NetBSD/sys/uvm/uvm_mmap.c

1257 lines
28 KiB
C
Raw Normal View History

/* $NetBSD: uvm_mmap.c,v 1.133 2010/06/24 13:03:20 hannken Exp $ */
/*
* Copyright (c) 1997 Charles D. Cranor and Washington University.
2001-05-25 08:06:11 +04:00
* Copyright (c) 1991, 1993 The Regents of the University of California.
* Copyright (c) 1988 University of Utah.
2001-05-25 08:06:11 +04:00
*
* All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* the Systems Programming Group of the University of Utah Computer
* Science Department.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Charles D. Cranor,
2001-05-25 08:06:11 +04:00
* Washington University, University of California, Berkeley and
* its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* from: Utah $Hdr: vm_mmap.c 1.6 91/10/21$
* @(#)vm_mmap.c 8.5 (Berkeley) 5/19/94
1998-02-07 14:07:38 +03:00
* from: Id: uvm_mmap.c,v 1.1.2.14 1998/01/05 21:04:26 chuck Exp
*/
/*
* uvm_mmap.c: system call interface into VM system, plus kernel vm_mmap
* function.
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: uvm_mmap.c,v 1.133 2010/06/24 13:03:20 hannken Exp $");
#include "opt_compat_netbsd.h"
#include "opt_pax.h"
#include "veriexec.h"
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/file.h>
#include <sys/filedesc.h>
#include <sys/resourcevar.h>
#include <sys/mman.h>
#include <sys/mount.h>
#include <sys/proc.h>
#include <sys/malloc.h>
#include <sys/vnode.h>
#include <sys/conf.h>
#include <sys/stat.h>
#if NVERIEXEC > 0
#include <sys/verified_exec.h>
#endif /* NVERIEXEC > 0 */
#ifdef PAX_MPROTECT
#include <sys/pax.h>
#endif /* PAX_MPROTECT */
#include <miscfs/specfs/specdev.h>
#include <sys/syscallargs.h>
#include <uvm/uvm.h>
#include <uvm/uvm_device.h>
#ifndef COMPAT_ZERODEV
2004-02-14 19:40:22 +03:00
#define COMPAT_ZERODEV(dev) (0)
#endif
2007-09-23 20:05:40 +04:00
static int
range_test(vaddr_t addr, vsize_t size, bool ismmap)
{
vaddr_t vm_min_address = VM_MIN_ADDRESS;
vaddr_t vm_max_address = VM_MAXUSER_ADDRESS;
vaddr_t eaddr = addr + size;
if (addr < vm_min_address)
return EINVAL;
if (eaddr > vm_max_address)
return ismmap ? EFBIG : EINVAL;
if (addr > eaddr) /* no wrapping! */
return ismmap ? EOVERFLOW : EINVAL;
return 0;
}
/*
* unimplemented VM system calls:
*/
/*
* sys_sbrk: sbrk system call.
*/
/* ARGSUSED */
1998-03-09 03:58:55 +03:00
int
sys_sbrk(struct lwp *l, const struct sys_sbrk_args *uap, register_t *retval)
{
/* {
syscallarg(intptr_t) incr;
} */
1998-03-09 03:58:55 +03:00
return (ENOSYS);
}
/*
* sys_sstk: sstk system call.
*/
/* ARGSUSED */
1998-03-09 03:58:55 +03:00
int
sys_sstk(struct lwp *l, const struct sys_sstk_args *uap, register_t *retval)
{
/* {
1999-05-03 13:08:28 +04:00
syscallarg(int) incr;
} */
1998-03-09 03:58:55 +03:00
return (ENOSYS);
}
/*
* sys_mincore: determine if pages are in core or not.
*/
/* ARGSUSED */
1998-03-09 03:58:55 +03:00
int
2009-05-30 08:26:16 +04:00
sys_mincore(struct lwp *l, const struct sys_mincore_args *uap,
register_t *retval)
{
/* {
syscallarg(void *) addr;
1999-05-03 13:08:28 +04:00
syscallarg(size_t) len;
syscallarg(char *) vec;
} */
2003-01-18 11:51:40 +03:00
struct proc *p = l->l_proc;
a whole bunch of changes to improve performance and robustness under load: - remove special treatment of pager_map mappings in pmaps. this is required now, since I've removed the globals that expose the address range. pager_map now uses pmap_kenter_pa() instead of pmap_enter(), so there's no longer any need to special-case it. - eliminate struct uvm_vnode by moving its fields into struct vnode. - rewrite the pageout path. the pager is now responsible for handling the high-level requests instead of only getting control after a bunch of work has already been done on its behalf. this will allow us to UBCify LFS, which needs tighter control over its pages than other filesystems do. writing a page to disk no longer requires making it read-only, which allows us to write wired pages without causing all kinds of havoc. - use a new PG_PAGEOUT flag to indicate that a page should be freed on behalf of the pagedaemon when it's unlocked. this flag is very similar to PG_RELEASED, but unlike PG_RELEASED, PG_PAGEOUT can be cleared if the pageout fails due to eg. an indirect-block buffer being locked. this allows us to remove the "version" field from struct vm_page, and together with shrinking "loan_count" from 32 bits to 16, struct vm_page is now 4 bytes smaller. - no longer use PG_RELEASED for swap-backed pages. if the page is busy because it's being paged out, we can't release the swap slot to be reallocated until that write is complete, but unlike with vnodes we don't keep a count of in-progress writes so there's no good way to know when the write is done. instead, when we need to free a busy swap-backed page, just sleep until we can get it busy ourselves. - implement a fast-path for extending writes which allows us to avoid zeroing new pages. this substantially reduces cpu usage. - encapsulate the data used by the genfs code in a struct genfs_node, which must be the first element of the filesystem-specific vnode data for filesystems which use genfs_{get,put}pages(). - eliminate many of the UVM pagerops, since they aren't needed anymore now that the pager "put" operation is a higher-level operation. - enhance the genfs code to allow NFS to use the genfs_{get,put}pages instead of a modified copy. - clean up struct vnode by removing all the fields that used to be used by the vfs_cluster.c code (which we don't use anymore with UBC). - remove kmem_object and mb_object since they were useless. instead of allocating pages to these objects, we now just allocate pages with no object. such pages are mapped in the kernel until they are freed, so we can use the mapping to find the page to free it. this allows us to remove splvm() protection in several places. The sum of all these changes improves write throughput on my decstation 5000/200 to within 1% of the rate of NetBSD 1.5 and reduces the elapsed time for "make release" of a NetBSD 1.5 source tree on my 128MB pc to 10% less than a 1.5 kernel took.
2001-09-16 00:36:31 +04:00
struct vm_page *pg;
char *vec, pgi;
struct uvm_object *uobj;
struct vm_amap *amap;
struct vm_anon *anon;
struct vm_map_entry *entry;
vaddr_t start, end, lim;
struct vm_map *map;
vsize_t len;
int error = 0, npgs;
map = &p->p_vmspace->vm_map;
start = (vaddr_t)SCARG(uap, addr);
len = SCARG(uap, len);
vec = SCARG(uap, vec);
if (start & PAGE_MASK)
return (EINVAL);
len = round_page(len);
end = start + len;
if (end <= start)
return (EINVAL);
/*
* Lock down vec, so our returned status isn't outdated by
* storing the status byte for a page.
*/
npgs = len >> PAGE_SHIFT;
error = uvm_vslock(p->p_vmspace, vec, npgs, VM_PROT_WRITE);
if (error) {
return error;
}
vm_map_lock_read(map);
2007-02-22 09:05:00 +03:00
if (uvm_map_lookup_entry(map, start, &entry) == false) {
error = ENOMEM;
goto out;
}
for (/* nothing */;
entry != &map->header && entry->start < end;
entry = entry->next) {
KASSERT(!UVM_ET_ISSUBMAP(entry));
KASSERT(start >= entry->start);
/* Make sure there are no holes. */
if (entry->end < end &&
(entry->next == &map->header ||
entry->next->start > entry->end)) {
error = ENOMEM;
goto out;
}
1998-03-09 03:58:55 +03:00
lim = end < entry->end ? end : entry->end;
/*
* Special case for objects with no "real" pages. Those
* are always considered resident (mapped devices).
*/
if (UVM_ET_ISOBJ(entry)) {
KASSERT(!UVM_OBJ_IS_KERN_OBJECT(entry->object.uvm_obj));
if (UVM_OBJ_IS_DEVICE(entry->object.uvm_obj)) {
for (/* nothing */; start < lim;
start += PAGE_SIZE, vec++)
subyte(vec, 1);
continue;
}
}
amap = entry->aref.ar_amap; /* upper layer */
uobj = entry->object.uvm_obj; /* lower layer */
if (amap != NULL)
amap_lock(amap);
if (uobj != NULL)
2008-01-02 14:48:20 +03:00
mutex_enter(&uobj->vmobjlock);
for (/* nothing */; start < lim; start += PAGE_SIZE, vec++) {
pgi = 0;
if (amap != NULL) {
/* Check the upper layer first. */
anon = amap_lookup(&entry->aref,
start - entry->start);
/* Don't need to lock anon here. */
if (anon != NULL && anon->an_page != NULL) {
/*
* Anon has the page for this entry
* offset.
*/
pgi = 1;
}
}
if (uobj != NULL && pgi == 0) {
/* Check the lower layer. */
a whole bunch of changes to improve performance and robustness under load: - remove special treatment of pager_map mappings in pmaps. this is required now, since I've removed the globals that expose the address range. pager_map now uses pmap_kenter_pa() instead of pmap_enter(), so there's no longer any need to special-case it. - eliminate struct uvm_vnode by moving its fields into struct vnode. - rewrite the pageout path. the pager is now responsible for handling the high-level requests instead of only getting control after a bunch of work has already been done on its behalf. this will allow us to UBCify LFS, which needs tighter control over its pages than other filesystems do. writing a page to disk no longer requires making it read-only, which allows us to write wired pages without causing all kinds of havoc. - use a new PG_PAGEOUT flag to indicate that a page should be freed on behalf of the pagedaemon when it's unlocked. this flag is very similar to PG_RELEASED, but unlike PG_RELEASED, PG_PAGEOUT can be cleared if the pageout fails due to eg. an indirect-block buffer being locked. this allows us to remove the "version" field from struct vm_page, and together with shrinking "loan_count" from 32 bits to 16, struct vm_page is now 4 bytes smaller. - no longer use PG_RELEASED for swap-backed pages. if the page is busy because it's being paged out, we can't release the swap slot to be reallocated until that write is complete, but unlike with vnodes we don't keep a count of in-progress writes so there's no good way to know when the write is done. instead, when we need to free a busy swap-backed page, just sleep until we can get it busy ourselves. - implement a fast-path for extending writes which allows us to avoid zeroing new pages. this substantially reduces cpu usage. - encapsulate the data used by the genfs code in a struct genfs_node, which must be the first element of the filesystem-specific vnode data for filesystems which use genfs_{get,put}pages(). - eliminate many of the UVM pagerops, since they aren't needed anymore now that the pager "put" operation is a higher-level operation. - enhance the genfs code to allow NFS to use the genfs_{get,put}pages instead of a modified copy. - clean up struct vnode by removing all the fields that used to be used by the vfs_cluster.c code (which we don't use anymore with UBC). - remove kmem_object and mb_object since they were useless. instead of allocating pages to these objects, we now just allocate pages with no object. such pages are mapped in the kernel until they are freed, so we can use the mapping to find the page to free it. this allows us to remove splvm() protection in several places. The sum of all these changes improves write throughput on my decstation 5000/200 to within 1% of the rate of NetBSD 1.5 and reduces the elapsed time for "make release" of a NetBSD 1.5 source tree on my 128MB pc to 10% less than a 1.5 kernel took.
2001-09-16 00:36:31 +04:00
pg = uvm_pagelookup(uobj,
entry->offset + (start - entry->start));
a whole bunch of changes to improve performance and robustness under load: - remove special treatment of pager_map mappings in pmaps. this is required now, since I've removed the globals that expose the address range. pager_map now uses pmap_kenter_pa() instead of pmap_enter(), so there's no longer any need to special-case it. - eliminate struct uvm_vnode by moving its fields into struct vnode. - rewrite the pageout path. the pager is now responsible for handling the high-level requests instead of only getting control after a bunch of work has already been done on its behalf. this will allow us to UBCify LFS, which needs tighter control over its pages than other filesystems do. writing a page to disk no longer requires making it read-only, which allows us to write wired pages without causing all kinds of havoc. - use a new PG_PAGEOUT flag to indicate that a page should be freed on behalf of the pagedaemon when it's unlocked. this flag is very similar to PG_RELEASED, but unlike PG_RELEASED, PG_PAGEOUT can be cleared if the pageout fails due to eg. an indirect-block buffer being locked. this allows us to remove the "version" field from struct vm_page, and together with shrinking "loan_count" from 32 bits to 16, struct vm_page is now 4 bytes smaller. - no longer use PG_RELEASED for swap-backed pages. if the page is busy because it's being paged out, we can't release the swap slot to be reallocated until that write is complete, but unlike with vnodes we don't keep a count of in-progress writes so there's no good way to know when the write is done. instead, when we need to free a busy swap-backed page, just sleep until we can get it busy ourselves. - implement a fast-path for extending writes which allows us to avoid zeroing new pages. this substantially reduces cpu usage. - encapsulate the data used by the genfs code in a struct genfs_node, which must be the first element of the filesystem-specific vnode data for filesystems which use genfs_{get,put}pages(). - eliminate many of the UVM pagerops, since they aren't needed anymore now that the pager "put" operation is a higher-level operation. - enhance the genfs code to allow NFS to use the genfs_{get,put}pages instead of a modified copy. - clean up struct vnode by removing all the fields that used to be used by the vfs_cluster.c code (which we don't use anymore with UBC). - remove kmem_object and mb_object since they were useless. instead of allocating pages to these objects, we now just allocate pages with no object. such pages are mapped in the kernel until they are freed, so we can use the mapping to find the page to free it. this allows us to remove splvm() protection in several places. The sum of all these changes improves write throughput on my decstation 5000/200 to within 1% of the rate of NetBSD 1.5 and reduces the elapsed time for "make release" of a NetBSD 1.5 source tree on my 128MB pc to 10% less than a 1.5 kernel took.
2001-09-16 00:36:31 +04:00
if (pg != NULL) {
/*
* Object has the page for this entry
* offset.
*/
pgi = 1;
}
}
(void) subyte(vec, pgi);
}
if (uobj != NULL)
2008-01-02 14:48:20 +03:00
mutex_exit(&uobj->vmobjlock);
if (amap != NULL)
amap_unlock(amap);
}
out:
vm_map_unlock_read(map);
uvm_vsunlock(p->p_vmspace, SCARG(uap, vec), npgs);
return (error);
}
/*
* sys_mmap: mmap system call.
*
2002-05-31 20:49:50 +04:00
* => file offset and address may not be page aligned
* - if MAP_FIXED, offset and address must have remainder mod PAGE_SIZE
* - if address isn't page aligned the mapping starts at trunc_page(addr)
* and the return value is adjusted up by the page offset.
*/
1998-03-09 03:58:55 +03:00
int
sys_mmap(struct lwp *l, const struct sys_mmap_args *uap, register_t *retval)
{
/* {
syscallarg(void *) addr;
1998-03-09 03:58:55 +03:00
syscallarg(size_t) len;
syscallarg(int) prot;
syscallarg(int) flags;
syscallarg(int) fd;
syscallarg(long) pad;
syscallarg(off_t) pos;
} */
2003-01-18 11:51:40 +03:00
struct proc *p = l->l_proc;
vaddr_t addr;
struct vattr va;
1998-03-09 03:58:55 +03:00
off_t pos;
vsize_t size, pageoff;
1998-03-09 03:58:55 +03:00
vm_prot_t prot, maxprot;
int flags, fd;
vaddr_t defaddr;
struct file *fp = NULL;
1998-03-09 03:58:55 +03:00
struct vnode *vp;
void *handle;
1998-03-09 03:58:55 +03:00
int error;
#ifdef PAX_ASLR
vaddr_t orig_addr;
#endif /* PAX_ASLR */
1998-03-09 03:58:55 +03:00
/*
* first, extract syscall args from the uap.
*/
addr = (vaddr_t)SCARG(uap, addr);
size = (vsize_t)SCARG(uap, len);
1998-03-09 03:58:55 +03:00
prot = SCARG(uap, prot) & VM_PROT_ALL;
flags = SCARG(uap, flags);
fd = SCARG(uap, fd);
pos = SCARG(uap, pos);
#ifdef PAX_ASLR
orig_addr = addr;
#endif /* PAX_ASLR */
/*
* Fixup the old deprecated MAP_COPY into MAP_PRIVATE, and
* validate the flags.
*/
if (flags & MAP_COPY)
flags = (flags & ~MAP_COPY) | MAP_PRIVATE;
if ((flags & (MAP_SHARED|MAP_PRIVATE)) == (MAP_SHARED|MAP_PRIVATE))
return (EINVAL);
1998-03-09 03:58:55 +03:00
/*
* align file position and save offset. adjust size.
*/
pageoff = (pos & PAGE_MASK);
pos -= pageoff;
size += pageoff; /* add offset */
size = (vsize_t)round_page(size); /* round up */
1998-03-09 03:58:55 +03:00
/*
2001-05-25 08:06:11 +04:00
* now check (MAP_FIXED) or get (!MAP_FIXED) the "addr"
1998-03-09 03:58:55 +03:00
*/
if (flags & MAP_FIXED) {
/* ensure address and file offset are aligned properly */
addr -= pageoff;
if (addr & PAGE_MASK)
return (EINVAL);
2007-09-23 20:05:40 +04:00
error = range_test(addr, size, true);
if (error)
return error;
} else if (addr == 0 || !(flags & MAP_TRYFIXED)) {
1998-03-09 03:58:55 +03:00
/*
* not fixed: make sure we skip over the largest
* possible heap for non-topdown mapping arrangements.
* we will refine our guess later (e.g. to account for
* VAC, etc)
1998-03-09 03:58:55 +03:00
*/
defaddr = p->p_emul->e_vm_default_addr(p,
(vaddr_t)p->p_vmspace->vm_daddr, size);
if (addr == 0 ||
!(p->p_vmspace->vm_map.flags & VM_MAP_TOPDOWN))
addr = MAX(addr, defaddr);
else
addr = MIN(addr, defaddr);
1998-03-09 03:58:55 +03:00
}
/*
* check for file mappings (i.e. not anonymous) and verify file.
*/
if ((flags & MAP_ANON) == 0) {
if ((fp = fd_getfile(fd)) == NULL)
return (EBADF);
if (fp->f_type != DTYPE_VNODE) {
fd_putfile(fd);
return (ENODEV); /* only mmap vnodes! */
}
vp = fp->f_data; /* convert to vnode */
if (vp->v_type != VREG && vp->v_type != VCHR &&
vp->v_type != VBLK) {
fd_putfile(fd);
return (ENODEV); /* only REG/CHR/BLK support mmap */
}
if (vp->v_type != VCHR && pos < 0) {
fd_putfile(fd);
return (EINVAL);
}
if (vp->v_type != VCHR && (pos + size) < pos) {
fd_putfile(fd);
return (EOVERFLOW); /* no offset wrapping */
}
1998-03-09 03:58:55 +03:00
/* special case: catch SunOS style /dev/zero */
if (vp->v_type == VCHR
&& (vp->v_rdev == zerodev || COMPAT_ZERODEV(vp->v_rdev))) {
1998-03-09 03:58:55 +03:00
flags |= MAP_ANON;
fd_putfile(fd);
fp = NULL;
1998-03-09 03:58:55 +03:00
goto is_anon;
}
/*
* Old programs may not select a specific sharing type, so
* default to an appropriate one.
*
* XXX: how does MAP_ANON fit in the picture?
*/
if ((flags & (MAP_SHARED|MAP_PRIVATE)) == 0) {
#if defined(DEBUG)
1998-03-09 03:58:55 +03:00
printf("WARNING: defaulted mmap() share type to "
"%s (pid %d command %s)\n", vp->v_type == VCHR ?
1998-03-09 03:58:55 +03:00
"MAP_SHARED" : "MAP_PRIVATE", p->p_pid,
p->p_comm);
#endif
1998-03-09 03:58:55 +03:00
if (vp->v_type == VCHR)
flags |= MAP_SHARED; /* for a device */
else
flags |= MAP_PRIVATE; /* for a file */
}
2001-05-25 08:06:11 +04:00
/*
1998-03-09 03:58:55 +03:00
* MAP_PRIVATE device mappings don't make sense (and aren't
* supported anyway). However, some programs rely on this,
* so just change it to MAP_SHARED.
*/
if (vp->v_type == VCHR && (flags & MAP_PRIVATE) != 0) {
flags = (flags & ~MAP_PRIVATE) | MAP_SHARED;
}
1998-03-09 03:58:55 +03:00
/*
* now check protection
*/
maxprot = VM_PROT_EXECUTE;
1998-03-09 03:58:55 +03:00
/* check read access */
if (fp->f_flag & FREAD)
maxprot |= VM_PROT_READ;
else if (prot & PROT_READ) {
fd_putfile(fd);
1998-03-09 03:58:55 +03:00
return (EACCES);
}
/* check write access, shared case first */
1998-03-09 03:58:55 +03:00
if (flags & MAP_SHARED) {
/*
* if the file is writable, only add PROT_WRITE to
* maxprot if the file is not immutable, append-only.
* otherwise, if we have asked for PROT_WRITE, return
* EPERM.
*/
if (fp->f_flag & FWRITE) {
if ((error =
VOP_GETATTR(vp, &va, l->l_cred))) {
fd_putfile(fd);
return (error);
}
if ((va.va_flags &
(SF_SNAPSHOT|IMMUTABLE|APPEND)) == 0)
maxprot |= VM_PROT_WRITE;
else if (prot & PROT_WRITE) {
fd_putfile(fd);
return (EPERM);
}
}
else if (prot & PROT_WRITE) {
fd_putfile(fd);
1998-03-09 03:58:55 +03:00
return (EACCES);
}
1998-03-09 03:58:55 +03:00
} else {
/* MAP_PRIVATE mappings can always write to */
maxprot |= VM_PROT_WRITE;
}
handle = vp;
1998-03-09 03:58:55 +03:00
} else { /* MAP_ANON case */
/*
* XXX What do we do about (MAP_SHARED|MAP_PRIVATE) == 0?
*/
1998-03-09 03:58:55 +03:00
if (fd != -1)
return (EINVAL);
is_anon: /* label for SunOS style /dev/zero */
1998-03-09 03:58:55 +03:00
handle = NULL;
maxprot = VM_PROT_ALL;
pos = 0;
}
Some Veriexec stuff that's been rotting in my tree for months. Bug fixes: - Fix crash reported by Scott Ellis on current-users@. - Fix race conditions in enforcing the Veriexec rename and remove policies. These are NOT security issues. - Fix memory leak in rename handling when overwriting a monitored file. - Fix table deletion logic. - Don't prevent query requests if not in learning mode. KPI updates: - fileassoc_table_run() now takes a cookie to pass to the callback. - veriexec_table_add() was removed, it is now done internally. As a result, there's no longer a need for VERIEXEC_TABLESIZE. - veriexec_report() was removed, it is now internal. - Perform sanity checks on the entry type, and enforce default type in veriexec_file_add() rather than in veriexecctl. - Add veriexec_flush(), used to delete all Veriexec tables, and veriexec_dump(), used to fill an array with all Veriexec entries. New features: - Add a '-k' flag to veriexecctl, to keep the filenames in the kernel database. This allows Veriexec to produce slightly more accurate logs under certain circumstances. In the future, this can be either replaced by vnode->pathname translation, or combined with it. - Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database. This can be used to recover a database if the file was lost. Example usage: # veriexecctl dump > /etc/signatures Note that only entries with the filename kept (that is, were loaded with the '-k' flag) will be dumped. Idea from Brett Lymn. - Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample usage: # veriexecctl flush - Add a 'veriexec_flags' rc(8) variable, and make its default have the '-k' flag. On systems using the default signatures file (generaetd from running 'veriexecgen' with no arguments), this will use additional 32kb of kernel memory on average. - Add a '-e' flag to veriexecctl, to evaluate the fingerprint during load. This is done automatically for files marked as 'untrusted'. Misc. stuff: - The code for veriexecctl was massively simplified as a result of eliminating the need for VERIEXEC_TABLESIZE, and now uses a single pass of the signatures file, making the loading somewhat faster. - Lots of minor fixes found using the (still under development) Veriexec regression testsuite. - Some of the messages Veriexec prints were improved. - Various documentation fixes. All relevant man-pages were updated to reflect the above changes. Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
#if NVERIEXEC > 0
if (handle != NULL) {
/*
* Check if the file can be executed indirectly.
*
* XXX: This gives false warnings about "Incorrect access type"
* XXX: if the mapping is not executable. Harmless, but will be
* XXX: fixed as part of other changes.
*/
if (veriexec_verify(l, handle, "(mmap)", VERIEXEC_INDIRECT,
NULL)) {
/*
* Don't allow executable mappings if we can't
* indirectly execute the file.
*/
if (prot & VM_PROT_EXECUTE) {
if (fp != NULL)
fd_putfile(fd);
Some Veriexec stuff that's been rotting in my tree for months. Bug fixes: - Fix crash reported by Scott Ellis on current-users@. - Fix race conditions in enforcing the Veriexec rename and remove policies. These are NOT security issues. - Fix memory leak in rename handling when overwriting a monitored file. - Fix table deletion logic. - Don't prevent query requests if not in learning mode. KPI updates: - fileassoc_table_run() now takes a cookie to pass to the callback. - veriexec_table_add() was removed, it is now done internally. As a result, there's no longer a need for VERIEXEC_TABLESIZE. - veriexec_report() was removed, it is now internal. - Perform sanity checks on the entry type, and enforce default type in veriexec_file_add() rather than in veriexecctl. - Add veriexec_flush(), used to delete all Veriexec tables, and veriexec_dump(), used to fill an array with all Veriexec entries. New features: - Add a '-k' flag to veriexecctl, to keep the filenames in the kernel database. This allows Veriexec to produce slightly more accurate logs under certain circumstances. In the future, this can be either replaced by vnode->pathname translation, or combined with it. - Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database. This can be used to recover a database if the file was lost. Example usage: # veriexecctl dump > /etc/signatures Note that only entries with the filename kept (that is, were loaded with the '-k' flag) will be dumped. Idea from Brett Lymn. - Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample usage: # veriexecctl flush - Add a 'veriexec_flags' rc(8) variable, and make its default have the '-k' flag. On systems using the default signatures file (generaetd from running 'veriexecgen' with no arguments), this will use additional 32kb of kernel memory on average. - Add a '-e' flag to veriexecctl, to evaluate the fingerprint during load. This is done automatically for files marked as 'untrusted'. Misc. stuff: - The code for veriexecctl was massively simplified as a result of eliminating the need for VERIEXEC_TABLESIZE, and now uses a single pass of the signatures file, making the loading somewhat faster. - Lots of minor fixes found using the (still under development) Veriexec regression testsuite. - Some of the messages Veriexec prints were improved. - Various documentation fixes. All relevant man-pages were updated to reflect the above changes. Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
return (EPERM);
}
Some Veriexec stuff that's been rotting in my tree for months. Bug fixes: - Fix crash reported by Scott Ellis on current-users@. - Fix race conditions in enforcing the Veriexec rename and remove policies. These are NOT security issues. - Fix memory leak in rename handling when overwriting a monitored file. - Fix table deletion logic. - Don't prevent query requests if not in learning mode. KPI updates: - fileassoc_table_run() now takes a cookie to pass to the callback. - veriexec_table_add() was removed, it is now done internally. As a result, there's no longer a need for VERIEXEC_TABLESIZE. - veriexec_report() was removed, it is now internal. - Perform sanity checks on the entry type, and enforce default type in veriexec_file_add() rather than in veriexecctl. - Add veriexec_flush(), used to delete all Veriexec tables, and veriexec_dump(), used to fill an array with all Veriexec entries. New features: - Add a '-k' flag to veriexecctl, to keep the filenames in the kernel database. This allows Veriexec to produce slightly more accurate logs under certain circumstances. In the future, this can be either replaced by vnode->pathname translation, or combined with it. - Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database. This can be used to recover a database if the file was lost. Example usage: # veriexecctl dump > /etc/signatures Note that only entries with the filename kept (that is, were loaded with the '-k' flag) will be dumped. Idea from Brett Lymn. - Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample usage: # veriexecctl flush - Add a 'veriexec_flags' rc(8) variable, and make its default have the '-k' flag. On systems using the default signatures file (generaetd from running 'veriexecgen' with no arguments), this will use additional 32kb of kernel memory on average. - Add a '-e' flag to veriexecctl, to evaluate the fingerprint during load. This is done automatically for files marked as 'untrusted'. Misc. stuff: - The code for veriexecctl was massively simplified as a result of eliminating the need for VERIEXEC_TABLESIZE, and now uses a single pass of the signatures file, making the loading somewhat faster. - Lots of minor fixes found using the (still under development) Veriexec regression testsuite. - Some of the messages Veriexec prints were improved. - Various documentation fixes. All relevant man-pages were updated to reflect the above changes. Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
/*
* Strip the executable bit from 'maxprot' to make sure
* it can't be made executable later.
*/
maxprot &= ~VM_PROT_EXECUTE;
}
}
#endif /* NVERIEXEC > 0 */
#ifdef PAX_MPROTECT
pax_mprotect(l, &prot, &maxprot);
#endif /* PAX_MPROTECT */
#ifdef PAX_ASLR
pax_aslr(l, &addr, orig_addr, flags);
#endif /* PAX_ASLR */
1998-03-09 03:58:55 +03:00
/*
* now let kernel internal function uvm_mmap do the work.
*/
1998-03-09 03:58:55 +03:00
error = uvm_mmap(&p->p_vmspace->vm_map, &addr, size, prot, maxprot,
flags, handle, pos, p->p_rlimit[RLIMIT_MEMLOCK].rlim_cur);
1998-03-09 03:58:55 +03:00
if (error == 0)
/* remember to add offset */
*retval = (register_t)(addr + pageoff);
if (fp != NULL)
fd_putfile(fd);
1998-03-09 03:58:55 +03:00
return (error);
}
/*
* sys___msync13: the msync system call (a front-end for flush)
*/
1998-03-09 03:58:55 +03:00
int
2009-05-30 08:26:16 +04:00
sys___msync13(struct lwp *l, const struct sys___msync13_args *uap,
register_t *retval)
{
/* {
syscallarg(void *) addr;
1998-03-09 03:58:55 +03:00
syscallarg(size_t) len;
syscallarg(int) flags;
} */
2003-01-18 11:51:40 +03:00
struct proc *p = l->l_proc;
vaddr_t addr;
vsize_t size, pageoff;
struct vm_map *map;
int error, rv, flags, uvmflags;
1998-03-09 03:58:55 +03:00
/*
* extract syscall args from the uap
*/
addr = (vaddr_t)SCARG(uap, addr);
size = (vsize_t)SCARG(uap, len);
1998-03-09 03:58:55 +03:00
flags = SCARG(uap, flags);
/* sanity check flags */
if ((flags & ~(MS_ASYNC | MS_SYNC | MS_INVALIDATE)) != 0 ||
2003-08-24 22:12:25 +04:00
(flags & (MS_ASYNC | MS_SYNC | MS_INVALIDATE)) == 0 ||
(flags & (MS_ASYNC | MS_SYNC)) == (MS_ASYNC | MS_SYNC))
return (EINVAL);
1998-03-09 03:58:55 +03:00
if ((flags & (MS_ASYNC | MS_SYNC)) == 0)
2003-08-24 22:12:25 +04:00
flags |= MS_SYNC;
1998-03-09 03:58:55 +03:00
/*
* align the address to a page boundary and adjust the size accordingly.
1998-03-09 03:58:55 +03:00
*/
pageoff = (addr & PAGE_MASK);
addr -= pageoff;
size += pageoff;
size = (vsize_t)round_page(size);
1998-03-09 03:58:55 +03:00
2007-09-23 20:05:40 +04:00
error = range_test(addr, size, false);
if (error)
return error;
1998-03-09 03:58:55 +03:00
/*
* get map
*/
map = &p->p_vmspace->vm_map;
/*
* XXXCDC: do we really need this semantic?
*
* XXX Gak! If size is zero we are supposed to sync "all modified
* pages with the region containing addr". Unfortunately, we
* don't really keep track of individual mmaps so we approximate
* by flushing the range of the map entry containing addr.
* This can be incorrect if the region splits or is coalesced
* with a neighbor.
*/
1998-03-09 03:58:55 +03:00
if (size == 0) {
struct vm_map_entry *entry;
2001-05-25 08:06:11 +04:00
1998-03-09 03:58:55 +03:00
vm_map_lock_read(map);
rv = uvm_map_lookup_entry(map, addr, &entry);
2007-02-22 09:05:00 +03:00
if (rv == true) {
1998-03-09 03:58:55 +03:00
addr = entry->start;
size = entry->end - entry->start;
}
vm_map_unlock_read(map);
2007-02-22 09:05:00 +03:00
if (rv == false)
1998-03-09 03:58:55 +03:00
return (EINVAL);
}
/*
* translate MS_ flags into PGO_ flags
*/
uvmflags = PGO_CLEANIT;
if (flags & MS_INVALIDATE)
uvmflags |= PGO_FREE;
1998-03-09 03:58:55 +03:00
if (flags & MS_SYNC)
uvmflags |= PGO_SYNCIO;
error = uvm_map_clean(map, addr, addr+size, uvmflags);
return error;
}
/*
* sys_munmap: unmap a users memory
*/
1998-03-09 03:58:55 +03:00
int
sys_munmap(struct lwp *l, const struct sys_munmap_args *uap, register_t *retval)
{
/* {
syscallarg(void *) addr;
1998-03-09 03:58:55 +03:00
syscallarg(size_t) len;
} */
2003-01-18 11:51:40 +03:00
struct proc *p = l->l_proc;
vaddr_t addr;
vsize_t size, pageoff;
struct vm_map *map;
1998-03-09 03:58:55 +03:00
struct vm_map_entry *dead_entries;
2007-09-23 20:05:40 +04:00
int error;
1998-03-09 03:58:55 +03:00
/*
* get syscall args.
1998-03-09 03:58:55 +03:00
*/
addr = (vaddr_t)SCARG(uap, addr);
size = (vsize_t)SCARG(uap, len);
2001-05-25 08:06:11 +04:00
1998-03-09 03:58:55 +03:00
/*
* align the address to a page boundary and adjust the size accordingly.
1998-03-09 03:58:55 +03:00
*/
pageoff = (addr & PAGE_MASK);
addr -= pageoff;
size += pageoff;
size = (vsize_t)round_page(size);
1998-03-09 03:58:55 +03:00
if (size == 0)
return (0);
2007-09-23 20:05:40 +04:00
error = range_test(addr, size, false);
if (error)
return error;
1998-03-09 03:58:55 +03:00
map = &p->p_vmspace->vm_map;
/*
2001-05-25 08:06:11 +04:00
* interesting system call semantic: make sure entire range is
1998-03-09 03:58:55 +03:00
* allocated before allowing an unmap.
*/
vm_map_lock(map);
#if 0
1998-03-09 03:58:55 +03:00
if (!uvm_map_checkprot(map, addr, addr + size, VM_PROT_NONE)) {
vm_map_unlock(map);
return (EINVAL);
}
#endif
uvm_unmap_remove(map, addr, addr + size, &dead_entries, NULL, 0);
vm_map_unlock(map);
1998-03-09 03:58:55 +03:00
if (dead_entries != NULL)
uvm_unmap_detach(dead_entries, 0);
return (0);
}
/*
* sys_mprotect: the mprotect system call
*/
1998-03-09 03:58:55 +03:00
int
2009-05-30 08:26:16 +04:00
sys_mprotect(struct lwp *l, const struct sys_mprotect_args *uap,
register_t *retval)
{
/* {
syscallarg(void *) addr;
syscallarg(size_t) len;
1998-03-09 03:58:55 +03:00
syscallarg(int) prot;
} */
2003-01-18 11:51:40 +03:00
struct proc *p = l->l_proc;
vaddr_t addr;
vsize_t size, pageoff;
1998-03-09 03:58:55 +03:00
vm_prot_t prot;
int error;
1998-03-09 03:58:55 +03:00
/*
* extract syscall args from uap
*/
addr = (vaddr_t)SCARG(uap, addr);
size = (vsize_t)SCARG(uap, len);
1998-03-09 03:58:55 +03:00
prot = SCARG(uap, prot) & VM_PROT_ALL;
/*
* align the address to a page boundary and adjust the size accordingly.
1998-03-09 03:58:55 +03:00
*/
1998-03-09 03:58:55 +03:00
pageoff = (addr & PAGE_MASK);
addr -= pageoff;
size += pageoff;
size = round_page(size);
2007-09-23 20:05:40 +04:00
error = range_test(addr, size, false);
if (error)
return error;
error = uvm_map_protect(&p->p_vmspace->vm_map, addr, addr + size, prot,
2007-02-22 09:05:00 +03:00
false);
return error;
}
/*
* sys_minherit: the minherit system call
*/
1998-03-09 03:58:55 +03:00
int
2009-05-30 08:26:16 +04:00
sys_minherit(struct lwp *l, const struct sys_minherit_args *uap,
register_t *retval)
{
/* {
syscallarg(void *) addr;
1998-03-09 03:58:55 +03:00
syscallarg(int) len;
syscallarg(int) inherit;
} */
2003-01-18 11:51:40 +03:00
struct proc *p = l->l_proc;
vaddr_t addr;
vsize_t size, pageoff;
2000-03-30 16:31:50 +04:00
vm_inherit_t inherit;
int error;
2001-05-25 08:06:11 +04:00
addr = (vaddr_t)SCARG(uap, addr);
size = (vsize_t)SCARG(uap, len);
1998-03-09 03:58:55 +03:00
inherit = SCARG(uap, inherit);
1998-03-09 03:58:55 +03:00
/*
* align the address to a page boundary and adjust the size accordingly.
1998-03-09 03:58:55 +03:00
*/
pageoff = (addr & PAGE_MASK);
addr -= pageoff;
size += pageoff;
size = (vsize_t)round_page(size);
1998-03-09 03:58:55 +03:00
2007-09-23 20:05:40 +04:00
error = range_test(addr, size, false);
if (error)
return error;
error = uvm_map_inherit(&p->p_vmspace->vm_map, addr, addr + size,
inherit);
return error;
}
/*
* sys_madvise: give advice about memory usage.
*/
/* ARGSUSED */
int
2009-05-30 08:26:16 +04:00
sys_madvise(struct lwp *l, const struct sys_madvise_args *uap,
register_t *retval)
{
/* {
syscallarg(void *) addr;
syscallarg(size_t) len;
syscallarg(int) behav;
} */
2003-01-18 11:51:40 +03:00
struct proc *p = l->l_proc;
vaddr_t addr;
vsize_t size, pageoff;
int advice, error;
2001-05-25 08:06:11 +04:00
addr = (vaddr_t)SCARG(uap, addr);
size = (vsize_t)SCARG(uap, len);
advice = SCARG(uap, behav);
/*
* align the address to a page boundary, and adjust the size accordingly
*/
pageoff = (addr & PAGE_MASK);
addr -= pageoff;
size += pageoff;
size = (vsize_t)round_page(size);
2007-09-23 20:05:40 +04:00
error = range_test(addr, size, false);
if (error)
return error;
switch (advice) {
case MADV_NORMAL:
case MADV_RANDOM:
case MADV_SEQUENTIAL:
error = uvm_map_advice(&p->p_vmspace->vm_map, addr, addr + size,
advice);
break;
case MADV_WILLNEED:
/*
* Activate all these pages, pre-faulting them in if
* necessary.
*/
error = uvm_map_willneed(&p->p_vmspace->vm_map,
addr, addr + size);
break;
case MADV_DONTNEED:
/*
* Deactivate all these pages. We don't need them
* any more. We don't, however, toss the data in
* the pages.
*/
error = uvm_map_clean(&p->p_vmspace->vm_map, addr, addr + size,
PGO_DEACTIVATE);
break;
case MADV_FREE:
/*
* These pages contain no valid data, and may be
2000-11-25 02:30:01 +03:00
* garbage-collected. Toss all resources, including
1999-07-08 04:52:45 +04:00
* any swap space in use.
*/
error = uvm_map_clean(&p->p_vmspace->vm_map, addr, addr + size,
PGO_FREE);
break;
case MADV_SPACEAVAIL:
/*
* XXXMRG What is this? I think it's:
*
* Ensure that we have allocated backing-store
* for these pages.
*
* This is going to require changes to the page daemon,
* as it will free swap space allocated to pages in core.
* There's also what to do for device/file/anonymous memory.
*/
return (EINVAL);
default:
return (EINVAL);
}
return error;
}
/*
* sys_mlock: memory lock
*/
1998-03-09 03:58:55 +03:00
int
sys_mlock(struct lwp *l, const struct sys_mlock_args *uap, register_t *retval)
{
/* {
syscallarg(const void *) addr;
1998-03-09 03:58:55 +03:00
syscallarg(size_t) len;
} */
2003-01-18 11:51:40 +03:00
struct proc *p = l->l_proc;
vaddr_t addr;
vsize_t size, pageoff;
1998-03-09 03:58:55 +03:00
int error;
/*
* extract syscall args from uap
*/
addr = (vaddr_t)SCARG(uap, addr);
size = (vsize_t)SCARG(uap, len);
1998-03-09 03:58:55 +03:00
/*
* align the address to a page boundary and adjust the size accordingly
*/
1998-03-09 03:58:55 +03:00
pageoff = (addr & PAGE_MASK);
addr -= pageoff;
size += pageoff;
size = (vsize_t)round_page(size);
2001-05-25 08:06:11 +04:00
2007-09-23 20:05:40 +04:00
error = range_test(addr, size, false);
if (error)
return error;
1998-03-09 03:58:55 +03:00
if (atop(size) + uvmexp.wired > uvmexp.wiredmax)
return (EAGAIN);
1998-03-09 03:58:55 +03:00
if (size + ptoa(pmap_wired_count(vm_map_pmap(&p->p_vmspace->vm_map))) >
p->p_rlimit[RLIMIT_MEMLOCK].rlim_cur)
return (EAGAIN);
2007-02-22 09:05:00 +03:00
error = uvm_map_pageable(&p->p_vmspace->vm_map, addr, addr+size, false,
0);
if (error == EFAULT)
error = ENOMEM;
return error;
}
/*
* sys_munlock: unlock wired pages
*/
1998-03-09 03:58:55 +03:00
int
2009-05-30 08:26:16 +04:00
sys_munlock(struct lwp *l, const struct sys_munlock_args *uap,
register_t *retval)
{
/* {
syscallarg(const void *) addr;
1998-03-09 03:58:55 +03:00
syscallarg(size_t) len;
} */
2003-01-18 11:51:40 +03:00
struct proc *p = l->l_proc;
vaddr_t addr;
vsize_t size, pageoff;
1998-03-09 03:58:55 +03:00
int error;
/*
* extract syscall args from uap
*/
addr = (vaddr_t)SCARG(uap, addr);
size = (vsize_t)SCARG(uap, len);
1998-03-09 03:58:55 +03:00
/*
* align the address to a page boundary, and adjust the size accordingly
*/
1998-03-09 03:58:55 +03:00
pageoff = (addr & PAGE_MASK);
addr -= pageoff;
size += pageoff;
size = (vsize_t)round_page(size);
1998-03-09 03:58:55 +03:00
2007-09-23 20:05:40 +04:00
error = range_test(addr, size, false);
if (error)
return error;
2007-02-22 09:05:00 +03:00
error = uvm_map_pageable(&p->p_vmspace->vm_map, addr, addr+size, true,
0);
if (error == EFAULT)
error = ENOMEM;
return error;
}
/*
* sys_mlockall: lock all pages mapped into an address space.
*/
int
2009-05-30 08:26:16 +04:00
sys_mlockall(struct lwp *l, const struct sys_mlockall_args *uap,
register_t *retval)
{
/* {
syscallarg(int) flags;
} */
2003-01-18 11:51:40 +03:00
struct proc *p = l->l_proc;
int error, flags;
flags = SCARG(uap, flags);
if (flags == 0 ||
(flags & ~(MCL_CURRENT|MCL_FUTURE)) != 0)
return (EINVAL);
error = uvm_map_pageable_all(&p->p_vmspace->vm_map, flags,
p->p_rlimit[RLIMIT_MEMLOCK].rlim_cur);
return (error);
}
/*
* sys_munlockall: unlock all pages mapped into an address space.
*/
int
sys_munlockall(struct lwp *l, const void *v, register_t *retval)
{
2003-01-18 11:51:40 +03:00
struct proc *p = l->l_proc;
(void) uvm_map_pageable_all(&p->p_vmspace->vm_map, 0, 0);
return (0);
}
/*
* uvm_mmap: internal version of mmap
*
a whole bunch of changes to improve performance and robustness under load: - remove special treatment of pager_map mappings in pmaps. this is required now, since I've removed the globals that expose the address range. pager_map now uses pmap_kenter_pa() instead of pmap_enter(), so there's no longer any need to special-case it. - eliminate struct uvm_vnode by moving its fields into struct vnode. - rewrite the pageout path. the pager is now responsible for handling the high-level requests instead of only getting control after a bunch of work has already been done on its behalf. this will allow us to UBCify LFS, which needs tighter control over its pages than other filesystems do. writing a page to disk no longer requires making it read-only, which allows us to write wired pages without causing all kinds of havoc. - use a new PG_PAGEOUT flag to indicate that a page should be freed on behalf of the pagedaemon when it's unlocked. this flag is very similar to PG_RELEASED, but unlike PG_RELEASED, PG_PAGEOUT can be cleared if the pageout fails due to eg. an indirect-block buffer being locked. this allows us to remove the "version" field from struct vm_page, and together with shrinking "loan_count" from 32 bits to 16, struct vm_page is now 4 bytes smaller. - no longer use PG_RELEASED for swap-backed pages. if the page is busy because it's being paged out, we can't release the swap slot to be reallocated until that write is complete, but unlike with vnodes we don't keep a count of in-progress writes so there's no good way to know when the write is done. instead, when we need to free a busy swap-backed page, just sleep until we can get it busy ourselves. - implement a fast-path for extending writes which allows us to avoid zeroing new pages. this substantially reduces cpu usage. - encapsulate the data used by the genfs code in a struct genfs_node, which must be the first element of the filesystem-specific vnode data for filesystems which use genfs_{get,put}pages(). - eliminate many of the UVM pagerops, since they aren't needed anymore now that the pager "put" operation is a higher-level operation. - enhance the genfs code to allow NFS to use the genfs_{get,put}pages instead of a modified copy. - clean up struct vnode by removing all the fields that used to be used by the vfs_cluster.c code (which we don't use anymore with UBC). - remove kmem_object and mb_object since they were useless. instead of allocating pages to these objects, we now just allocate pages with no object. such pages are mapped in the kernel until they are freed, so we can use the mapping to find the page to free it. this allows us to remove splvm() protection in several places. The sum of all these changes improves write throughput on my decstation 5000/200 to within 1% of the rate of NetBSD 1.5 and reduces the elapsed time for "make release" of a NetBSD 1.5 source tree on my 128MB pc to 10% less than a 1.5 kernel took.
2001-09-16 00:36:31 +04:00
* - used by sys_mmap and various framebuffers
* - handle is a vnode pointer or NULL for MAP_ANON
* - caller must page-align the file offset
*/
1998-03-09 03:58:55 +03:00
int
2009-05-30 08:26:16 +04:00
uvm_mmap(struct vm_map *map, vaddr_t *addr, vsize_t size, vm_prot_t prot,
vm_prot_t maxprot, int flags, void *handle, voff_t foff, vsize_t locklimit)
{
1998-03-09 03:58:55 +03:00
struct uvm_object *uobj;
struct vnode *vp;
vaddr_t align = 0;
int error;
1998-03-09 03:58:55 +03:00
int advice = UVM_ADV_NORMAL;
uvm_flag_t uvmflag = 0;
bool needwritemap;
1998-03-09 03:58:55 +03:00
/*
* check params
*/
if (size == 0)
return(0);
if (foff & PAGE_MASK)
return(EINVAL);
if ((prot & maxprot) != prot)
return(EINVAL);
/*
* for non-fixed mappings, round off the suggested address.
* for fixed mappings, check alignment and zap old mappings.
*/
if ((flags & MAP_FIXED) == 0) {
a whole bunch of changes to improve performance and robustness under load: - remove special treatment of pager_map mappings in pmaps. this is required now, since I've removed the globals that expose the address range. pager_map now uses pmap_kenter_pa() instead of pmap_enter(), so there's no longer any need to special-case it. - eliminate struct uvm_vnode by moving its fields into struct vnode. - rewrite the pageout path. the pager is now responsible for handling the high-level requests instead of only getting control after a bunch of work has already been done on its behalf. this will allow us to UBCify LFS, which needs tighter control over its pages than other filesystems do. writing a page to disk no longer requires making it read-only, which allows us to write wired pages without causing all kinds of havoc. - use a new PG_PAGEOUT flag to indicate that a page should be freed on behalf of the pagedaemon when it's unlocked. this flag is very similar to PG_RELEASED, but unlike PG_RELEASED, PG_PAGEOUT can be cleared if the pageout fails due to eg. an indirect-block buffer being locked. this allows us to remove the "version" field from struct vm_page, and together with shrinking "loan_count" from 32 bits to 16, struct vm_page is now 4 bytes smaller. - no longer use PG_RELEASED for swap-backed pages. if the page is busy because it's being paged out, we can't release the swap slot to be reallocated until that write is complete, but unlike with vnodes we don't keep a count of in-progress writes so there's no good way to know when the write is done. instead, when we need to free a busy swap-backed page, just sleep until we can get it busy ourselves. - implement a fast-path for extending writes which allows us to avoid zeroing new pages. this substantially reduces cpu usage. - encapsulate the data used by the genfs code in a struct genfs_node, which must be the first element of the filesystem-specific vnode data for filesystems which use genfs_{get,put}pages(). - eliminate many of the UVM pagerops, since they aren't needed anymore now that the pager "put" operation is a higher-level operation. - enhance the genfs code to allow NFS to use the genfs_{get,put}pages instead of a modified copy. - clean up struct vnode by removing all the fields that used to be used by the vfs_cluster.c code (which we don't use anymore with UBC). - remove kmem_object and mb_object since they were useless. instead of allocating pages to these objects, we now just allocate pages with no object. such pages are mapped in the kernel until they are freed, so we can use the mapping to find the page to free it. this allows us to remove splvm() protection in several places. The sum of all these changes improves write throughput on my decstation 5000/200 to within 1% of the rate of NetBSD 1.5 and reduces the elapsed time for "make release" of a NetBSD 1.5 source tree on my 128MB pc to 10% less than a 1.5 kernel took.
2001-09-16 00:36:31 +04:00
*addr = round_page(*addr);
1998-03-09 03:58:55 +03:00
} else {
if (*addr & PAGE_MASK)
return(EINVAL);
uvmflag |= UVM_FLAG_FIXED;
a whole bunch of changes to improve performance and robustness under load: - remove special treatment of pager_map mappings in pmaps. this is required now, since I've removed the globals that expose the address range. pager_map now uses pmap_kenter_pa() instead of pmap_enter(), so there's no longer any need to special-case it. - eliminate struct uvm_vnode by moving its fields into struct vnode. - rewrite the pageout path. the pager is now responsible for handling the high-level requests instead of only getting control after a bunch of work has already been done on its behalf. this will allow us to UBCify LFS, which needs tighter control over its pages than other filesystems do. writing a page to disk no longer requires making it read-only, which allows us to write wired pages without causing all kinds of havoc. - use a new PG_PAGEOUT flag to indicate that a page should be freed on behalf of the pagedaemon when it's unlocked. this flag is very similar to PG_RELEASED, but unlike PG_RELEASED, PG_PAGEOUT can be cleared if the pageout fails due to eg. an indirect-block buffer being locked. this allows us to remove the "version" field from struct vm_page, and together with shrinking "loan_count" from 32 bits to 16, struct vm_page is now 4 bytes smaller. - no longer use PG_RELEASED for swap-backed pages. if the page is busy because it's being paged out, we can't release the swap slot to be reallocated until that write is complete, but unlike with vnodes we don't keep a count of in-progress writes so there's no good way to know when the write is done. instead, when we need to free a busy swap-backed page, just sleep until we can get it busy ourselves. - implement a fast-path for extending writes which allows us to avoid zeroing new pages. this substantially reduces cpu usage. - encapsulate the data used by the genfs code in a struct genfs_node, which must be the first element of the filesystem-specific vnode data for filesystems which use genfs_{get,put}pages(). - eliminate many of the UVM pagerops, since they aren't needed anymore now that the pager "put" operation is a higher-level operation. - enhance the genfs code to allow NFS to use the genfs_{get,put}pages instead of a modified copy. - clean up struct vnode by removing all the fields that used to be used by the vfs_cluster.c code (which we don't use anymore with UBC). - remove kmem_object and mb_object since they were useless. instead of allocating pages to these objects, we now just allocate pages with no object. such pages are mapped in the kernel until they are freed, so we can use the mapping to find the page to free it. this allows us to remove splvm() protection in several places. The sum of all these changes improves write throughput on my decstation 5000/200 to within 1% of the rate of NetBSD 1.5 and reduces the elapsed time for "make release" of a NetBSD 1.5 source tree on my 128MB pc to 10% less than a 1.5 kernel took.
2001-09-16 00:36:31 +04:00
(void) uvm_unmap(map, *addr, *addr + size);
1998-03-09 03:58:55 +03:00
}
/*
* Try to see if any requested alignment can even be attemped.
* Make sure we can express the alignment (asking for a >= 4GB
* alignment on an ILP32 architecure make no sense) and the
* alignment is at least for a page sized quanitiy. If the
* request was for a fixed mapping, make sure supplied address
* adheres to the request alignment.
*/
align = (flags & MAP_ALIGNMENT_MASK) >> MAP_ALIGNMENT_SHIFT;
if (align) {
if (align >= sizeof(vaddr_t) * NBBY)
return(EINVAL);
align = 1L << align;
if (align < PAGE_SIZE)
return(EINVAL);
if (align >= vm_map_max(map))
return(ENOMEM);
if (flags & MAP_FIXED) {
if ((*addr & (align-1)) != 0)
return(EINVAL);
align = 0;
}
}
/*
* check resource limits
*/
if (!VM_MAP_IS_KERNEL(map) &&
(((rlim_t)curproc->p_vmspace->vm_map.size + (rlim_t)size) >
curproc->p_rlimit[RLIMIT_AS].rlim_cur))
return ENOMEM;
1998-03-09 03:58:55 +03:00
/*
* handle anon vs. non-anon mappings. for non-anon mappings attach
* to underlying vm object.
*/
if (flags & MAP_ANON) {
KASSERT(handle == NULL);
foff = UVM_UNKNOWN_OFFSET;
1998-03-09 03:58:55 +03:00
uobj = NULL;
if ((flags & MAP_SHARED) == 0)
/* XXX: defer amap create */
uvmflag |= UVM_FLAG_COPYONW;
else
/* shared: create amap now */
uvmflag |= UVM_FLAG_OVERLAY;
} else {
KASSERT(handle != NULL);
vp = (struct vnode *)handle;
/*
* Don't allow mmap for EXEC if the file system
* is mounted NOEXEC.
*/
if ((prot & PROT_EXEC) != 0 &&
(vp->v_mount->mnt_flag & MNT_NOEXEC) != 0)
return (EACCES);
1998-03-09 03:58:55 +03:00
if (vp->v_type != VCHR) {
error = VOP_MMAP(vp, prot, curlwp->l_cred);
if (error) {
return error;
}
vref(vp);
uobj = &vp->v_uobj;
/*
* If the vnode is being mapped with PROT_EXEC,
* then mark it as text.
*/
if (prot & PROT_EXEC) {
vn_markexec(vp);
}
1998-03-09 03:58:55 +03:00
} else {
int i = maxprot;
/*
* XXX Some devices don't like to be mapped with
* XXX PROT_EXEC or PROT_WRITE, but we don't really
* XXX have a better way of handling this, right now
*/
do {
uobj = udv_attach((void *) &vp->v_rdev,
(flags & MAP_SHARED) ? i :
(i & ~VM_PROT_WRITE), foff, size);
i--;
} while ((uobj == NULL) && (i > 0));
2009-08-18 06:41:31 +04:00
if (uobj == NULL)
return EINVAL;
1998-03-09 03:58:55 +03:00
advice = UVM_ADV_RANDOM;
}
if ((flags & MAP_SHARED) == 0) {
1998-03-09 03:58:55 +03:00
uvmflag |= UVM_FLAG_COPYONW;
}
/*
* Set vnode flags to indicate the new kinds of mapping.
* We take the vnode lock in exclusive mode here to serialize
* with direct I/O.
2008-06-02 20:16:27 +04:00
*
* Safe to check for these flag values without a lock, as
* long as a reference to the vnode is held.
*/
needwritemap = (vp->v_iflag & VI_WRMAP) == 0 &&
(flags & MAP_SHARED) != 0 &&
(maxprot & VM_PROT_WRITE) != 0;
2008-06-02 20:16:27 +04:00
if ((vp->v_vflag & VV_MAPPED) == 0 || needwritemap) {
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
vp->v_vflag |= VV_MAPPED;
if (needwritemap) {
2008-06-02 20:17:12 +04:00
mutex_enter(&vp->v_interlock);
vp->v_iflag |= VI_WRMAP;
2008-06-02 20:17:12 +04:00
mutex_exit(&vp->v_interlock);
}
VOP_UNLOCK(vp);
2008-06-02 20:16:27 +04:00
}
1998-03-09 03:58:55 +03:00
}
2001-05-25 08:06:11 +04:00
uvmflag = UVM_MAPFLAG(prot, maxprot,
(flags & MAP_SHARED) ? UVM_INH_SHARE : UVM_INH_COPY,
advice, uvmflag);
error = uvm_map(map, addr, size, uobj, foff, align, uvmflag);
if (error) {
if (uobj)
uobj->pgops->pgo_detach(uobj);
return error;
}
1998-03-09 03:58:55 +03:00
/*
* POSIX 1003.1b -- if our address space was configured
* to lock all future mappings, wire the one we just made.
*
* Also handle the MAP_WIRED flag here.
1998-03-09 03:58:55 +03:00
*/
if (prot == VM_PROT_NONE) {
1998-03-09 03:58:55 +03:00
/*
* No more work to do in this case.
*/
return (0);
}
if ((flags & MAP_WIRED) != 0 || (map->flags & VM_MAP_WIREFUTURE) != 0) {
vm_map_lock(map);
if (atop(size) + uvmexp.wired > uvmexp.wiredmax ||
(locklimit != 0 &&
size + ptoa(pmap_wired_count(vm_map_pmap(map))) >
locklimit)) {
vm_map_unlock(map);
uvm_unmap(map, *addr, *addr + size);
return ENOMEM;
}
/*
* uvm_map_pageable() always returns the map unlocked.
*/
error = uvm_map_pageable(map, *addr, *addr + size,
2007-02-22 09:05:00 +03:00
false, UVM_LK_ENTER);
if (error) {
uvm_unmap(map, *addr, *addr + size);
return error;
}
return (0);
}
return 0;
}
vaddr_t
uvm_default_mapaddr(struct proc *p, vaddr_t base, vsize_t sz)
{
return VM_DEFAULT_ADDRESS(base, sz);
}