1/*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1990 University of Utah. 5 * Copyright (c) 1991, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * This code is derived from software contributed to Berkeley by 9 * the Systems Programming Group of the University of Utah Computer 10 * Science Department. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37#include <sys/param.h> 38#include <sys/systm.h> 39#include <sys/conf.h> 40#include <sys/lock.h> 41#include <sys/proc.h> 42#include <sys/mutex.h> 43#include <sys/mman.h> 44#include <sys/rwlock.h> 45#include <sys/sx.h> 46#include <sys/user.h> 47#include <sys/vmmeter.h> 48 49#include <vm/vm.h> 50#include <vm/vm_param.h> 51#include <vm/vm_object.h> 52#include <vm/vm_page.h> 53#include <vm/vm_pager.h> 54#include <vm/vm_phys.h> 55#include <vm/uma.h> 56 57static void dev_pager_init(void); 58static vm_object_t dev_pager_alloc(void *, vm_ooffset_t, vm_prot_t, 59 vm_ooffset_t, struct ucred *); 60static void dev_pager_dealloc(vm_object_t); 61static int dev_pager_getpages(vm_object_t, vm_page_t *, int, int *, int *); 62static void dev_pager_putpages(vm_object_t, vm_page_t *, int, int, int *); 63static boolean_t dev_pager_haspage(vm_object_t, vm_pindex_t, int *, int *); 64static void dev_pager_free_page(vm_object_t object, vm_page_t m); 65static int dev_pager_populate(vm_object_t object, vm_pindex_t pidx, 66 int fault_type, vm_prot_t, vm_pindex_t *first, vm_pindex_t *last); 67 68/* list of device pager objects */ 69static struct pagerlst dev_pager_object_list; 70/* protect list manipulation */ 71static struct mtx dev_pager_mtx; 72 73const struct pagerops devicepagerops = { 74 .pgo_kvme_type = KVME_TYPE_DEVICE, 75 .pgo_init = dev_pager_init, 76 .pgo_alloc = dev_pager_alloc, 77 .pgo_dealloc = dev_pager_dealloc, 78 .pgo_getpages = dev_pager_getpages, 79 .pgo_putpages = dev_pager_putpages, 80 .pgo_haspage = dev_pager_haspage, 81}; 82 83const struct pagerops mgtdevicepagerops = { 84 .pgo_kvme_type = KVME_TYPE_MGTDEVICE, 85 .pgo_alloc = dev_pager_alloc, 86 .pgo_dealloc = dev_pager_dealloc, 87 .pgo_getpages = dev_pager_getpages, 88 .pgo_putpages = dev_pager_putpages, 89 .pgo_haspage = dev_pager_haspage, 90 .pgo_populate = dev_pager_populate, 91}; 92 93static int old_dev_pager_ctor(void *handle, vm_ooffset_t size, vm_prot_t prot, 94 vm_ooffset_t foff, struct ucred *cred, u_short *color); 95static void old_dev_pager_dtor(void *handle); 96static int old_dev_pager_fault(vm_object_t object, vm_ooffset_t offset, 97 int prot, vm_page_t *mres); 98 99static const struct cdev_pager_ops old_dev_pager_ops = { 100 .cdev_pg_ctor = old_dev_pager_ctor, 101 .cdev_pg_dtor = old_dev_pager_dtor, 102 .cdev_pg_fault = old_dev_pager_fault 103}; 104 105static void 106dev_pager_init(void) 107{ 108 109 TAILQ_INIT(&dev_pager_object_list); 110 mtx_init(&dev_pager_mtx, "dev_pager list", NULL, MTX_DEF); 111} 112 113vm_object_t 114cdev_pager_lookup(void *handle) 115{ 116 vm_object_t object; 117 118again: 119 mtx_lock(&dev_pager_mtx); 120 object = vm_pager_object_lookup(&dev_pager_object_list, handle); 121 if (object != NULL && object->un_pager.devp.dev == NULL) { 122 msleep(&object->un_pager.devp.dev, &dev_pager_mtx, 123 PVM | PDROP, "cdplkp", 0); 124 vm_object_deallocate(object); 125 goto again; 126 } 127 mtx_unlock(&dev_pager_mtx); 128 return (object); 129} 130 131vm_object_t 132cdev_pager_allocate(void *handle, enum obj_type tp, 133 const struct cdev_pager_ops *ops, vm_ooffset_t size, vm_prot_t prot, 134 vm_ooffset_t foff, struct ucred *cred) 135{ 136 vm_object_t object; 137 vm_pindex_t pindex; 138 139 if (tp != OBJT_DEVICE && tp != OBJT_MGTDEVICE) 140 return (NULL); 141 KASSERT(tp == OBJT_MGTDEVICE || ops->cdev_pg_populate == NULL, 142 ("populate on unmanaged device pager")); 143 144 /* 145 * Offset should be page aligned. 146 */ 147 if (foff & PAGE_MASK) 148 return (NULL); 149 150 /* 151 * Treat the mmap(2) file offset as an unsigned value for a 152 * device mapping. This, in effect, allows a user to pass all 153 * possible off_t values as the mapping cookie to the driver. At 154 * this point, we know that both foff and size are a multiple 155 * of the page size. Do a check to avoid wrap. 156 */ 157 size = round_page(size); 158 pindex = OFF_TO_IDX(foff) + OFF_TO_IDX(size); 159 if (pindex > OBJ_MAX_SIZE || pindex < OFF_TO_IDX(foff) || 160 pindex < OFF_TO_IDX(size)) 161 return (NULL); 162 163again: 164 mtx_lock(&dev_pager_mtx); 165 166 /* 167 * Look up pager, creating as necessary. 168 */ 169 object = vm_pager_object_lookup(&dev_pager_object_list, handle); 170 if (object == NULL) { 171 vm_object_t object1; 172 173 /* 174 * Allocate object and associate it with the pager. Initialize 175 * the object's pg_color based upon the physical address of the 176 * device's memory. 177 */ 178 mtx_unlock(&dev_pager_mtx); 179 object1 = vm_object_allocate(tp, pindex); 180 mtx_lock(&dev_pager_mtx); 181 object = vm_pager_object_lookup(&dev_pager_object_list, handle); 182 if (object != NULL) { 183 object1->type = OBJT_DEAD; 184 vm_object_deallocate(object1); 185 object1 = NULL; 186 if (object->un_pager.devp.dev == NULL) { 187 msleep(&object->un_pager.devp.dev, 188 &dev_pager_mtx, PVM | PDROP, "cdplkp", 0); 189 vm_object_deallocate(object); 190 goto again; 191 } 192 193 /* 194 * We raced with other thread while allocating object. 195 */ 196 if (pindex > object->size) 197 object->size = pindex; 198 KASSERT(object->type == tp, 199 ("Inconsistent device pager type %p %d", 200 object, tp)); 201 KASSERT(object->un_pager.devp.ops == ops, 202 ("Inconsistent devops %p %p", object, ops)); 203 } else { 204 u_short color; 205 206 object = object1; 207 object1 = NULL; 208 object->handle = handle; 209 object->un_pager.devp.ops = ops; 210 TAILQ_INIT(&object->un_pager.devp.devp_pglist); 211 TAILQ_INSERT_TAIL(&dev_pager_object_list, object, 212 pager_object_list); 213 mtx_unlock(&dev_pager_mtx); 214 if (ops->cdev_pg_populate != NULL) 215 vm_object_set_flag(object, OBJ_POPULATE); 216 if (ops->cdev_pg_ctor(handle, size, prot, foff, 217 cred, &color) != 0) { 218 mtx_lock(&dev_pager_mtx); 219 TAILQ_REMOVE(&dev_pager_object_list, object, 220 pager_object_list); 221 wakeup(&object->un_pager.devp.dev); 222 mtx_unlock(&dev_pager_mtx); 223 object->type = OBJT_DEAD; 224 vm_object_deallocate(object); 225 object = NULL; 226 mtx_lock(&dev_pager_mtx); 227 } else { 228 mtx_lock(&dev_pager_mtx); 229 object->flags |= OBJ_COLORED; 230 object->pg_color = color; 231 object->un_pager.devp.dev = handle; 232 wakeup(&object->un_pager.devp.dev); 233 } 234 } 235 MPASS(object1 == NULL); 236 } else { 237 if (object->un_pager.devp.dev == NULL) { 238 msleep(&object->un_pager.devp.dev, 239 &dev_pager_mtx, PVM | PDROP, "cdplkp", 0); 240 vm_object_deallocate(object); 241 goto again; 242 } 243 if (pindex > object->size) 244 object->size = pindex; 245 KASSERT(object->type == tp, 246 ("Inconsistent device pager type %p %d", object, tp)); 247 } 248 mtx_unlock(&dev_pager_mtx); 249 return (object); 250} 251 252static vm_object_t 253dev_pager_alloc(void *handle, vm_ooffset_t size, vm_prot_t prot, 254 vm_ooffset_t foff, struct ucred *cred) 255{ 256 257 return (cdev_pager_allocate(handle, OBJT_DEVICE, &old_dev_pager_ops, 258 size, prot, foff, cred)); 259} 260 261void 262cdev_pager_free_page(vm_object_t object, vm_page_t m) 263{ 264 265 VM_OBJECT_ASSERT_WLOCKED(object); 266 if (object->type == OBJT_MGTDEVICE) { 267 KASSERT((m->oflags & VPO_UNMANAGED) == 0, ("unmanaged %p", m)); 268 pmap_remove_all(m); 269 (void)vm_page_remove(m); 270 } else if (object->type == OBJT_DEVICE) 271 dev_pager_free_page(object, m); 272} 273 274static void 275dev_pager_free_page(vm_object_t object, vm_page_t m) 276{ 277 278 VM_OBJECT_ASSERT_WLOCKED(object); 279 KASSERT((object->type == OBJT_DEVICE && 280 (m->oflags & VPO_UNMANAGED) != 0), 281 ("Managed device or page obj %p m %p", object, m)); 282 TAILQ_REMOVE(&object->un_pager.devp.devp_pglist, m, plinks.q); 283 vm_page_putfake(m); 284} 285 286static void 287dev_pager_dealloc(vm_object_t object) 288{ 289 vm_page_t m; 290 291 VM_OBJECT_WUNLOCK(object); 292 object->un_pager.devp.ops->cdev_pg_dtor(object->un_pager.devp.dev); 293 294 mtx_lock(&dev_pager_mtx); 295 TAILQ_REMOVE(&dev_pager_object_list, object, pager_object_list); 296 mtx_unlock(&dev_pager_mtx); 297 VM_OBJECT_WLOCK(object); 298 299 if (object->type == OBJT_DEVICE) { 300 /* 301 * Free up our fake pages. 302 */ 303 while ((m = TAILQ_FIRST(&object->un_pager.devp.devp_pglist)) 304 != NULL) { 305 if (vm_page_busy_acquire(m, VM_ALLOC_WAITFAIL) == 0) 306 continue; 307 308 dev_pager_free_page(object, m); 309 } 310 } 311 object->handle = NULL; 312 object->type = OBJT_DEAD; 313} 314 315static int 316dev_pager_getpages(vm_object_t object, vm_page_t *ma, int count, int *rbehind, 317 int *rahead) 318{ 319 int error; 320 321 /* Since our haspage reports zero after/before, the count is 1. */ 322 KASSERT(count == 1, ("%s: count %d", __func__, count)); 323 if (object->un_pager.devp.ops->cdev_pg_fault == NULL) 324 return (VM_PAGER_FAIL); 325 VM_OBJECT_WLOCK(object); 326 error = object->un_pager.devp.ops->cdev_pg_fault(object, 327 IDX_TO_OFF(ma[0]->pindex), PROT_READ, &ma[0]); 328 329 VM_OBJECT_ASSERT_WLOCKED(object); 330 331 if (error == VM_PAGER_OK) { 332 KASSERT((object->type == OBJT_DEVICE && 333 (ma[0]->oflags & VPO_UNMANAGED) != 0) || 334 (object->type == OBJT_MGTDEVICE && 335 (ma[0]->oflags & VPO_UNMANAGED) == 0), 336 ("Wrong page type %p %p", ma[0], object)); 337 if (object->type == OBJT_DEVICE) { 338 TAILQ_INSERT_TAIL(&object->un_pager.devp.devp_pglist, 339 ma[0], plinks.q); 340 } 341 if (rbehind) 342 *rbehind = 0; 343 if (rahead) 344 *rahead = 0; 345 } 346 VM_OBJECT_WUNLOCK(object); 347 348 return (error); 349} 350 351static int 352dev_pager_populate(vm_object_t object, vm_pindex_t pidx, int fault_type, 353 vm_prot_t max_prot, vm_pindex_t *first, vm_pindex_t *last) 354{ 355 356 VM_OBJECT_ASSERT_WLOCKED(object); 357 if (object->un_pager.devp.ops->cdev_pg_populate == NULL) 358 return (VM_PAGER_FAIL); 359 return (object->un_pager.devp.ops->cdev_pg_populate(object, pidx, 360 fault_type, max_prot, first, last)); 361} 362 363static int 364old_dev_pager_fault(vm_object_t object, vm_ooffset_t offset, int prot, 365 vm_page_t *mres) 366{ 367 vm_paddr_t paddr; 368 vm_page_t m_paddr, page; 369 struct cdev *dev; 370 struct cdevsw *csw; 371 struct file *fpop; 372 struct thread *td; 373 vm_memattr_t memattr, memattr1; 374 int ref, ret; 375 376 memattr = object->memattr; 377 378 VM_OBJECT_WUNLOCK(object); 379 380 dev = object->handle; 381 csw = dev_refthread(dev, &ref); 382 if (csw == NULL) { 383 VM_OBJECT_WLOCK(object); 384 return (VM_PAGER_FAIL); 385 } 386 td = curthread; 387 fpop = td->td_fpop; 388 td->td_fpop = NULL; 389 ret = csw->d_mmap(dev, offset, &paddr, prot, &memattr); 390 td->td_fpop = fpop; 391 dev_relthread(dev, ref); 392 if (ret != 0) { 393 printf( 394 "WARNING: dev_pager_getpage: map function returns error %d", ret); 395 VM_OBJECT_WLOCK(object); 396 return (VM_PAGER_FAIL); 397 } 398 399 /* If "paddr" is a real page, perform a sanity check on "memattr". */ 400 if ((m_paddr = vm_phys_paddr_to_vm_page(paddr)) != NULL && 401 (memattr1 = pmap_page_get_memattr(m_paddr)) != memattr) { 402 /* 403 * For the /dev/mem d_mmap routine to return the 404 * correct memattr, pmap_page_get_memattr() needs to 405 * be called, which we do there. 406 */ 407 if ((csw->d_flags & D_MEM) == 0) { 408 printf("WARNING: Device driver %s has set " 409 "\"memattr\" inconsistently (drv %u pmap %u).\n", 410 csw->d_name, memattr, memattr1); 411 } 412 memattr = memattr1; 413 } 414 if (((*mres)->flags & PG_FICTITIOUS) != 0) { 415 /* 416 * If the passed in result page is a fake page, update it with 417 * the new physical address. 418 */ 419 page = *mres; 420 VM_OBJECT_WLOCK(object); 421 vm_page_updatefake(page, paddr, memattr); 422 } else { 423 /* 424 * Replace the passed in reqpage page with our own fake page and 425 * free up the all of the original pages. 426 */ 427 page = vm_page_getfake(paddr, memattr); 428 VM_OBJECT_WLOCK(object); 429 vm_page_replace(page, object, (*mres)->pindex, *mres); 430 *mres = page; 431 } 432 vm_page_valid(page); 433 return (VM_PAGER_OK); 434} 435 436static void 437dev_pager_putpages(vm_object_t object, vm_page_t *m, int count, int flags, 438 int *rtvals) 439{ 440 441 panic("dev_pager_putpage called"); 442} 443 444static boolean_t 445dev_pager_haspage(vm_object_t object, vm_pindex_t pindex, int *before, 446 int *after) 447{ 448 449 if (before != NULL) 450 *before = 0; 451 if (after != NULL) 452 *after = 0; 453 return (TRUE); 454} 455 456static int 457old_dev_pager_ctor(void *handle, vm_ooffset_t size, vm_prot_t prot, 458 vm_ooffset_t foff, struct ucred *cred, u_short *color) 459{ 460 struct cdev *dev; 461 struct cdevsw *csw; 462 vm_memattr_t dummy; 463 vm_ooffset_t off; 464 vm_paddr_t paddr; 465 unsigned int npages; 466 int ref; 467 468 /* 469 * Make sure this device can be mapped. 470 */ 471 dev = handle; 472 csw = dev_refthread(dev, &ref); 473 if (csw == NULL) 474 return (ENXIO); 475 476 /* 477 * Check that the specified range of the device allows the desired 478 * protection. 479 * 480 * XXX assumes VM_PROT_* == PROT_* 481 */ 482 npages = OFF_TO_IDX(size); 483 paddr = 0; /* Make paddr initialized for the case of size == 0. */ 484 for (off = foff; npages--; off += PAGE_SIZE) { 485 if (csw->d_mmap(dev, off, &paddr, (int)prot, &dummy) != 0) { 486 dev_relthread(dev, ref); 487 return (EINVAL); 488 } 489 } 490 491 dev_ref(dev); 492 dev_relthread(dev, ref); 493 *color = atop(paddr) - OFF_TO_IDX(off - PAGE_SIZE); 494 return (0); 495} 496 497static void 498old_dev_pager_dtor(void *handle) 499{ 500 501 dev_rel(handle); 502} 503