must be bringing it in
2861 * from the list in pl[].
2862 */
2869 }
2872 /*NOTREACHED*/
2873 }
2876 }
2883 /*
2884 * The fault is treated as a copy-on-write fault if a
2885 * write occurs on a private segment and the object
2886 * page (i.e., mapping) is write protected. We assume
2887 * that fatal protection checks have already been made.
2888 */
2894 /*
2895 * If we are doing text replication COW on first touch.
2896 */
2903 }
2905 /*
2906 * If not a copy-on-write case load the translation
2907 * and return.
2908 */
2911 /*
2912 * Handle pages that have been marked for migration
2913 */
2922 }
2936 }
2938 }
2946 /*
2947 * Steal the page only if it isn't a private page
2948 * since stealing a private page is not worth the effort.
2949 */
2953 /*
2954 * Steal the original page if the following conditions are true:
2955 *
2956 * We are low on memory, the page is not private, page is not large,
2957 * not shared, not modified, not `locked' or if we have it `locked'
2958 * (i.e., p_cowcnt == 1 and p_lckcnt == 0, which also implies
2959 * that the page is not shared) and if it doesn't have any
2960 * translations. page_struct_lock isn't needed to look at p_cowcnt
2961 * and p_lckcnt because we first get exclusive lock on page.
2962 */
2970 /*
2971 * Check if this page has other translations
2972 * after unloading our translation.
2973 */
2977 HAT_UNLOAD);
2978 }
2980 /*
2981 * hat_unload() might sync back someone else's recent
2982 * modification, so check again.
2983 */
2986 }
2988 /*
2989 * If we have a vpage pointer, see if it indicates that we have
2990 * ``locked'' the page we map -- if so, tell anon_private to
2991 * transfer the locking resource to the new page.
2992 *
2993 * See Statement at the beginning of segvn_lockop regarding
2994 * the way lockcnts/cowcnts are handled during COW.
2995 *
2996 */
3000 /*
3001 * Allocate a private page and perform the copy.
3002 * For MAP_NORESERVE reserve swap space now, unless this
3003 * is a cow fault on an existing anon page in which case
3004 * MAP_NORESERVE will have made advance reservations.
3005 */
3014 }
3015 }
3021 }
3023 /*
3024 * If we copied away from an anonymous page, then
3025 * we are one step closer to freeing up an anon slot.
3026 *
3027 * NOTE: The original anon slot must be released while
3028 * holding the "anon_map" lock. This is necessary to prevent
3029 * other threads from obtaining a pointer to the anon slot
3030 * which may be freed if its "refcnt" is 1.
3031 */
3037 /*
3038 * Handle pages that have been marked for migration
3039 */
3051 }
3062 out:
3068 }
3070 }
3072 /*
3073 * relocate a bunch of smaller targ pages into one large repl page. all targ
3074 * pages must be complete pages smaller than replacement pages.
3075 * it's assumed that no page's szc can change since they are all PAGESIZE or
3076 * complete large pages locked SHARED.
3077 */
3078 static void
3080 {
3083 pgcnt_t i;
3087 spgcnt_t npgs;
3096 spgcnt_t nreloc;
3124 }
3127 }
3131 "page_relocate failed err=%d curnpgs=%ld "
3133 }
3137 }
3147 repl++;
3148 }
3149 }
3151 /*
3152 * Check if all pages in ppa array are complete smaller than szc pages and
3153 * their roots will still be aligned relative to their current size if the
3154 * entire ppa array is relocated into one szc page. If these conditions are
3155 * not met return 0.
3156 *
3157 * If all pages are properly aligned attempt to upgrade their locks
3158 * to exclusive mode. If it fails set *upgrdfail to 1 and return 0.
3159 * upgrdfail was set to 0 by caller.
3160 *
3161 * Return 1 if all pages are aligned and locked exclusively.
3162 *
3163 * If all pages in ppa array happen to be physically contiguous to make one
3164 * szc page and all exclusive locks are successfully obtained promote the page
3165 * size to szc and set *pszc to szc. Return 1 with pages locked shared.
3166 */
3167 static int
3169 {
3171 pfn_t pfn;
3173 pfn_t first_pfn;
3175 pgcnt_t i;
3176 pgcnt_t j;
3177 uint_t curszc;
3178 pgcnt_t curnpgs;
3195 }
3198 }
3203 }
3208 }
3210 /*
3211 * p_szc changed means we don't have all pages
3212 * locked. return failure.
3213 */
3216 }
3222 }
3230 }
3234 }
3237 }
3238 }
3239 }
3246 }
3251 }
3252 }
3254 /*
3255 * When a page is put a free cachelist its szc is set to 0. if file
3256 * system reclaimed pages from cachelist targ pages will be physically
3257 * contiguous with 0 p_szc. in this case just upgrade szc of targ
3258 * pages without any relocations.
3259 * To avoid any hat issues with previous small mappings
3260 * hat_pageunload() the target pages first.
3261 */
3266 }
3269 }
3273 }
3276 }
3277 }
3280 }
3282 /*
3283 * Create physically contiguous pages for [vp, off] - [vp, off +
3284 * page_size(szc)) range and for private segment return them in ppa array.
3285 * Pages are created either via IO or relocations.
3286 *
3287 * Return 1 on success and 0 on failure.
3288 *
3289 * If physically contiguous pages already exist for this range return 1 without
3290 * filling ppa array. Caller initializes ppa[0] as NULL to detect that ppa
3291 * array wasn't filled. In this case caller fills ppa array via VOP_GETPAGE().
3292 */
3294 static int
3299 {
3305 spgcnt_t nreloc;
3316 pfn_t pfn;
3317 ulong_t ppages;
3322 uint_t pszc;
3330 /*
3331 * downsize will be set to 1 only if we fail to lock pages. this will
3332 * allow subsequent faults to try to relocate the page again. If we
3333 * fail due to misalignment don't downsize and let the caller map the
3334 * whole region with small mappings to avoid more faults into the area
3335 * where we can't get large pages anyway.
3336 */
3344 /*
3345 * we pass NULL for nrelocp to page_lookup_create()
3346 * so that it doesn't relocate. We relocate here
3347 * later only after we make sure we can lock all
3348 * pages in the range we handle and they are all
3349 * aligned.
3350 */
3364 }
3379 }
3382 segvn_faultvnmpss_align_err1++;
3384 }
3388 /*
3389 * sizing down to pszc won't help.
3390 */
3392 segvn_faultvnmpss_align_err2++;
3394 }
3398 /*
3399 * sizing down to pszc won't help.
3400 */
3402 segvn_faultvnmpss_align_err3++;
3404 }
3411 }
3416 /*
3417 * Some file systems like NFS don't check EOF
3418 * conditions in VOP_PAGEIO(). Check it here
3419 * now that pages are locked SE_EXCL. Any file
3420 * truncation will wait until the pages are
3421 * unlocked so no need to worry that file will
3422 * be truncated after we check its size here.
3423 * XXX fix NFS to remove this check.
3424 */
3430 }
3437 }
3444 segvn_vmpss_pageio_deadlk_err++;
3445 }
3447 }
3448 nios++;
3456 PAGESHIFT;
3460 }
3461 }
3471 }
3473 /*
3474 * page szc chould have changed before the entire group was
3475 * locked. reread page szc.
3476 */
3480 /* link just the roots */
3489 }
3491 }
3499 }
3505 }
3511 segvn_vmpss_pageio_deadlk_err++;
3512 }
3514 }
3515 nios++;
3524 }
3525 }
3526 /*
3527 * we're now bound to succeed or panic.
3528 * remove pages from done_pplist. it's not needed anymore.
3529 */
3533 }
3546 #ifdef DEBUG
3554 #endif
3560 }
3568 pp++;
3569 }
3570 }
3581 }
3585 /*
3586 * the caller will still call VOP_GETPAGE() for shared segments
3587 * to check FS write permissions. For private segments we map
3588 * file read only anyway. so no VOP_GETPAGE is needed.
3589 */
3597 }
3599 }
3602 out:
3603 /*
3604 * Do the cleanup. Unlock target pages we didn't relocate. They are
3605 * linked on targ_pplist by root pages. reassemble unused replacement
3606 * and io pages back to pplist.
3607 */
3621 }
3635 }
3646 /* relink replacement page */
3650 pp++;
3654 }
3655 }
3660 }
3661 /*
3662 * at this point all pages are either on done_pplist or
3663 * pplist. They can't be all on done_pplist otherwise
3664 * we'd've been done.
3665 */
3692 }
3699 }
3702 }
3706 /*
3707 * don't downsize on io error.
3708 * see if vop_getpage succeeds.
3709 * pplist may still be used in this case
3710 * for relocations.
3711 */
3713 }
3719 }
3723 #define SEGVN_RESTORE_SOFTLOCK_VP(type, pages) \
3724 if ((type) == F_SOFTLOCK) { \
3725 atomic_add_long((ulong_t *)&(svd)->softlockcnt, \
3726 -(pages)); \
3727 }
3729 #define SEGVN_UPDATE_MODBITS(ppa, pages, rw, prot, vpprot) \
3730 if (IS_VMODSORT((ppa)[0]->p_vnode)) { \
3731 if ((rw) == S_WRITE) { \
3732 for (i = 0; i < (pages); i++) { \
3733 ASSERT((ppa)[i]->p_vnode == \
3734 (ppa)[0]->p_vnode); \
3735 hat_setmod((ppa)[i]); \
3736 } \
3737 } else if ((rw) != S_OTHER && \
3738 ((prot) & (vpprot) & PROT_WRITE)) { \
3739 for (i = 0; i < (pages); i++) { \
3740 ASSERT((ppa)[i]->p_vnode == \
3741 (ppa)[0]->p_vnode); \
3742 if (!hat_ismod((ppa)[i])) { \
3743 prot &= ~PROT_WRITE; \
3744 break; \
3745 } \
3746 } \
3747 } \
3748 }
3750 #ifdef VM_STATS
3752 #define SEGVN_VMSTAT_FLTVNPAGES(idx) \
3753 VM_STAT_ADD(segvnvmstats.fltvnpages[(idx)]);
3757 #define SEGVN_VMSTAT_FLTVNPAGES(idx)
3759 #endif
3761 static faultcode_t
3765 {
3783 uint_t pszc;
3785 pgcnt_t ppages;
3790 ulong_t i;
3792 anon_sync_obj_t an_cookie;
3799 pfn_t pfn;
3824 }
3841 }
3844 /* caller has already done segment level protection check. */
3845 }
3849 }
3856 }
3868 uint_t tszc;
3875 }
3882 }
3883 }
3885 again:
3903 }
3909 }
3917 }
3918 }
3930 }
3931 }
3934 pages);
3935 }
3951 }
3966 }
3972 }
3973 }
3978 }
3986 #ifdef DEBUG
3994 }
3995 }
4000 }
4006 }
4014 }
4020 }
4026 }
4031 }
4037 }
4039 /* can't reduce map area */
4043 }
4049 }
4054 }
4064 }
4070 }
4074 /*
4075 * For private segments SOFTLOCK
4076 * either always breaks cow (any rw
4077 * type except S_READ_NOCOW) or
4078 * address space is locked as writer
4079 * (S_READ_NOCOW case) and anon slots
4080 * can't show up on second check.
4081 * Therefore if we are here for
4082 * SOFTLOCK case it must be a cow
4083 * break but cow break never reduces
4084 * szc. text replication (tron) in
4085 * this case works as cow break.
4086 * Thus the assert below.
4087 */
4093 }
4096 }
4097 #ifdef DEBUG
4101 }
4121 }
4124 /*
4125 * p_szc can't be changed for locked
4126 * swapfs pages.
4127 */
4129 HAT_INVALID_REGION_COOKIE);
4131 hat_flag);
4137 }
4138 }
4142 }
4148 /*
4149 * hat_page_demote() needs an SE_EXCL lock on one of
4150 * constituent page_t's and it decreases root's p_szc
4151 * last. This means if root's p_szc is equal szc and
4152 * all its constituent pages are locked
4153 * hat_page_demote() that could have changed p_szc to
4154 * szc is already done and no new have page_demote()
4155 * can start for this large page.
4156 */
4158 /*
4159 * we need to make sure same mapping size is used for
4160 * the same address range if there's a possibility the
4161 * adddress is already mapped because hat layer panics
4162 * when translation is loaded for the range already
4163 * mapped with a different page size. We achieve it
4164 * by always using largest page size possible subject
4165 * to the constraints of page size, segment page size
4166 * and page alignment. Since mappings are invalidated
4167 * when those constraints change and make it
4168 * impossible to use previously used mapping size no
4169 * mapping size conflicts should happen.
4170 */
4172 chkszc:
4177 #ifdef DEBUG
4187 }
4189 /*
4190 * All pages are of szc we need and they are
4191 * all locked so they can't change szc. load
4192 * translations.
4193 *
4194 * if page got promoted since last check
4195 * we don't need pplist.
4196 */
4200 }
4203 }
4211 /*
4212 * avoid large xhat mappings to FS
4213 * pages so that hat_page_demote()
4214 * doesn't need to check for xhat
4215 * large mappings.
4216 * Don't use regions with xhats.
4217 */
4222 hat_flag);
4223 }
4224 }
4229 }
4230 }
4234 }
4236 }
4238 /*
4239 * See if upsize is possible.
4240 */
4243 pgcnt_t aphase;
4253 segvn_faultvnmpss_align_err4++;
4260 }
4263 }
4267 }
4271 }
4272 }
4274 /*
4275 * check if we should use smallest mapping size.
4276 */
4286 /*
4287 * segvn_full_szcpages failed to lock
4288 * all pages EXCL. Size down.
4289 */
4298 }
4302 }
4306 }
4309 }
4311 segvn_faultvnmpss_align_err5++;
4312 }
4317 }
4321 /* SOFTLOCK case */
4331 }
4332 }
4336 }
4337 }
4341 }
4343 }
4346 /*
4347 * segvn_full_szcpages() upgraded pages szc.
4348 */
4352 }
4357 /*
4358 * p_szc of ppa[0] can change since we haven't
4359 * locked all constituent pages. Call
4360 * page_lock_szc() to prevent szc changes.
4361 * This should be a rare case that happens when
4362 * multiple segments use a different page size
4363 * to map the same file offsets.
4364 */
4373 }
4375 }
4377 /*
4378 * page got promoted since last check.
4379 * we don't need preaalocated large
4380 * page.
4381 */
4385 }
4394 }
4395 }
4399 }
4401 }
4403 /*
4404 * if page got demoted since last check
4405 * we could have not allocated larger page.
4406 * allocate now.
4407 */
4414 }
4418 }
4422 }
4428 #ifdef DEBUG
4433 }
4445 }
4450 }
4455 }
4456 }
4460 }
4462 next:
4465 }
4467 }
4474 /*
4475 * ierr == -1 means we failed to map with a large page.
4476 * (either due to allocation/relocation failures or
4477 * misalignment with other mappings to this file.
4478 *
4479 * ierr == -2 means some other thread allocated a large page
4480 * after we gave up tp map with a large page. retry with
4481 * larger mapping.
4482 */
4492 szc--;
4496 /*
4497 * other process created pszc large page.
4498 * but we still have to drop to 0 szc.
4499 */
4501 }
4506 /*
4507 * Size up case. Note lpgaddr may only be needed for
4508 * softlock case so we don't adjust it here.
4509 */
4518 /*
4519 * Size down case. Note lpgaddr may only be needed for
4520 * softlock case so we don't adjust it here.
4521 */
4528 /*
4529 * The beginning of the large page region can
4530 * be pulled to the right to make a smaller
4531 * region. We haven't yet faulted a single
4532 * page.
4533 */
4541 }
4542 }
4543 }
4544 out:
4549 }
4553 }
4557 }
4559 /*
4560 * Large page end is mapped beyond the end of file and it's a cow
4561 * fault (can be a text replication induced cow) or softlock so we can't
4562 * reduce the map area. For now just demote the segment. This should
4563 * really only happen if the end of the file changed after the mapping
4564 * was established since when large page segments are created we make
4565 * sure they don't extend beyond the end of the file.
4566 */
4573 segvn_fltvnpages_clrszc_cnt++;
4577 segvn_fltvnpages_clrszc_err++;
4578 }
4579 }
4582 /* segvn_fault will do its job as if szc had been zero to begin with */
4584 }
4586 /*
4587 * This routine will attempt to fault in one large page.
4588 * it will use smaller pages if that fails.
4589 * It should only be called for pure anonymous segments.
4590 */
4591 static faultcode_t
4595 {
4609 uint_t ppa_szc;
4610 faultcode_t err;
4613 ulong_t i;
4615 anon_sync_obj_t cookie;
4635 }
4652 }
4656 /* caller has already done segment level protection check. */
4657 }
4672 }
4673 }
4682 pgsz);
4683 }
4686 pages);
4687 }
4700 }
4705 }
4707 }
4716 /*
4717 * Handle pages that have been marked for migration
4718 */
4726 }
4737 }
4743 }
4747 /*
4748 * ierr == -1 means we failed to allocate a large page.
4749 * so do a size down operation.
4750 *
4751 * ierr == -2 means some other process that privately shares
4752 * pages with this process has allocated a larger page and we
4753 * need to retry with larger pages. So do a size up
4754 * operation. This relies on the fact that large pages are
4755 * never partially shared i.e. if we share any constituent
4756 * page of a large page with another process we must share the
4757 * entire large page. Note this cannot happen for SOFTLOCK
4758 * case, unless current address (a) is at the beginning of the
4759 * next page size boundary because the other process couldn't
4760 * have relocated locked pages.
4761 */
4769 /*
4770 * For non COW faults and segvn_anypgsz == 0
4771 * we need to be careful not to loop forever
4772 * if existing page is found with szc other
4773 * than 0 or seg->s_szc. This could be due
4774 * to page relocations on behalf of DR or
4775 * more likely large page creation. For this
4776 * case simply re-size to existing page's szc
4777 * if returned by anon_map_getpages().
4778 */
4786 }
4787 }
4794 /*
4795 * For softlocks we cannot reduce the fault area
4796 * (calculated based on the largest page size for this
4797 * segment) for size down and a is already next
4798 * page size aligned as assertted above for size
4799 * ups. Therefore just continue in case of softlock.
4800 */
4805 /*
4806 * Size up case. Note lpgaddr may only be needed for
4807 * softlock case so we don't adjust it here.
4808 */
4817 /*
4818 * Size down case. Note lpgaddr may only be needed for
4819 * softlock case so we don't adjust it here.
4820 */
4827 /*
4828 * The beginning of the large page region can
4829 * be pulled to the right to make a smaller
4830 * region. We haven't yet faulted a single
4831 * page.
4832 */
4839 }
4840 }
4841 }
4846 error:
4853 }
4855 }
4859 /*
4860 * This routine is called via a machine specific fault handling routine.
4861 * It is also called by software routines wishing to lock or unlock
4862 * a range of addresses.
4863 *
4864 * Here is the basic algorithm:
4865 * If unlocking
4866 * Call segvn_softunlock
4867 * Return
4868 * endif
4869 * Checking and set up work
4870 * If we will need some non-anonymous pages
4871 * Call VOP_GETPAGE over the range of non-anonymous pages
4872 * endif
4873 * Loop over all addresses requested
4874 * Call segvn_faultpage passing in page list
4875 * to load up translations and handle anonymous pages
4876 * endloop
4877 * Load up translation to any additional pages in page list not
4878 * already handled that fit into this segment
4879 */
4880 static faultcode_t
4883 {
4886 u_offset_t off;
4887 caddr_t a;
4894 ulong_t anon_index;
4899 anon_sync_obj_t cookie;
4905 /*
4906 * First handle the easy stuff
4907 */
4912 }
4921 }
4936 }
4938 }
4946 }
4955 }
4958 }
4960 top:
4963 /*
4964 * If we have the same protections for the entire segment,
4965 * insure that the access being attempted is legitimate.
4966 */
4969 uint_t protchk;
4986 }
4991 }
4992 }
4995 /* this must be SOFTLOCK S_READ fault */
5001 /*
5002 * this must be the first ever non S_READ_NOCOW
5003 * softlock for this segment.
5004 */
5007 HAT_REGION_TEXT);
5009 }
5012 }
5014 /*
5015 * We can't allow the long term use of softlocks for vmpss segments,
5016 * because in some file truncation cases we should be able to demote
5017 * the segment, which requires that there are no softlocks. The
5018 * only case where it's ok to allow a SOFTLOCK fault against a vmpss
5019 * segment is S_READ_NOCOW, where the caller holds the address space
5020 * locked as writer and calls softunlock before dropping the as lock.
5021 * S_READ_NOCOW is used by /proc to read memory from another user.
5022 *
5023 * Another deadlock between SOFTLOCK and file truncation can happen
5024 * because segvn_fault_vnodepages() calls the FS one pagesize at
5025 * a time. A second VOP_GETPAGE() call by segvn_fault_vnodepages()
5026 * can cause a deadlock because the first set of page_t's remain
5027 * locked SE_SHARED. To avoid this, we demote segments on a first
5028 * SOFTLOCK if they have a length greater than the segment's
5029 * page size.
5030 *
5031 * So for now, we only avoid demoting a segment on a SOFTLOCK when
5032 * the access type is S_READ_NOCOW and the fault length is less than
5033 * or equal to the segment's page size. While this is quite restrictive,
5034 * it should be the most common case of SOFTLOCK against a vmpss
5035 * segment.
5036 *
5037 * For S_READ_NOCOW, it's safe not to do a copy on write because the
5038 * caller makes sure no COW will be caused by another thread for a
5039 * softlocked page.
5040 */
5046 }
5050 lpgeaddr);
5053 }
5054 }
5062 segvn_vmpss_clrszc_cnt++;
5066 segvn_vmpss_clrszc_err++;
5069 }
5070 }
5074 }
5075 }
5077 /*
5078 * Check to see if we need to allocate an anon_map structure.
5079 */
5082 /*
5083 * Drop the "read" lock on the segment and acquire
5084 * the "write" version since we have to allocate the
5085 * anon_map.
5086 */
5093 }
5096 /*
5097 * Start all over again since segment protections
5098 * may have changed after we dropped the "read" lock.
5099 */
5101 }
5103 /*
5104 * S_READ_NOCOW vs S_READ distinction was
5105 * only needed for the code above. After
5106 * that we treat it as S_READ.
5107 */
5112 }
5116 /*
5117 * MADV_SEQUENTIAL work is ignored for large page segments.
5118 */
5134 }
5135 }
5138 }
5152 /*
5153 * The fast path could apply to S_WRITE also, except
5154 * that the protection fault could be caused by lazy
5155 * tlb flush when ro->rw. In this case, the pte is
5156 * RW already. But RO in the other cpu's tlb causes
5157 * the fault. Since hat_chgprot won't do anything if
5158 * pte doesn't change, we may end up faulting
5159 * indefinitely until the RO tlb entry gets replaced.
5160 */
5168 }
5169 }
5174 }
5175 }
5176 slow:
5180 else
5185 /*
5186 * If MADV_SEQUENTIAL has been set for the particular page we
5187 * are faulting on, free behind all pages in the segment and put
5188 * them on the free list.
5189 */
5193 ulong_t fanon_index;
5215 /*
5216 * If this is an anon page, we must find the
5217 * correct <vp, offset> for it
5218 */
5222 RW_READER);
5226 fanon_index);
5232 }
5238 }
5241 /*
5242 * Skip pages that are free or have an
5243 * "exclusive" lock.
5244 */
5248 /*
5249 * We don't need the page_struct_lock to test
5250 * as this is only advisory; even if we
5251 * acquire it someone might race in and lock
5252 * the page after we unlock and before the
5253 * PUTPAGE, then VOP_PUTPAGE will do nothing.
5254 */
5256 /*
5257 * Hold the vnode before releasing
5258 * the page lock to prevent it from
5259 * being freed and re-used by some
5260 * other thread.
5261 */
5264 /*
5265 * We should build a page list
5266 * to kluster putpages XXX
5267 */
5274 /*
5275 * XXX - Should the loop terminate if
5276 * the page is `locked'?
5277 */
5279 }
5283 }
5284 }
5285 }
5291 /*
5292 * See if we need to call VOP_GETPAGE for
5293 * *any* of the range being faulted on.
5294 * We can skip all of this work if there
5295 * was no original vnode.
5296 */
5298 u_offset_t vp_off;
5309 /*
5310 * Only acquire reader lock to prevent amp->ahp
5311 * from being changed. It's ok to miss pages,
5312 * hence we don't do anon_array_enter
5313 */
5318 /* inline non_anon() */
5320 else
5324 }
5331 /*
5332 * Page list won't fit in local array,
5333 * allocate one of the needed size.
5334 */
5335 pl_alloc_sz =
5345 /*
5346 * Ask VOP_GETPAGE to return the exact number
5347 * of pages if
5348 * (a) this is a COW fault, or
5349 * (b) this is a software fault, or
5350 * (c) next page is already mapped.
5351 */
5354 /*
5355 * Ask VOP_GETPAGE to return adjacent pages
5356 * within the segment.
5357 */
5362 }
5364 /*
5365 * Need to get some non-anonymous pages.
5366 * We need to make only one call to GETPAGE to do
5367 * this to prevent certain deadlocking conditions
5368 * when we are doing locking. In this case
5369 * non_anon() should have picked up the smallest
5370 * range which includes all the non-anonymous
5371 * pages in the requested range. We have to
5372 * be careful regarding which rw flag to pass in
5373 * because on a private mapping, the underlying
5374 * object is never allowed to be written.
5375 */
5380 }
5394 }
5397 }
5398 }
5400 /*
5401 * N.B. at this time the plp array has all the needed non-anon
5402 * pages in addition to (possibly) having some adjacent pages.
5403 */
5405 /*
5406 * Always acquire the anon_array_lock to prevent
5407 * 2 threads from allocating separate anon slots for
5408 * the same "addr".
5409 *
5410 * If this is a copy-on-write fault and we don't already
5411 * have the anon_array_lock, acquire it to prevent the
5412 * fault routine from handling multiple copy-on-write faults
5413 * on the same "addr" in the same address space.
5414 *
5415 * Only one thread should deal with the fault since after
5416 * it is handled, the other threads can acquire a translation
5417 * to the newly created private page. This prevents two or
5418 * more threads from creating different private pages for the
5419 * same fault.
5420 *
5421 * We grab "serialization" lock here if this is a MAP_PRIVATE segment
5422 * to prevent deadlock between this thread and another thread
5423 * which has soft-locked this page and wants to acquire serial_lock.
5424 * ( bug 4026339 )
5425 *
5426 * The fix for bug 4026339 becomes unnecessary when using the
5427 * locking scheme with per amp rwlock and a global set of hash
5428 * lock, anon_array_lock. If we steal a vnode page when low
5429 * on memory and upgrad the page lock through page_rename,
5430 * then the page is PAGE_HANDLED, nothing needs to be done
5431 * for this page after returning from segvn_faultpage.
5432 *
5433 * But really, the page lock should be downgraded after
5434 * the stolen page is page_rename'd.
5435 */
5440 /*
5441 * Ok, now loop over the address range and handle faults
5442 */
5451 S_OTHER);
5452 }
5458 }
5460 vpage++;
5464 }
5465 }
5467 /* Didn't get pages from the underlying fs so we're done */
5471 /*
5472 * Now handle any other pages in the list returned.
5473 * If the page can be used, load up the translations now.
5474 * Note that the for loop will only be entered if "plp"
5475 * is pointing to a non-NULL page pointer which means that
5476 * VOP_GETPAGE() was called and vpprot has been initialized.
5477 */
5482 /*
5483 * Large Files: diff should be unsigned value because we started
5484 * supporting > 2GB segment sizes from 2.5.1 and when a
5485 * large file of size > 2GB gets mapped to address space
5486 * the diff value can be > 2GB.
5487 */
5493 anon_sync_obj_t cookie;
5498 }
5509 /*
5510 * Large Files: Following is the assertion
5511 * validating the above cast.
5512 */
5519 /*
5520 * Prevent other threads in the address space from
5521 * creating private pages (i.e., allocating anon slots)
5522 * while we are in the process of loading translations
5523 * to additional pages returned by the underlying
5524 * object.
5525 */
5530 }
5533 enable_mbit_wa) {
5539 }
5540 /*
5541 * Skip mapping read ahead pages marked
5542 * for migration, so they will get migrated
5543 * properly on fault
5544 */
5552 }
5553 }
5556 }
5558 }
5559 done:
5566 }
5568 /*
5569 * This routine is used to start I/O on pages asynchronously. XXX it will
5570 * only create PAGESIZE pages. At fault time they will be relocated into
5571 * larger pages.
5572 */
5573 static faultcode_t
5575 {
5587 /*
5588 * Reader lock to prevent amp->ahp from being changed.
5589 * This is advisory, it's ok to miss a page, so
5590 * we don't do anon_array_enter lock.
5591 */
5604 }
5606 }
5611 }
5625 }
5627 static int
5629 {
5634 pgcnt_t pgcnt;
5635 anon_sync_obj_t cookie;
5645 /* return if prot is the same */
5649 }
5651 /*
5652 * Since we change protections we first have to flush the cache.
5653 * This makes sure all the pagelock calls have to recheck
5654 * protections.
5655 */
5659 /*
5660 * If this is shared segment non 0 softlockcnt
5661 * means locked pages are still in use.
5662 */
5666 }
5668 /*
5669 * Since we do have the segvn writers lock nobody can fill
5670 * the cache with entries belonging to this seg during
5671 * the purge. The flush either succeeds or we still have
5672 * pending I/Os.
5673 */
5678 }
5679 }
5685 HAT_REGION_TEXT);
5695 }
5701 }
5710 /*
5711 * If we are holding the as lock as a reader then
5712 * we need to return IE_RETRY and let the as
5713 * layer drop and re-acquire the lock as a writer.
5714 */
5727 }
5733 }
5734 }
5737 /*
5738 * If it's a private mapping and we're making it writable then we
5739 * may have to reserve the additional swap space now. If we are
5740 * making writable only a part of the segment then we use its vpage
5741 * array to keep a record of the pages for which we have reserved
5742 * swap. In this case we set the pageswap field in the segment's
5743 * segvn structure to record this.
5744 *
5745 * If it's a private mapping to a file (i.e., vp != NULL) and we're
5746 * removing write permission on the entire segment and we haven't
5747 * modified any pages, we can release the swap space.
5748 */
5755 /*
5756 * Start by determining how much swap
5757 * space is required.
5758 */
5762 /* The whole segment */
5765 /*
5766 * Make sure that the vpage array
5767 * exists, and make a note of the
5768 * range of elements corresponding
5769 * to len.
5770 */
5777 /*
5778 * This is the first time we've
5779 * asked for a part of this
5780 * segment, so we need to
5781 * reserve everything we've
5782 * been asked for.
5783 */
5786 /*
5787 * We have to count the number
5788 * of pages required.
5789 */
5791 cvp++) {
5793 sz++;
5794 }
5796 }
5797 }
5799 /* Try to reserve the necessary swap. */
5804 }
5806 /*
5807 * Make a note of how much swap space
5808 * we've reserved.
5809 */
5819 }
5820 }
5821 }
5823 /*
5824 * Swap space is released only if this segment
5825 * does not map anonymous memory, since read faults
5826 * on such segments still need an anon slot to read
5827 * in the data.
5828 */
5838 }
5839 }
5840 }
5846 }
5855 /*
5856 * A vpage structure exists or else the change does not
5857 * involve the entire segment. Establish a vpage structure
5858 * if none is there. Then, for each page in the range,
5859 * adjust its individual permissions. Note that write-
5860 * enabling a MAP_PRIVATE page can affect the claims for
5861 * locked down memory. Overcommitting memory terminates
5862 * the operation.
5863 */
5871 }
5876 /*
5877 * See Statement at the beginning of segvn_lockop regarding
5878 * the way cowcnts and lckcnts are handled.
5879 */
5886 }
5892 }
5894 }
5897 }
5898 anon_idx++;
5904 }
5920 /*NOTREACHED*/
5921 }
5924 PROT_WRITE) {
5927 pp)) {
5930 }
5933 pp)) {
5936 }
5937 }
5938 }
5942 }
5945 }
5949 /*
5950 * Did we terminate prematurely? If so, simply unload
5951 * the translations to the things we've updated so far.
5952 */
5957 }
5959 PAGESIZE;
5966 }
5973 }
5974 }
5979 }
5984 /*
5985 * Either private or shared data with write access (in
5986 * which case we need to throw out all former translations
5987 * so that we get the right translations set up on fault
5988 * and we don't allow write access to any copy-on-write pages
5989 * that might be around or to prevent write access to pages
5990 * representing holes in a file), or we don't have permission
5991 * to access the memory at all (in which case we have to
5992 * unload any current translations that might exist).
5993 */
5996 /*
5997 * A shared mapping or a private mapping in which write
5998 * protection is going to be denied - just change all the
5999 * protections over the range of addresses in question.
6000 * segvn does not support any other attributes other
6001 * than prot so we can use hat_chgattr.
6002 */
6004 }
6009 }
6011 /*
6012 * segvn_setpagesize is called via SEGOP_SETPAGESIZE from as_setpagesize,
6013 * to determine if the seg is capable of mapping the requested szc.
6014 */
6015 static int
6017 {
6033 }
6035 /*
6036 * addr should always be pgsz aligned but eaddr may be misaligned if
6037 * it's at the end of the segment.
6038 *
6039 * XXX we should assert this condition since as_setpagesize() logic
6040 * guarantees it.
6041 */
6046 segvn_setpgsz_align_err++;
6048 }
6054 segvn_setpgsz_anon_align_err++;
6056 }
6057 }
6062 }
6064 /* paranoid check */
6068 }
6073 }
6075 /*
6076 * Check that protections are the same within new page
6077 * size boundaries.
6078 */
6084 }
6088 }
6089 }
6090 }
6091 }
6093 /*
6094 * Since we are changing page size we first have to flush
6095 * the cache. This makes sure all the pagelock calls have
6096 * to recheck protections.
6097 */
6101 /*
6102 * If this is shared segment non 0 softlockcnt
6103 * means locked pages are still in use.
6104 */
6107 }
6109 /*
6110 * Since we do have the segvn writers lock nobody can fill
6111 * the cache with entries belonging to this seg during
6112 * the purge. The flush either succeeds or we still have
6113 * pending I/Os.
6114 */
6118 }
6119 }
6125 HAT_REGION_TEXT);
6134 }
6136 /*
6137 * Operation for sub range of existing segment.
6138 */
6145 }
6148 }
6150 }
6154 /* eaddr is szc aligned */
6156 }
6158 }
6160 /* eaddr is szc aligned */
6162 }
6164 }
6166 /*
6167 * Break any low level sharing and reset seg->s_szc to 0.
6168 */
6172 }
6174 }
6177 /*
6178 * If the end of the current segment is not pgsz aligned
6179 * then attempt to concatenate with the next segment.
6180 */
6185 }
6188 }
6191 /*
6192 * If this is shared segment non 0 softlockcnt
6193 * means locked pages are still in use.
6194 */
6197 }
6201 }
6202 }
6206 }
6209 }
6214 }
6217 }
6219 }
6221 /*
6222 * May need to re-align anon array to
6223 * new szc.
6224 */
6237 }
6243 }
6248 }
6249 }
6257 segvn_setpgsz_getattr_err++;
6259 }
6261 segvn_setpgsz_eof_err++;
6263 }
6265 /*
6266 * anon_fill_cow_holes() may call VOP_GETPAGE().
6267 * don't take anon map lock here to avoid holding it
6268 * across VOP_GETPAGE() calls that may call back into
6269 * segvn for klsutering checks. We don't really need
6270 * anon map lock here since it's a private segment and
6271 * we hold as level lock as writers.
6272 */
6278 }
6279 }
6281 }
6289 }
6291 }
6296 }
6298 static int
6300 {
6304 pgcnt_t pages;
6324 }
6330 HAT_REGION_TEXT);
6341 }
6343 /*
6344 * do HAT_UNLOAD_UNMAP since we are changing the pagesize.
6345 * unload argument is 0 when we are freeing the segment
6346 * and unload was already done.
6347 */
6349 HAT_UNLOAD_UNMAP);
6350 }
6355 }
6360 /*
6361 * XXX anon rwlock is not really needed because this is a
6362 * private segment and we are writers.
6363 */
6373 }
6380 }
6384 }
6389 }
6394 }
6397 ANON_SLEEP);
6399 }
6400 }
6402 }
6406 out:
6409 }
6411 static int
6415 u_offset_t off,
6416 ulong_t anon_idx,
6417 uint_t prot)
6418 {
6432 anoff_t aoff;
6452 }
6455 }
6464 }
6467 }
6472 }
6475 }
6480 }
6486 /* Find each large page within ppa, and adjust its claim */
6488 /* Does ppa cover a single large page? */
6492 else
6499 else
6503 }
6504 }
6509 }
6513 }
6515 /*
6516 * Returns right (upper address) segment if split occurred.
6517 * If the address is equal to the beginning or end of its segment it returns
6518 * the current segment.
6519 */
6522 {
6558 /*
6559 * The offset for an anonymous segment has no signifigance in
6560 * terms of an offset into a file. If we were to use the above
6561 * calculation instead, the structures read out of
6562 * /proc/<pid>/xmap would be more difficult to decipher since
6563 * it would be unclear whether two seemingly contiguous
6564 * prxmap_t structures represented different segments or a
6565 * single segment that had been split up into multiple prxmap_t
6566 * structures (e.g. if some part of the segment had not yet
6567 * been faulted in).
6568 */
6570 }
6587 }
6619 }
6621 /*
6622 * Split the amount of swap reserved.
6623 */
6625 /*
6626 * For MAP_NORESERVE, only allocate swap reserve for pages
6627 * being used. Other segments get enough to cover whole
6628 * segment.
6629 */
6650 }
6651 }
6652 }
6655 }
6657 /*
6658 * called on memory operations (unmap, setprot, setpagesize) for a subset
6659 * of a large page segment to either demote the memory range (SDR_RANGE)
6660 * or the ends (SDR_END) by addr/len.
6661 *
6662 * returns 0 on success. returns errno, including ENOMEM, on failure.
6663 */
6664 static int
6667 caddr_t addr,
6670 uint_t szcvec)
6671 {
6681 uint_t tszcvec;
6696 /* demote entire range */
6720 }
6721 }
6729 }
6740 }
6746 caddr_t te;
6757 }
6767 }
6771 }
6772 }
6773 }
6782 }
6800 }
6801 }
6804 }
6806 static int
6808 {
6815 /*
6816 * If segment protection can be used, simply check against them.
6817 */
6824 }
6826 /*
6827 * Have to check down to the vpage level.
6828 */
6834 }
6835 }
6838 }
6840 static int
6842 {
6858 pgno--;
6861 }
6863 }
6865 }
6867 static u_offset_t
6869 {
6875 }
6877 /*ARGSUSED*/
6878 static int
6880 {
6886 MAP_INITDATA)));
6887 }
6889 /*ARGSUSED*/
6890 static int
6892 {
6899 }
6901 /*
6902 * Check to see if it makes sense to do kluster/read ahead to
6903 * addr + delta relative to the mapping at addr. We assume here
6904 * that delta is a signed PAGESIZE'd multiple (which can be negative).
6905 *
6906 * For segvn, we currently "approve" of the action if we are
6907 * still in the segment and it maps from the same vp/off,
6908 * or if the advice stored in segvn_data or vpages allows it.
6909 * Currently, klustering is not allowed only if MADV_RANDOM is set.
6910 */
6911 static int
6913 {
6916 ssize_t pd;
6933 /*
6934 * Check to see if either of the pages addr or addr + delta
6935 * have advice set that prevents klustering (if MADV_RANDOM advice
6936 * is set for entire segment, or MADV_SEQUENTIAL is set and delta
6937 * is negative).
6938 */
6953 }
6972 }
6976 }
6978 /*
6979 * Now we know we have two anon pointers - check to
6980 * see if they happen to be properly allocated.
6981 */
6983 /*
6984 * XXX We cheat here and don't lock the anon slots. We can't because
6985 * we may have been called from the anon layer which might already
6986 * have locked them. We are holding a refcnt on the slots so they
6987 * can't disappear. The worst that will happen is we'll get the wrong
6988 * names (vp, off) for the slots and make a poor klustering decision.
6989 */
6997 }
6999 /*
7000 * Swap the pages of seg out to secondary storage, returning the
7001 * number of bytes of storage freed.
7002 *
7003 * The basic idea is first to unload all translations and then to call
7004 * VOP_PUTPAGE() for all newly-unmapped pages, to push them out to the
7005 * swap device. Pages to which other segments have mappings will remain
7006 * mapped and won't be swapped. Our caller (as_swapout) has already
7007 * performed the unloading step.
7008 *
7009 * The value returned is intended to correlate well with the process's
7010 * memory requirements. However, there are some caveats:
7011 * 1) When given a shared segment as argument, this routine will
7012 * only succeed in swapping out pages for the last sharer of the
7013 * segment. (Previous callers will only have decremented mapping
7014 * reference counts.)
7015 * 2) We assume that the hat layer maintains a large enough translation
7016 * cache to capture process reference patterns.
7017 */
7018 static size_t
7020 {
7024 pgcnt_t npages;
7025 pgcnt_t page;
7026 ulong_t anon_index;
7031 /*
7032 * Find pages unmapped by our caller and force them
7033 * out to the virtual swap device.
7034 */
7042 u_offset_t off;
7043 anon_sync_obj_t cookie;
7045 /*
7046 * Obtain <vp, off> pair for the page, then look it up.
7047 *
7048 * Note that this code is willing to consider regular
7049 * pages as well as anon pages. Is this appropriate here?
7050 */
7058 }
7065 }
7071 }
7075 }
7082 /*
7083 * Examine the page to see whether it can be tossed out,
7084 * keeping track of how many we've found.
7085 */
7087 /*
7088 * If the page has an i/o lock and no mappings,
7089 * it's very likely that the page is being
7090 * written out as a result of klustering.
7091 * Assume this is so and take credit for it here.
7092 */
7095 pgcnt++;
7098 }
7101 }
7105 /*
7106 * Skip if page is locked or has mappings.
7107 * We don't need the page_struct_lock to look at lckcnt
7108 * and cowcnt because the page is exclusive locked.
7109 */
7114 }
7116 /*
7117 * dispose skips large pages so try to demote first.
7118 */
7121 /*
7122 * XXX should skip the remaining page_t's of this
7123 * large page.
7124 */
7126 }
7130 /*
7131 * No longer mapped -- we can toss it out. How
7132 * we do so depends on whether or not it's dirty.
7133 */
7135 /*
7136 * We must clean the page before it can be
7137 * freed. Setting B_FREE will cause pvn_done
7138 * to free the page when the i/o completes.
7139 * XXX: This also causes it to be accounted
7140 * as a pageout instead of a swap: need
7141 * B_SWAPOUT bit to use instead of B_FREE.
7142 *
7143 * Hold the vnode before releasing the page lock
7144 * to prevent it from being freed and re-used by
7145 * some other thread.
7146 */
7150 /*
7151 * Queue all i/o requests for the pageout thread
7152 * to avoid saturating the pageout devices.
7153 */
7157 /*
7158 * The page was clean, free it.
7159 *
7160 * XXX: Can we ever encounter modified pages
7161 * with no associated vnode here?
7162 */
7164 /*LINTED: constant in conditional context*/
7166 }
7168 /*
7169 * Credit now even if i/o is in progress.
7170 */
7171 pgcnt++;
7172 }
7175 /*
7176 * Wakeup pageout to initiate i/o on all queued requests.
7177 */
7180 }
7182 /*
7183 * Synchronize primary storage cache with real object in virtual memory.
7184 *
7185 * XXX - Anonymous pages should not be sync'ed out at all.
7186 */
7187 static int
7189 {
7193 u_offset_t offset;
7195 u_offset_t off;
7196 caddr_t eaddr;
7202 ulong_t anon_index;
7205 anon_sync_obj_t cookie;
7212 /*
7213 * If this is shared segment non 0 softlockcnt
7214 * means locked pages are still in use.
7215 */
7219 }
7221 /*
7222 * flush all pages from seg cache
7223 * otherwise we may deadlock in swap_putpage
7224 * for B_INVAL page (4175402).
7225 *
7226 * Even if we grab segvn WRITER's lock
7227 * here, there might be another thread which could've
7228 * successfully performed lookup/insert just before
7229 * we acquired the lock here. So, grabbing either
7230 * lock here is of not much use. Until we devise
7231 * a strategy at upper layers to solve the
7232 * synchronization issues completely, we expect
7233 * applications to handle this appropriately.
7234 */
7239 }
7242 /*
7243 * Try to purge this amp's entries from pcache. It will
7244 * succeed only if other segments that share the amp have no
7245 * outstanding softlock's.
7246 */
7251 }
7252 }
7263 /*
7264 * We are done if the segment types don't match
7265 * or if we have segment level protections and
7266 * they don't match.
7267 */
7271 }
7276 }
7284 /*
7285 * No attributes, no anonymous pages and MS_INVALIDATE flag
7286 * is not on, just use one big request.
7287 */
7292 }
7308 }
7314 }
7323 vpp++;
7324 }
7327 }
7328 }
7330 /*
7331 * See if any of these pages are locked -- if so, then we
7332 * will have to truncate an invalidate request at the first
7333 * locked one. We don't need the page_struct_lock to test
7334 * as this is only advisory; even if we acquire it someone
7335 * might race in and lock the page after we unlock and before
7336 * we do the PUTPAGE, then PUTPAGE simply does nothing.
7337 */
7344 }
7349 /*
7350 * swapfs VN_DISPOSE() won't
7351 * invalidate large pages.
7352 * Attempt to demote.
7353 * XXX can't help it if it
7354 * fails. But for swapfs
7355 * pages it is no big deal.
7356 */
7358 pp);
7359 }
7360 }
7362 }
7364 /*
7365 * Avoid writing out to disk ISM's large pages
7366 * because segspt_free_pages() relies on NULL an_pvp
7367 * of anon slots of such pages.
7368 */
7371 /*
7372 * swapfs uses page_lookup_nowait if not freeing or
7373 * invalidating and skips a page if
7374 * page_lookup_nowait returns NULL.
7375 */
7379 }
7383 }
7385 /*
7386 * Note ISM pages are created large so (vp, off)'s
7387 * page cannot suddenly become large after we unlock
7388 * pp.
7389 */
7391 }
7392 /*
7393 * XXX - Should ultimately try to kluster
7394 * calls to VOP_PUTPAGE() for performance.
7395 */
7404 }
7407 }
7409 /*
7410 * Determine if we have data corresponding to pages in the
7411 * primary storage virtual memory cache (i.e., "in core").
7412 */
7413 static size_t
7415 {
7423 uint_t start;
7426 uint_t attr;
7427 anon_sync_obj_t cookie;
7436 }
7448 /* Grab the vnode/offset for the anon slot */
7455 }
7458 }
7460 /* A page exists for the anon slot */
7463 /*
7464 * If page is mapped and writable
7465 */
7470 }
7471 /*
7472 * Don't get page_struct lock for lckcnt and cowcnt,
7473 * since this is purely advisory.
7474 */
7482 }
7483 }
7485 /* Gather vnode statistics */
7490 /*
7491 * Try to obtain a "shared" lock on the page
7492 * without blocking. If this fails, determine
7493 * if the page is in memory.
7494 */
7497 /* Page is incore, and is named */
7499 }
7500 /*
7501 * Don't get page_struct lock for lckcnt and cowcnt,
7502 * since this is purely advisory.
7503 */
7511 }
7512 }
7514 /* Gather virtual page information */
7518 vpp++;
7519 }
7522 }
7525 }
7527 /*
7528 * Statement for p_cowcnts/p_lckcnts.
7529 *
7530 * p_cowcnt is updated while mlock/munlocking MAP_PRIVATE and PROT_WRITE region
7531 * irrespective of the following factors or anything else:
7532 *
7533 * (1) anon slots are populated or not
7534 * (2) cow is broken or not
7535 * (3) refcnt on ap is 1 or greater than 1
7536 *
7537 * If it's not MAP_PRIVATE and PROT_WRITE, p_lckcnt is updated during mlock
7538 * and munlock.
7539 *
7540 *
7541 * Handling p_cowcnts/p_lckcnts during copy-on-write fault:
7542 *
7543 * if vpage has PROT_WRITE
7544 * transfer cowcnt on the oldpage -> cowcnt on the newpage
7545 * else
7546 * transfer lckcnt on the oldpage -> lckcnt on the newpage
7547 *
7548 * During copy-on-write, decrement p_cowcnt on the oldpage and increment
7549 * p_cowcnt on the newpage *if* the corresponding vpage has PROT_WRITE.
7550 *
7551 * We may also break COW if softlocking on read access in the physio case.
7552 * In this case, vpage may not have PROT_WRITE. So, we need to decrement
7553 * p_lckcnt on the oldpage and increment p_lckcnt on the newpage *if* the
7554 * vpage doesn't have PROT_WRITE.
7555 *
7556 *
7557 * Handling p_cowcnts/p_lckcnts during mprotect on mlocked region:
7558 *
7559 * If a MAP_PRIVATE region loses PROT_WRITE, we decrement p_cowcnt and
7560 * increment p_lckcnt by calling page_subclaim() which takes care of
7561 * availrmem accounting and p_lckcnt overflow.
7562 *
7563 * If a MAP_PRIVATE region gains PROT_WRITE, we decrement p_lckcnt and
7564 * increment p_cowcnt by calling page_addclaim() which takes care of
7565 * availrmem availability and p_cowcnt overflow.
7566 */
7568 /*
7569 * Lock down (or unlock) pages mapped by this segment.
7570 *
7571 * XXX only creates PAGESIZE pages if anon slots are not initialized.
7572 * At fault time they will be relocated into larger pages.
7573 */
7574 static int
7577 {
7582 u_offset_t offset;
7583 u_offset_t off;
7588 ulong_t anon_index;
7592 anon_sync_obj_t cookie;
7601 /*
7602 * Hold write lock on address space because may split or concatenate
7603 * segments
7604 */
7607 /*
7608 * If this is a shm, use shm's project and zone, else use
7609 * project and zone of calling process
7610 */
7612 /* Determine if this segment backs a sysV shm */
7619 }
7626 /*
7627 * We are done if the segment types don't match
7628 * or if we have segment level protections and
7629 * they don't match.
7630 */
7634 }
7638 }
7639 }
7649 }
7650 }
7652 /*
7653 * If we're locking, then we must create a vpage structure if
7654 * none exists. If we're unlocking, then check to see if there
7655 * is a vpage -- if not, then we could not have locked anything.
7656 */
7664 }
7665 }
7667 /*
7668 * The anonymous data vector (i.e., previously
7669 * unreferenced mapping to swap space) can be allocated
7670 * by lazily testing for its existence.
7671 */
7676 }
7680 }
7688 /* determine number of unlocked bytes in range for lock operation */
7693 vpp++) {
7696 }
7699 anon_sync_obj_t i_cookie;
7702 u_offset_t i_off;
7704 /* Only count sysV pages once for locked memory */
7714 }
7724 }
7726 }
7730 chargeproc);
7738 }
7739 }
7740 /*
7741 * Loop over all pages in the range. Process if we're locking and
7742 * page has not already been locked in this mapping; or if we're
7743 * unlocking and the page has been locked.
7744 */
7753 /*
7754 * If this isn't a MAP_NORESERVE segment and
7755 * we're locking, allocate anon slots if they
7756 * don't exist. The page is brought in later on.
7757 */
7774 }
7780 }
7782 }
7784 /*
7785 * Get name for page, accounting for
7786 * existence of private copy.
7787 */
7800 }
7803 }
7807 }
7811 }
7813 /*
7814 * Get page frame. It's ok if the page is
7815 * not available when we're unlocking, as this
7816 * may simply mean that a page we locked got
7817 * truncated out of existence after we locked it.
7818 *
7819 * Invoke VOP_GETPAGE() to obtain the page struct
7820 * since we may need to read it from disk if its
7821 * been paged out.
7822 */
7838 }
7840 /*
7841 * If the error is EDEADLK then we must bounce
7842 * up and drop all vm subsystem locks and then
7843 * retry the operation later
7844 * This behavior is a temporary measure because
7845 * ufs/sds logging is badly designed and will
7846 * deadlock if we don't allow this bounce to
7847 * happen. The real solution is to re-design
7848 * the logging code to work properly. See bug
7849 * 4125102 for details of the problem.
7850 */
7854 }
7855 /*
7856 * Quit if we fail to fault in the page. Treat
7857 * the failure as an error, unless the addr
7858 * is mapped beyond the end of a file.
7859 */
7866 }
7871 }
7877 }
7880 }
7882 /*
7883 * See Statement at the beginning of this routine.
7884 *
7885 * claim is always set if MAP_PRIVATE and PROT_WRITE
7886 * irrespective of following factors:
7887 *
7888 * (1) anon slots are populated or not
7889 * (2) cow is broken or not
7890 * (3) refcnt on ap is 1 or greater than 1
7891 *
7892 * See 4140683 for details
7893 */
7897 /*
7898 * Perform page-level operation appropriate to
7899 * operation. If locking, undo the SOFTLOCK
7900 * performed to bring the page into memory
7901 * after setting the lock. If unlocking,
7902 * and no page was found, account for the claim
7903 * separately.
7904 */
7914 }
7917 }
7919 /* locking page failed */
7923 }
7938 /* sysV pages should be locked */
7943 unlocked_bytes
7951 }
7953 }
7954 }
7955 }
7956 out:
7958 /* Credit back bytes that did not get locked */
7966 }
7969 /* Account bytes that were unlocked */
7974 chargeproc);
7977 }
7978 }
7984 }
7986 /*
7987 * Set advice from user for specified pages
7988 * There are 5 types of advice:
7989 * MADV_NORMAL - Normal (default) behavior (whatever that is)
7990 * MADV_RANDOM - Random page references
7991 * do not allow readahead or 'klustering'
7992 * MADV_SEQUENTIAL - Sequential page references
7993 * Pages previous to the one currently being
7994 * accessed (determined by fault) are 'not needed'
7995 * and are freed immediately
7996 * MADV_WILLNEED - Pages are likely to be used (fault ahead in mctl)
7997 * MADV_DONTNEED - Pages are not needed (synced out in mctl)
7998 * MADV_FREE - Contents can be discarded
7999 * MADV_ACCESS_DEFAULT- Default access
8000 * MADV_ACCESS_LWP - Next LWP will access heavily
8001 * MADV_ACCESS_MANY- Many LWPs or processes will access heavily
8002 */
8003 static int
8005 {
8011 ulong_t anon_index;
8013 lgrp_mem_policy_t policy;
8019 /*
8020 * In case of MADV_FREE, we won't be modifying any segment private
8021 * data structures; so, we only need to grab READER's lock
8022 */
8028 }
8031 }
8033 /*
8034 * Large pages are assumed to be only turned on when accesses to the
8035 * segment's address range have spatial and temporal locality. That
8036 * justifies ignoring MADV_SEQUENTIAL for large page segments.
8037 * Also, ignore advice affecting lgroup memory allocation
8038 * if don't need to do lgroup optimizations on this system
8039 */
8047 }
8051 /*
8052 * Since we are going to unload hat mappings
8053 * we first have to flush the cache. Otherwise
8054 * this might lead to system panic if another
8055 * thread is doing physio on the range whose
8056 * mappings are unloaded by madvise(3C).
8057 */
8059 /*
8060 * If this is shared segment non 0 softlockcnt
8061 * means locked pages are still in use.
8062 */
8066 }
8067 /*
8068 * Since we do have the segvn writers lock
8069 * nobody can fill the cache with entries
8070 * belonging to this seg during the purge.
8071 * The flush either succeeds or we still
8072 * have pending I/Os. In the later case,
8073 * madvise(3C) fails.
8074 */
8077 /*
8078 * Since madvise(3C) is advisory and
8079 * it's not part of UNIX98, madvise(3C)
8080 * failure here doesn't cause any hardship.
8081 * Note that we don't block in "as" layer.
8082 */
8085 }
8088 /*
8089 * Try to purge this amp's entries from pcache. It
8090 * will succeed only if other segments that share the
8091 * amp have no outstanding softlock's.
8092 */
8094 }
8095 }
8100 /*
8101 * MADV_FREE is not supported for segments with
8102 * underlying object; if anonmap is NULL, anon slots
8103 * are not yet populated and there is nothing for
8104 * us to do. As MADV_FREE is advisory, we don't
8105 * return error in either case.
8106 */
8110 }
8120 }
8122 /*
8123 * If advice is to be applied to entire segment,
8124 * use advice field in seg_data structure
8125 * otherwise use appropriate vpage entry.
8126 */
8132 /*
8133 * Set memory allocation policy for this segment
8134 */
8140 /*
8141 * For private memory, need writers lock on
8142 * address space because the segment may be
8143 * split or concatenated when changing policy
8144 */
8149 }
8153 }
8155 /*
8156 * If policy set already and it shouldn't be reapplied,
8157 * don't do anything.
8158 */
8163 /*
8164 * Mark any existing pages in given range for
8165 * migration
8166 */
8170 /*
8171 * If same policy set already or this is a shared
8172 * memory segment, don't need to try to concatenate
8173 * segment with adjacent ones.
8174 */
8178 /*
8179 * Try to concatenate this segment with previous
8180 * one and next one, since we changed policy for
8181 * this one and it may be compatible with adjacent
8182 * ones now.
8183 */
8193 /*
8194 * Drop lock for private data of current
8195 * segment before concatenating (deleting) it
8196 * and return IE_REATTACH to tell as_ctl() that
8197 * current segment has changed
8198 */
8204 }
8208 /*
8209 * unloading mapping guarantees
8210 * detection in segvn_fault
8211 */
8215 HAT_UNLOAD);
8216 /* FALLTHROUGH */
8228 }
8230 caddr_t eaddr;
8233 u_offset_t off;
8234 caddr_t oldeaddr;
8246 /*
8247 * Set memory allocation policy for portion of this
8248 * segment
8249 */
8251 /*
8252 * Align address and length of advice to page
8253 * boundaries for large pages
8254 */
8261 }
8263 /*
8264 * Check to see whether policy is set already
8265 */
8274 else
8275 already_set =
8278 /*
8279 * If policy set already and it shouldn't be reapplied,
8280 * don't do anything.
8281 */
8286 /*
8287 * For private memory, need writers lock on
8288 * address space because the segment may be
8289 * split or concatenated when changing policy
8290 */
8295 }
8297 /*
8298 * Mark any existing pages in given range for
8299 * migration
8300 */
8304 /*
8305 * Don't need to try to split or concatenate
8306 * segments, since policy is same or this is a shared
8307 * memory segment
8308 */
8317 HAT_REGION_TEXT);
8319 }
8321 /*
8322 * Split off new segment if advice only applies to a
8323 * portion of existing segment starting in middle
8324 */
8329 /*
8330 * Must flush I/O page cache
8331 * before splitting segment
8332 */
8336 /*
8337 * Split segment and return IE_REATTACH to tell
8338 * as_ctl() that current segment changed
8339 */
8344 /*
8345 * If new segment ends where old one
8346 * did, try to concatenate the new
8347 * segment with next one.
8348 */
8350 /*
8351 * Set policy for new segment
8352 */
8358 new_seg);
8365 }
8366 }
8368 /*
8369 * Split off end of existing segment if advice only
8370 * applies to a portion of segment ending before
8371 * end of the existing segment
8372 */
8374 /*
8375 * Must flush I/O page cache
8376 * before splitting segment
8377 */
8381 /*
8382 * If beginning of old segment was already
8383 * split off, use new segment to split end off
8384 * from.
8385 */
8387 /*
8388 * Split segment
8389 */
8392 /*
8393 * Set policy for new segment
8394 */
8399 /*
8400 * Split segment and return IE_REATTACH
8401 * to tell as_ctl() that current
8402 * segment changed
8403 */
8410 /*
8411 * If new segment starts where old one
8412 * did, try to concatenate it with
8413 * previous segment.
8414 */
8417 seg);
8419 /*
8420 * Drop lock for private data
8421 * of current segment before
8422 * concatenating (deleting) it
8423 */
8435 }
8436 }
8437 }
8438 }
8444 /* FALLTHROUGH */
8459 }
8460 }
8463 }
8465 /*
8466 * Create a vpage structure for this seg.
8467 */
8468 static void
8470 {
8476 /*
8477 * If no vpage structure exists, allocate one. Copy the protections
8478 * and the advice from the segment itself to the individual pages.
8479 */
8483 KM_SLEEP);
8488 }
8489 }
8490 }
8492 /*
8493 * Dump the pages belonging to this segvn segment.
8494 */
8495 static void
8497 {
8501 ulong_t anon_index;
8504 pfn_t pfn;
8506 caddr_t addr;
8517 }
8528 }
8530 /*
8531 * If pp == NULL, the page either does not exist
8532 * or is exclusively locked. So determine if it
8533 * exists before searching for it.
8534 */
8538 else
8546 }
8549 }
8553 }
8555 #ifdef DEBUG
8557 #endif
8559 #define PCACHE_SHWLIST ((page_t *)-2)
8560 #define NOPCACHE_SHWLIST ((page_t *)-1)
8562 /*
8563 * Lock/Unlock anon pages over a given range. Return shadow list. This routine
8564 * uses global segment pcache to cache shadow lists (i.e. pp arrays) of pages
8565 * to avoid the overhead of per page locking, unlocking for subsequent IOs to
8566 * the same parts of the segment. Currently shadow list creation is only
8567 * supported for pure anon segments. MAP_PRIVATE segment pcache entries are
8568 * tagged with segment pointer, starting virtual address and length. This
8569 * approach for MAP_SHARED segments may add many pcache entries for the same
8570 * set of pages and lead to long hash chains that decrease pcache lookup
8571 * performance. To avoid this issue for shared segments shared anon map and
8572 * starting anon index are used for pcache entry tagging. This allows all
8573 * segments to share pcache entries for the same anon range and reduces pcache
8574 * chain's length as well as memory overhead from duplicate shadow lists and
8575 * pcache entries.
8576 *
8577 * softlockcnt field in segvn_data structure counts the number of F_SOFTLOCK'd
8578 * pages via segvn_fault() and pagelock'd pages via this routine. But pagelock
8579 * part of softlockcnt accounting is done differently for private and shared
8580 * segments. In private segment case softlock is only incremented when a new
8581 * shadow list is created but not when an existing one is found via
8582 * seg_plookup(). pcache entries have reference count incremented/decremented
8583 * by each seg_plookup()/seg_pinactive() operation. Only entries that have 0
8584 * reference count can be purged (and purging is needed before segment can be
8585 * freed). When a private segment pcache entry is purged segvn_reclaim() will
8586 * decrement softlockcnt. Since in private segment case each of its pcache
8587 * entries only belongs to this segment we can expect that when
8588 * segvn_pagelock(L_PAGEUNLOCK) was called for all outstanding IOs in this
8589 * segment purge will succeed and softlockcnt will drop to 0. In shared
8590 * segment case reference count in pcache entry counts active locks from many
8591 * different segments so we can't expect segment purging to succeed even when
8592 * segvn_pagelock(L_PAGEUNLOCK) was called for all outstanding IOs in this
8593 * segment. To be able to determine when there're no pending pagelocks in
8594 * shared segment case we don't rely on purging to make softlockcnt drop to 0
8595 * but instead softlockcnt is incremented and decremented for every
8596 * segvn_pagelock(L_PAGELOCK/L_PAGEUNLOCK) call regardless if a new shadow
8597 * list was created or an existing one was found. When softlockcnt drops to 0
8598 * this segment no longer has any claims for pcached shadow lists and the
8599 * segment can be freed even if there're still active pcache entries
8600 * shared by this segment anon map. Shared segment pcache entries belong to
8601 * anon map and are typically removed when anon map is freed after all
8602 * processes destroy the segments that use this anon map.
8603 */
8604 static int
8607 {
8610 pgcnt_t adjustpages;
8611 pgcnt_t npages;
8612 ulong_t anon_index;
8614 uint_t error;
8616 pgcnt_t anpgcnt;
8618 caddr_t a;
8621 anon_sync_obj_t cookie;
8624 caddr_t paddr;
8625 seg_preclaim_cbfunc_t preclaim_callback;
8633 #ifdef DEBUG
8638 }
8641 }
8642 }
8643 #endif
8653 /*
8654 * for now we only support pagelock to anon memory. We would have to
8655 * check protections for vnode objects and call into the vnode driver.
8656 * That's too much for a fast path. Let the fault entry point handle
8657 * it.
8658 */
8663 }
8665 }
8670 }
8672 }
8677 }
8679 }
8682 /*
8683 * We are adjusting the pagelock region to the large page size
8684 * boundary because the unlocked part of a large page cannot
8685 * be freed anyway unless all constituent pages of a large
8686 * page are locked. Bigger regions reduce pcache chain length
8687 * and improve lookup performance. The tradeoff is that the
8688 * very first segvn_pagelock() call for a given page is more
8689 * expensive if only 1 page_t is needed for IO. This is only
8690 * an issue if pcache entry doesn't get reused by several
8691 * subsequent calls. We optimize here for the case when pcache
8692 * is heavily used by repeated IOs to the same address range.
8693 *
8694 * Note segment's page size cannot change while we are holding
8695 * as lock. And then it cannot change while softlockcnt is
8696 * not 0. This will allow us to correctly recalculate large
8697 * page size region for the matching pageunlock/reclaim call
8698 * since as_pageunlock() caller must always match
8699 * as_pagelock() call's addr and len.
8700 *
8701 * For pageunlock *ppp points to the pointer of page_t that
8702 * corresponds to the real unadjusted start address. Similar
8703 * for pagelock *ppp must point to the pointer of page_t that
8704 * corresponds to the real unadjusted start address.
8705 */
8715 /*
8716 * Align the address range of large enough requests to allow
8717 * combining of different shadow lists into 1 to reduce memory
8718 * overhead from potentially overlapping large shadow lists
8719 * (worst case is we have a 1MB IO into buffers with start
8720 * addresses separated by 4K). Alignment is only possible if
8721 * padded chunks have sufficient access permissions. Note
8722 * permissions won't change between L_PAGELOCK and
8723 * L_PAGEUNLOCK calls since non 0 softlockcnt will force
8724 * segvn_setprot() to wait until softlockcnt drops to 0. This
8725 * allows us to determine in L_PAGEUNLOCK the same range we
8726 * computed in L_PAGELOCK.
8727 *
8728 * If alignment is limited by segment ends set
8729 * sftlck_sbase/sftlck_send flags. In L_PAGELOCK case when
8730 * these flags are set bump softlockcnt_sbase/softlockcnt_send
8731 * per segment counters. In L_PAGEUNLOCK case decrease
8732 * softlockcnt_sbase/softlockcnt_send counters if
8733 * sftlck_sbase/sftlck_send flags are set. When
8734 * softlockcnt_sbase/softlockcnt_send are non 0
8735 * segvn_concat()/segvn_extend_prev()/segvn_extend_next()
8736 * won't merge the segments. This restriction combined with
8737 * restriction on segment unmapping and splitting for segments
8738 * that have non 0 softlockcnt allows L_PAGEUNLOCK to
8739 * correctly determine the same range that was previously
8740 * locked by matching L_PAGELOCK.
8741 */
8746 segvn_pglock_comb_balign);
8750 }
8760 }
8761 }
8768 }
8769 vp++;
8770 }
8774 }
8775 }
8781 segvn_pglock_comb_balign);
8786 segvn_pglock_comb_palign);
8791 }
8792 }
8797 }
8798 }
8809 }
8810 vp++;
8811 }
8814 }
8815 }
8817 }
8819 /*
8820 * For MAP_SHARED segments we create pcache entries tagged by amp and
8821 * anon index so that we can share pcache entries with other segments
8822 * that map this amp. For private segments pcache entries are tagged
8823 * with segment and virtual address.
8824 */
8834 }
8839 /*
8840 * update hat ref bits for /proc. We need to make sure
8841 * that threads tracing the ref and mod bits of the
8842 * address space get the right data.
8843 * Note: page ref and mod bits are updated at reclaim time
8844 */
8853 }
8854 }
8855 }
8857 /*
8858 * Check the shadow list entry after the last page used in
8859 * this IO request. If it's NOPCACHE_SHWLIST the shadow list
8860 * was not inserted into pcache and is not large page
8861 * adjusted. In this case call reclaim callback directly and
8862 * don't adjust the shadow list start and size for large
8863 * pages.
8864 */
8876 }
8885 }
8891 }
8896 }
8900 }
8902 /*
8903 * If someone is blocked while unmapping, we purge
8904 * segment page cache and thus reclaim pplist synchronously
8905 * without waiting for seg_pasync_thread. This speeds up
8906 * unmapping in cases where munmap(2) is called, while
8907 * raw async i/o is still in progress or where a thread
8908 * exits on data fault in a multithreaded application.
8909 */
8916 }
8919 /*
8920 * softlockcnt is not 0 and this is a
8921 * MAP_PRIVATE segment. Try to purge its
8922 * pcache entries to reduce softlockcnt.
8923 * If it drops to 0 segvn_reclaim()
8924 * will wake up a thread waiting on
8925 * unmapwait flag.
8926 *
8927 * We don't purge MAP_SHARED segments with non
8928 * 0 softlockcnt since IO is still in progress
8929 * for such segments.
8930 */
8933 }
8934 }
8939 }
8941 /* The L_PAGELOCK case ... */
8945 /*
8946 * For MAP_SHARED segments we have to check protections before
8947 * seg_plookup() since pcache entries may be shared by many segments
8948 * with potentially different page protections.
8949 */
8956 }
8958 /*
8959 * check page protections
8960 */
8961 caddr_t ea;
8969 }
8979 }
8980 }
8981 }
8982 }
8984 /*
8985 * try to find pages in segment page cache
8986 */
8993 npages);
8994 }
8997 }
9000 }
9006 }
9008 /*
9009 * For MAP_SHARED segments we already verified above that segment
9010 * protections allow this pagelock operation.
9011 */
9018 }
9024 }
9027 /*
9028 * check page protections
9029 */
9039 }
9045 }
9046 }
9047 }
9050 }
9052 /*
9053 * Only build large page adjusted shadow list if we expect to insert
9054 * it into pcache. For large enough pages it's a big overhead to
9055 * create a shadow list of the entire large page. But this overhead
9056 * should be amortized over repeated pcache hits on subsequent reuse
9057 * of this shadow list (IO into any range within this shadow list will
9058 * find it in pcache since we large page align the request for pcache
9059 * lookups). pcache performance is improved with bigger shadow lists
9060 * as it reduces the time to pcache the entire big segment and reduces
9061 * pcache chain length.
9062 */
9070 /*
9071 * Since this entry will not be inserted into the pcache, we
9072 * will not do any adjustments to the starting address or
9073 * size of the memory to be locked.
9074 */
9076 }
9082 /*
9083 * If use_pcache is 0 this shadow list is not large page adjusted.
9084 * Record this info in the last entry of shadow array so that
9085 * L_PAGEUNLOCK can determine if it should large page adjust the
9086 * address range to find the real range that was locked.
9087 */
9100 u_offset_t off;
9102 /*
9103 * Lock and unlock anon array only once per large page.
9104 * anon_array_enter() locks the root anon slot according to
9105 * a_szc which can't change while anon map is locked. We lock
9106 * anon the first time through this loop and each time we
9107 * reach anon index that corresponds to a root of a large
9108 * page.
9109 */
9114 }
9117 /*
9118 * We must never use seg_pcache for COW pages
9119 * because we might end up with original page still
9120 * lying in seg_pcache even after private page is
9121 * created. This leads to data corruption as
9122 * aio_write refers to the page still in cache
9123 * while all other accesses refer to the private
9124 * page.
9125 */
9132 }
9137 }
9147 }
9154 }
9155 }
9161 }
9164 }
9165 /*
9166 * Unlock anon if this is the last slot in a large page.
9167 */
9172 }
9174 }
9177 }
9185 npages);
9187 }
9190 }
9193 }
9197 }
9202 }
9209 np--;
9210 pplist++;
9211 }
9213 out:
9219 }
9221 /*
9222 * purge any cached pages in the I/O page cache
9223 */
9224 static void
9226 {
9229 /*
9230 * pcache is only used by pure anon segments.
9231 */
9234 }
9236 /*
9237 * For MAP_SHARED segments non 0 segment's softlockcnt means
9238 * active IO is still in progress via this segment. So we only
9239 * purge MAP_SHARED segments when their softlockcnt is 0.
9240 */
9244 }
9247 }
9248 }
9250 /*
9251 * If async argument is not 0 we are called from pcache async thread and don't
9252 * hold AS lock.
9253 */
9255 /*ARGSUSED*/
9256 static int
9259 {
9282 }
9284 np--;
9285 pplist++;
9286 }
9290 /*
9291 * If we are pcache async thread we don't hold AS lock. This means if
9292 * softlockcnt drops to 0 after the decrement below address space may
9293 * get freed. We can't allow it since after softlock derement to 0 we
9294 * still need to access as structure for possible wakeup of unmap
9295 * waiters. To prevent the disappearance of as we take this segment
9296 * segfree_syncmtx. segvn_free() also takes this mutex as a barrier to
9297 * make sure this routine completes before segment is freed.
9298 *
9299 * The second complication we have to deal with in async case is a
9300 * possibility of missed wake up of unmap wait thread. When we don't
9301 * hold as lock here we may take a_contents lock before unmap wait
9302 * thread that was first to see softlockcnt was still not 0. As a
9303 * result we'll fail to wake up an unmap wait thread. To avoid this
9304 * race we set nounmapwait flag in as structure if we drop softlockcnt
9305 * to 0 when we were called by pcache async thread. unmapwait thread
9306 * will not block if this flag is set.
9307 */
9310 }
9317 }
9321 }
9323 }
9324 }
9328 }
9330 }
9332 /*ARGSUSED*/
9333 static int
9336 {
9355 }
9357 np--;
9358 pplist++;
9359 }
9363 /*
9364 * If somebody sleeps in anonmap_purge() wake them up if a_softlockcnt
9365 * drops to 0. anon map can't be freed until a_softlockcnt drops to 0
9366 * and anonmap_purge() acquires a_purgemtx.
9367 */
9373 }
9376 }
9378 /*
9379 * get a memory ID for an addr in a given segment
9380 *
9381 * XXX only creates PAGESIZE pages if anon slots are not initialized.
9382 * At fault time they will be relocated into larger pages.
9383 */
9384 static int
9386 {
9389 ulong_t anon_index;
9391 anon_sync_obj_t cookie;
9397 }
9411 }
9427 }
9433 }
9441 }
9442 }
9444 }
9446 static int
9448 {
9452 uint_t prot;
9461 vpage++;
9462 pages--;
9466 vpage++;
9467 }
9469 }
9471 /*
9472 * Get memory allocation policy info for specified address in given segment
9473 */
9476 {
9478 ulong_t anon_index;
9481 u_offset_t vn_off;
9490 /*
9491 * Get policy info for private or shared memory
9492 */
9499 LGRP_MEM_POLICY_NEXT_SEG);
9500 }
9507 }
9510 }
9512 /*ARGSUSED*/
9513 static int
9515 {
9517 }
9519 /*
9520 * Bind text vnode segment to an amp. If we bind successfully mappings will be
9521 * established to per vnode mapping per lgroup amp pages instead of to vnode
9522 * pages. There's one amp per vnode text mapping per lgroup. Many processes
9523 * may share the same text replication amp. If a suitable amp doesn't already
9524 * exist in svntr hash table create a new one. We may fail to bind to amp if
9525 * segment is not eligible for text replication. Code below first checks for
9526 * these conditions. If binding is successful segment tr_state is set to on
9527 * and svd->amp points to the amp to use. Otherwise tr_state is set to off and
9528 * svd->amp remains as NULL.
9529 */
9530 static void
9532 {
9543 lgrp_id_t lgrp_id;
9544 lgrp_id_t olid;
9562 /*
9563 * If numa optimizations are no longer desired bail out.
9564 */
9568 }
9570 /*
9571 * Avoid creating anon maps with size bigger than the file size.
9572 * If VOP_GETATTR() call fails bail out.
9573 */
9579 }
9584 }
9586 /*
9587 * VVMEXEC may not be set yet if exec() prefaults text segment. Set
9588 * this flag now before vn_is_mapped(V_WRITE) so that MAP_SHARED
9589 * mapping that checks if trcache for this vnode needs to be
9590 * invalidated can't miss us.
9591 */
9596 }
9598 /*
9599 * Bail out if potentially MAP_SHARED writable mappings exist to this
9600 * vnode. We don't want to use old file contents from existing
9601 * replicas if this mapping was established after the original file
9602 * was changed.
9603 */
9609 }
9615 }
9617 /*
9618 * Bail out if the file or its attributes were changed after
9619 * this replication entry was created since we need to use the
9620 * latest file contents. Note that mtime test alone is not
9621 * sufficient because a user can explicitly change mtime via
9622 * utimes(2) interfaces back to the old value after modifiying
9623 * the file contents. To detect this case we also have to test
9624 * ctime which among other things records the time of the last
9625 * mtime change by utimes(2). ctime is not changed when the file
9626 * is only read or executed so we expect that typically existing
9627 * replication amp's can be used most of the time.
9628 */
9638 }
9639 /*
9640 * if off, eoff and szc match current segment we found the
9641 * existing entry we can use.
9642 */
9646 }
9647 /*
9648 * Don't create different but overlapping in file offsets
9649 * entries to avoid replication of the same file pages more
9650 * than once per lgroup.
9651 */
9658 }
9659 }
9660 /*
9661 * If we didn't find existing entry create a new one.
9662 */
9670 }
9671 #ifdef DEBUG
9672 {
9673 lgrp_id_t i;
9676 }
9677 }
9689 }
9691 again:
9692 /*
9693 * We want to pick a replica with pages on main thread's (t_tid = 1,
9694 * aka T1) lgrp. Currently text replication is only optimized for
9695 * workloads that either have all threads of a process on the same
9696 * lgrp or execute their large text primarily on main thread.
9697 */
9700 /*
9701 * In case exec() prefaults text on non main thread use
9702 * current thread lgrpid. It will become main thread anyway
9703 * soon.
9704 */
9706 }
9707 /*
9708 * Set p_tr_lgrpid to lgrpid if it hasn't been set yet. Otherwise
9709 * just set it to NLGRPS_MAX if it's different from current process T1
9710 * home lgrp. p_tr_lgrpid is used to detect if process uses text
9711 * replication and T1 new home is different from lgrp used for text
9712 * replication. When this happens asyncronous segvn thread rechecks if
9713 * segments should change lgrps used for text replication. If we fail
9714 * to set p_tr_lgrpid with atomic_cas_32 then set it to NLGRPS_MAX
9715 * without cas if it's not already NLGRPS_MAX and not equal lgrp_id
9716 * we want to use. We don't need to use cas in this case because
9717 * another thread that races in between our non atomic check and set
9718 * may only change p_tr_lgrpid to NLGRPS_MAX at this point.
9719 */
9725 olid) {
9730 }
9731 }
9734 /*
9735 * lgrp_move_thread() won't schedule async recheck after
9736 * p->p_t1_lgrpid update unless p->p_tr_lgrpid is not
9737 * LGRP_NONE. Recheck p_t1_lgrpid once now that p->p_tr_lgrpid
9738 * is not LGRP_NONE.
9739 */
9744 }
9745 }
9746 /*
9747 * If no amp was created yet for lgrp_id create a new one as long as
9748 * we have enough memory to afford it.
9749 */
9755 }
9759 }
9765 }
9770 }
9778 }
9790 fail:
9802 }
9804 }
9806 /*
9807 * Convert seg back to regular vnode mapping seg by unbinding it from its text
9808 * replication amp. This routine is most typically called when segment is
9809 * unmapped but can also be called when segment no longer qualifies for text
9810 * replication (e.g. due to protection changes). If unload_unmap is set use
9811 * HAT_UNLOAD_UNMAP flag in hat_unload_callback(). If we are the last user of
9812 * svntr free all its anon maps and remove it from the hash table.
9813 */
9814 static void
9816 {
9827 lgrp_id_t i;
9847 }
9848 }
9851 }
9854 }
9862 }
9869 }
9871 }
9875 }
9882 }
9891 }
9898 }
9900 done:
9903 }
9905 /*
9906 * This is called when a MAP_SHARED writable mapping is created to a vnode
9907 * that is currently used for execution (VVMEXEC flag is set). In this case we
9908 * need to prevent further use of existing replicas.
9909 */
9910 static void
9912 {
9920 }
9928 }
9929 }
9931 }
9933 static void
9935 {
9936 callb_cpr_t cpr_info;
9948 }
9950 segvn_update_textrepl_interval);
9961 }
9962 }
9966 static void
9968 {
9974 }
9979 segvn_update_textrepl_interval);
9980 }
9981 }
9983 static void
9985 {
9986 ulong_t hash;
10000 hash);
10001 }
10002 }
10004 }
10005 }
10007 static void
10011 ulong_t hash)
10012 {
10014 lgrp_id_t lgrp_id;
10045 }
10049 }
10051 /*
10052 * Use tryenter locking since we are locking as/seg and svntr hash
10053 * lock in reverse from syncrounous thread order.
10054 */
10059 }
10061 }
10067 }
10069 }
10079 }
10086 }
10095 }
10099 }
10100 /*
10101 * We don't need to drop the bucket lock but here we give other
10102 * threads a chance. svntr and svd can't be unlinked as long as
10103 * segment lock is held as a writer and AS held as well. After we
10104 * retake bucket lock we'll continue from where we left. We'll be able
10105 * to reach the end of either list since new entries are always added
10106 * to the beginning of the lists.
10107 */
10132 }