xref: /openbsd-src/sys/uvm/uvm_aobj.c (revision 50b7afb2c2c0993b0894d4e34bf857cb13ed9c80)
1 /*	$OpenBSD: uvm_aobj.c,v 1.67 2014/07/12 18:44:01 tedu Exp $	*/
2 /*	$NetBSD: uvm_aobj.c,v 1.39 2001/02/18 21:19:08 chs Exp $	*/
3 
4 /*
5  * Copyright (c) 1998 Chuck Silvers, Charles D. Cranor and
6  *                    Washington University.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  *
29  * from: Id: uvm_aobj.c,v 1.1.2.5 1998/02/06 05:14:38 chs Exp
30  */
31 /*
32  * uvm_aobj.c: anonymous memory uvm_object pager
33  *
34  * author: Chuck Silvers <chuq@chuq.com>
35  * started: Jan-1998
36  *
37  * - design mostly from Chuck Cranor
38  */
39 
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/proc.h>
43 #include <sys/malloc.h>
44 #include <sys/kernel.h>
45 #include <sys/pool.h>
46 #include <sys/kernel.h>
47 #include <sys/stdint.h>
48 
49 #include <uvm/uvm.h>
50 
51 /*
52  * an aobj manages anonymous-memory backed uvm_objects.   in addition
53  * to keeping the list of resident pages, it also keeps a list of
54  * allocated swap blocks.  depending on the size of the aobj this list
55  * of allocated swap blocks is either stored in an array (small objects)
56  * or in a hash table (large objects).
57  */
58 
59 /*
60  * local structures
61  */
62 
63 /*
64  * for hash tables, we break the address space of the aobj into blocks
65  * of UAO_SWHASH_CLUSTER_SIZE pages.   we require the cluster size to
66  * be a power of two.
67  */
68 #define UAO_SWHASH_CLUSTER_SHIFT 4
69 #define UAO_SWHASH_CLUSTER_SIZE (1 << UAO_SWHASH_CLUSTER_SHIFT)
70 
71 /* get the "tag" for this page index */
72 #define UAO_SWHASH_ELT_TAG(PAGEIDX) \
73 	((PAGEIDX) >> UAO_SWHASH_CLUSTER_SHIFT)
74 
75 /* given an ELT and a page index, find the swap slot */
76 #define UAO_SWHASH_ELT_PAGESLOT_IDX(PAGEIDX) \
77 	((PAGEIDX) & (UAO_SWHASH_CLUSTER_SIZE - 1))
78 #define UAO_SWHASH_ELT_PAGESLOT(ELT, PAGEIDX) \
79 	((ELT)->slots[(PAGEIDX) & (UAO_SWHASH_CLUSTER_SIZE - 1)])
80 
81 /* given an ELT, return its pageidx base */
82 #define UAO_SWHASH_ELT_PAGEIDX_BASE(ELT) \
83 	((ELT)->tag << UAO_SWHASH_CLUSTER_SHIFT)
84 
85 /*
86  * the swhash hash function
87  */
88 #define UAO_SWHASH_HASH(AOBJ, PAGEIDX) \
89 	(&(AOBJ)->u_swhash[(((PAGEIDX) >> UAO_SWHASH_CLUSTER_SHIFT) \
90 			    & (AOBJ)->u_swhashmask)])
91 
92 /*
93  * the swhash threshold determines if we will use an array or a
94  * hash table to store the list of allocated swap blocks.
95  */
96 
97 #define UAO_SWHASH_THRESHOLD (UAO_SWHASH_CLUSTER_SIZE * 4)
98 
99 /*
100  * the number of buckets in a swhash, with an upper bound
101  */
102 #define UAO_SWHASH_MAXBUCKETS 256
103 #define UAO_SWHASH_BUCKETS(pages) \
104 	(min((pages) >> UAO_SWHASH_CLUSTER_SHIFT, UAO_SWHASH_MAXBUCKETS))
105 
106 
107 /*
108  * uao_swhash_elt: when a hash table is being used, this structure defines
109  * the format of an entry in the bucket list.
110  */
111 struct uao_swhash_elt {
112 	LIST_ENTRY(uao_swhash_elt) list;	/* the hash list */
113 	voff_t tag;				/* our 'tag' */
114 	int count;				/* our number of active slots */
115 	int slots[UAO_SWHASH_CLUSTER_SIZE];	/* the slots */
116 };
117 
118 /*
119  * uao_swhash: the swap hash table structure
120  */
121 LIST_HEAD(uao_swhash, uao_swhash_elt);
122 
123 /*
124  * uao_swhash_elt_pool: pool of uao_swhash_elt structures
125  */
126 struct pool uao_swhash_elt_pool;
127 
128 /*
129  * uvm_aobj: the actual anon-backed uvm_object
130  *
131  * => the uvm_object is at the top of the structure, this allows
132  *   (struct uvm_aobj *) == (struct uvm_object *)
133  * => only one of u_swslots and u_swhash is used in any given aobj
134  */
135 struct uvm_aobj {
136 	struct uvm_object u_obj; /* has: pgops, memt, #pages, #refs */
137 	int u_pages;		 /* number of pages in entire object */
138 	int u_flags;		 /* the flags (see uvm_aobj.h) */
139 	/*
140 	 * Either an array or hashtable (array of bucket heads) of
141 	 * offset -> swapslot mappings for the aobj.
142 	 */
143 #define u_swslots	u_swap.slot_array
144 #define u_swhash	u_swap.slot_hash
145 	union swslots {
146 		int			*slot_array;
147 		struct uao_swhash	*slot_hash;
148 	} u_swap;
149 	u_long u_swhashmask;		/* mask for hashtable */
150 	LIST_ENTRY(uvm_aobj) u_list;	/* global list of aobjs */
151 };
152 
153 /*
154  * uvm_aobj_pool: pool of uvm_aobj structures
155  */
156 struct pool uvm_aobj_pool;
157 
158 /*
159  * local functions
160  */
161 static struct uao_swhash_elt	*uao_find_swhash_elt(struct uvm_aobj *, int,
162 				     boolean_t);
163 static int			 uao_find_swslot(struct uvm_aobj *, int);
164 static boolean_t		 uao_flush(struct uvm_object *, voff_t,
165 				     voff_t, int);
166 static void			 uao_free(struct uvm_aobj *);
167 static int			 uao_get(struct uvm_object *, voff_t,
168 				     vm_page_t *, int *, int, vm_prot_t,
169 				     int, int);
170 static boolean_t		 uao_pagein(struct uvm_aobj *, int, int);
171 static boolean_t		 uao_pagein_page(struct uvm_aobj *, int);
172 
173 void	uao_dropswap_range(struct uvm_object *, voff_t, voff_t);
174 void	uao_shrink_flush(struct uvm_object *, int, int);
175 int	uao_shrink_hash(struct uvm_object *, int);
176 int	uao_shrink_array(struct uvm_object *, int);
177 int	uao_shrink_convert(struct uvm_object *, int);
178 
179 int	uao_grow_hash(struct uvm_object *, int);
180 int	uao_grow_array(struct uvm_object *, int);
181 int	uao_grow_convert(struct uvm_object *, int);
182 
183 /*
184  * aobj_pager
185  *
186  * note that some functions (e.g. put) are handled elsewhere
187  */
188 struct uvm_pagerops aobj_pager = {
189 	NULL,			/* init */
190 	uao_reference,		/* reference */
191 	uao_detach,		/* detach */
192 	NULL,			/* fault */
193 	uao_flush,		/* flush */
194 	uao_get,		/* get */
195 };
196 
197 /*
198  * uao_list: global list of active aobjs, locked by uao_list_lock
199  *
200  * Lock ordering: generally the locking order is object lock, then list lock.
201  * in the case of swap off we have to iterate over the list, and thus the
202  * ordering is reversed. In that case we must use trylocking to prevent
203  * deadlock.
204  */
205 static LIST_HEAD(aobjlist, uvm_aobj) uao_list = LIST_HEAD_INITIALIZER(uao_list);
206 static struct mutex uao_list_lock = MUTEX_INITIALIZER(IPL_NONE);
207 
208 
209 /*
210  * functions
211  */
212 /*
213  * hash table/array related functions
214  */
215 /*
216  * uao_find_swhash_elt: find (or create) a hash table entry for a page
217  * offset.
218  */
219 static struct uao_swhash_elt *
220 uao_find_swhash_elt(struct uvm_aobj *aobj, int pageidx, boolean_t create)
221 {
222 	struct uao_swhash *swhash;
223 	struct uao_swhash_elt *elt;
224 	voff_t page_tag;
225 
226 	swhash = UAO_SWHASH_HASH(aobj, pageidx); /* first hash to get bucket */
227 	page_tag = UAO_SWHASH_ELT_TAG(pageidx);	/* tag to search for */
228 
229 	/* now search the bucket for the requested tag */
230 	LIST_FOREACH(elt, swhash, list) {
231 		if (elt->tag == page_tag)
232 			return(elt);
233 	}
234 
235 	/* fail now if we are not allowed to create a new entry in the bucket */
236 	if (!create)
237 		return NULL;
238 
239 	/* allocate a new entry for the bucket and init/insert it in */
240 	elt = pool_get(&uao_swhash_elt_pool, PR_WAITOK | PR_ZERO);
241 	LIST_INSERT_HEAD(swhash, elt, list);
242 	elt->tag = page_tag;
243 
244 	return(elt);
245 }
246 
247 /*
248  * uao_find_swslot: find the swap slot number for an aobj/pageidx
249  */
250 __inline static int
251 uao_find_swslot(struct uvm_aobj *aobj, int pageidx)
252 {
253 
254 	/* if noswap flag is set, then we never return a slot */
255 	if (aobj->u_flags & UAO_FLAG_NOSWAP)
256 		return(0);
257 
258 	/* if hashing, look in hash table.  */
259 	if (aobj->u_pages > UAO_SWHASH_THRESHOLD) {
260 		struct uao_swhash_elt *elt =
261 		    uao_find_swhash_elt(aobj, pageidx, FALSE);
262 
263 		if (elt)
264 			return(UAO_SWHASH_ELT_PAGESLOT(elt, pageidx));
265 		else
266 			return(0);
267 	}
268 
269 	/* otherwise, look in the array */
270 	return(aobj->u_swslots[pageidx]);
271 }
272 
273 /*
274  * uao_set_swslot: set the swap slot for a page in an aobj.
275  *
276  * => setting a slot to zero frees the slot
277  */
278 int
279 uao_set_swslot(struct uvm_object *uobj, int pageidx, int slot)
280 {
281 	struct uvm_aobj *aobj = (struct uvm_aobj *)uobj;
282 	int oldslot;
283 
284 	/* if noswap flag is set, then we can't set a slot */
285 	if (aobj->u_flags & UAO_FLAG_NOSWAP) {
286 		if (slot == 0)
287 			return(0);		/* a clear is ok */
288 
289 		/* but a set is not */
290 		printf("uao_set_swslot: uobj = %p\n", uobj);
291 		panic("uao_set_swslot: attempt to set a slot"
292 		    " on a NOSWAP object");
293 	}
294 
295 	/* are we using a hash table?  if so, add it in the hash.  */
296 	if (aobj->u_pages > UAO_SWHASH_THRESHOLD) {
297 		/*
298 		 * Avoid allocating an entry just to free it again if
299 		 * the page had not swap slot in the first place, and
300 		 * we are freeing.
301 		 */
302 		struct uao_swhash_elt *elt =
303 		    uao_find_swhash_elt(aobj, pageidx, slot ? TRUE : FALSE);
304 		if (elt == NULL) {
305 			KASSERT(slot == 0);
306 			return (0);
307 		}
308 
309 		oldslot = UAO_SWHASH_ELT_PAGESLOT(elt, pageidx);
310 		UAO_SWHASH_ELT_PAGESLOT(elt, pageidx) = slot;
311 
312 		/*
313 		 * now adjust the elt's reference counter and free it if we've
314 		 * dropped it to zero.
315 		 */
316 		/* an allocation? */
317 		if (slot) {
318 			if (oldslot == 0)
319 				elt->count++;
320 		} else {		/* freeing slot ... */
321 			if (oldslot)	/* to be safe */
322 				elt->count--;
323 
324 			if (elt->count == 0) {
325 				LIST_REMOVE(elt, list);
326 				pool_put(&uao_swhash_elt_pool, elt);
327 			}
328 		}
329 	} else {
330 		/* we are using an array */
331 		oldslot = aobj->u_swslots[pageidx];
332 		aobj->u_swslots[pageidx] = slot;
333 	}
334 	return (oldslot);
335 }
336 /*
337  * end of hash/array functions
338  */
339 
340 /*
341  * uao_free: free all resources held by an aobj, and then free the aobj
342  *
343  * => the aobj should be dead
344  */
345 static void
346 uao_free(struct uvm_aobj *aobj)
347 {
348 
349 	if (aobj->u_pages > UAO_SWHASH_THRESHOLD) {
350 		int i, hashbuckets = aobj->u_swhashmask + 1;
351 
352 		/*
353 		 * free the swslots from each hash bucket,
354 		 * then the hash bucket, and finally the hash table itself.
355 		 */
356 		for (i = 0; i < hashbuckets; i++) {
357 			struct uao_swhash_elt *elt, *next;
358 
359 			for (elt = LIST_FIRST(&aobj->u_swhash[i]);
360 			     elt != NULL;
361 			     elt = next) {
362 				int j;
363 
364 				for (j = 0; j < UAO_SWHASH_CLUSTER_SIZE; j++) {
365 					int slot = elt->slots[j];
366 
367 					if (slot == 0) {
368 						continue;
369 					}
370 					uvm_swap_free(slot, 1);
371 					/*
372 					 * this page is no longer
373 					 * only in swap.
374 					 */
375 					uvmexp.swpgonly--;
376 				}
377 
378 				next = LIST_NEXT(elt, list);
379 				pool_put(&uao_swhash_elt_pool, elt);
380 			}
381 		}
382 		free(aobj->u_swhash, M_UVMAOBJ, 0);
383 	} else {
384 		int i;
385 
386 		/* free the array */
387 		for (i = 0; i < aobj->u_pages; i++) {
388 			int slot = aobj->u_swslots[i];
389 
390 			if (slot) {
391 				uvm_swap_free(slot, 1);
392 				/* this page is no longer only in swap. */
393 				uvmexp.swpgonly--;
394 			}
395 		}
396 		free(aobj->u_swslots, M_UVMAOBJ, 0);
397 	}
398 
399 	/* finally free the aobj itself */
400 	pool_put(&uvm_aobj_pool, aobj);
401 }
402 
403 /*
404  * pager functions
405  */
406 
407 /*
408  * Shrink an aobj to a given number of pages. The procedure is always the same:
409  * assess the necessity of data structure conversion (hash to array), secure
410  * resources, flush pages and drop swap slots.
411  *
412  */
413 
414 void
415 uao_shrink_flush(struct uvm_object *uobj, int startpg, int endpg)
416 {
417 	KASSERT(startpg < endpg);
418 	KASSERT(uobj->uo_refs == 1);
419 	uao_flush(uobj, (voff_t)startpg << PAGE_SHIFT,
420 	    (voff_t)endpg << PAGE_SHIFT, PGO_FREE);
421 	uao_dropswap_range(uobj, startpg, endpg);
422 }
423 
424 int
425 uao_shrink_hash(struct uvm_object *uobj, int pages)
426 {
427 	struct uvm_aobj *aobj = (struct uvm_aobj *)uobj;
428 	struct uao_swhash *new_swhash;
429 	struct uao_swhash_elt *elt;
430 	unsigned long new_hashmask;
431 	int i;
432 
433 	KASSERT(aobj->u_pages > UAO_SWHASH_THRESHOLD);
434 
435 	/*
436 	 * If the size of the hash table doesn't change, all we need to do is
437 	 * to adjust the page count.
438 	 */
439 	if (UAO_SWHASH_BUCKETS(aobj->u_pages) == UAO_SWHASH_BUCKETS(pages)) {
440 		uao_shrink_flush(uobj, pages, aobj->u_pages);
441 		aobj->u_pages = pages;
442 		return 0;
443 	}
444 
445 	new_swhash = hashinit(UAO_SWHASH_BUCKETS(pages), M_UVMAOBJ,
446 	    M_WAITOK | M_CANFAIL, &new_hashmask);
447 	if (new_swhash == NULL)
448 		return ENOMEM;
449 
450 	uao_shrink_flush(uobj, pages, aobj->u_pages);
451 
452 	/*
453 	 * Even though the hash table size is changing, the hash of the buckets
454 	 * we are interested in copying should not change.
455 	 */
456 	for (i = 0; i < UAO_SWHASH_BUCKETS(aobj->u_pages); i++) {
457 		while (LIST_EMPTY(&aobj->u_swhash[i]) == 0) {
458 			elt = LIST_FIRST(&aobj->u_swhash[i]);
459 			LIST_REMOVE(elt, list);
460 			LIST_INSERT_HEAD(&new_swhash[i], elt, list);
461 		}
462 	}
463 
464 	free(aobj->u_swhash, M_UVMAOBJ, 0);
465 
466 	aobj->u_swhash = new_swhash;
467 	aobj->u_pages = pages;
468 	aobj->u_swhashmask = new_hashmask;
469 
470 	return 0;
471 }
472 
473 int
474 uao_shrink_convert(struct uvm_object *uobj, int pages)
475 {
476 	struct uvm_aobj *aobj = (struct uvm_aobj *)uobj;
477 	struct uao_swhash_elt *elt;
478 	int i, *new_swslots;
479 
480 	new_swslots = malloc(pages * sizeof(int), M_UVMAOBJ,
481 	    M_WAITOK | M_CANFAIL | M_ZERO);
482 	if (new_swslots == NULL)
483 		return ENOMEM;
484 
485 	uao_shrink_flush(uobj, pages, aobj->u_pages);
486 
487 	/* Convert swap slots from hash to array.  */
488 	for (i = 0; i < pages; i++) {
489 		elt = uao_find_swhash_elt(aobj, i, FALSE);
490 		if (elt != NULL) {
491 			new_swslots[i] = UAO_SWHASH_ELT_PAGESLOT(elt, i);
492 			if (new_swslots[i] != 0)
493 				elt->count--;
494 			if (elt->count == 0) {
495 				LIST_REMOVE(elt, list);
496 				pool_put(&uao_swhash_elt_pool, elt);
497 			}
498 		}
499 	}
500 
501 	free(aobj->u_swhash, M_UVMAOBJ, 0);
502 
503 	aobj->u_swslots = new_swslots;
504 	aobj->u_pages = pages;
505 
506 	return 0;
507 }
508 
509 int
510 uao_shrink_array(struct uvm_object *uobj, int pages)
511 {
512 	struct uvm_aobj *aobj = (struct uvm_aobj *)uobj;
513 	int i, *new_swslots;
514 
515 	new_swslots = malloc(pages * sizeof(int), M_UVMAOBJ,
516 	    M_WAITOK | M_CANFAIL | M_ZERO);
517 	if (new_swslots == NULL)
518 		return ENOMEM;
519 
520 	uao_shrink_flush(uobj, pages, aobj->u_pages);
521 
522 	for (i = 0; i < pages; i++)
523 		new_swslots[i] = aobj->u_swslots[i];
524 
525 	free(aobj->u_swslots, M_UVMAOBJ, 0);
526 
527 	aobj->u_swslots = new_swslots;
528 	aobj->u_pages = pages;
529 
530 	return 0;
531 }
532 
533 int
534 uao_shrink(struct uvm_object *uobj, int pages)
535 {
536 	struct uvm_aobj *aobj = (struct uvm_aobj *)uobj;
537 
538 	KASSERT(pages < aobj->u_pages);
539 
540 	/*
541 	 * Distinguish between three possible cases:
542 	 * 1. aobj uses hash and must be converted to array.
543 	 * 2. aobj uses array and array size needs to be adjusted.
544 	 * 3. aobj uses hash and hash size needs to be adjusted.
545 	 */
546 	if (pages > UAO_SWHASH_THRESHOLD)
547 		return uao_shrink_hash(uobj, pages);	/* case 3 */
548 	else if (aobj->u_pages > UAO_SWHASH_THRESHOLD)
549 		return uao_shrink_convert(uobj, pages);	/* case 1 */
550 	else
551 		return uao_shrink_array(uobj, pages);	/* case 2 */
552 }
553 
554 /*
555  * Grow an aobj to a given number of pages. Right now we only adjust the swap
556  * slots. We could additionally handle page allocation directly, so that they
557  * don't happen through uvm_fault(). That would allow us to use another
558  * mechanism for the swap slots other than malloc(). It is thus mandatory that
559  * the caller of these functions does not allow faults to happen in case of
560  * growth error.
561  */
562 int
563 uao_grow_array(struct uvm_object *uobj, int pages)
564 {
565 	struct uvm_aobj *aobj = (struct uvm_aobj *)uobj;
566 	int i, *new_swslots;
567 
568 	KASSERT(aobj->u_pages <= UAO_SWHASH_THRESHOLD);
569 
570 	new_swslots = malloc(pages * sizeof(int), M_UVMAOBJ,
571 	    M_WAITOK | M_CANFAIL | M_ZERO);
572 	if (new_swslots == NULL)
573 		return ENOMEM;
574 
575 	for (i = 0; i < aobj->u_pages; i++)
576 		new_swslots[i] = aobj->u_swslots[i];
577 
578 	free(aobj->u_swslots, M_UVMAOBJ, 0);
579 
580 	aobj->u_swslots = new_swslots;
581 	aobj->u_pages = pages;
582 
583 	return 0;
584 }
585 
586 int
587 uao_grow_hash(struct uvm_object *uobj, int pages)
588 {
589 	struct uvm_aobj *aobj = (struct uvm_aobj *)uobj;
590 	struct uao_swhash *new_swhash;
591 	struct uao_swhash_elt *elt;
592 	unsigned long new_hashmask;
593 	int i;
594 
595 	KASSERT(pages > UAO_SWHASH_THRESHOLD);
596 
597 	/*
598 	 * If the size of the hash table doesn't change, all we need to do is
599 	 * to adjust the page count.
600 	 */
601 	if (UAO_SWHASH_BUCKETS(aobj->u_pages) == UAO_SWHASH_BUCKETS(pages)) {
602 		aobj->u_pages = pages;
603 		return 0;
604 	}
605 
606 	KASSERT(UAO_SWHASH_BUCKETS(aobj->u_pages) < UAO_SWHASH_BUCKETS(pages));
607 
608 	new_swhash = hashinit(UAO_SWHASH_BUCKETS(pages), M_UVMAOBJ,
609 	    M_WAITOK | M_CANFAIL, &new_hashmask);
610 	if (new_swhash == NULL)
611 		return ENOMEM;
612 
613 	for (i = 0; i < UAO_SWHASH_BUCKETS(aobj->u_pages); i++) {
614 		while (LIST_EMPTY(&aobj->u_swhash[i]) == 0) {
615 			elt = LIST_FIRST(&aobj->u_swhash[i]);
616 			LIST_REMOVE(elt, list);
617 			LIST_INSERT_HEAD(&new_swhash[i], elt, list);
618 		}
619 	}
620 
621 	free(aobj->u_swhash, M_UVMAOBJ, 0);
622 
623 	aobj->u_swhash = new_swhash;
624 	aobj->u_pages = pages;
625 	aobj->u_swhashmask = new_hashmask;
626 
627 	return 0;
628 }
629 
630 int
631 uao_grow_convert(struct uvm_object *uobj, int pages)
632 {
633 	struct uvm_aobj *aobj = (struct uvm_aobj *)uobj;
634 	struct uao_swhash *new_swhash;
635 	struct uao_swhash_elt *elt;
636 	unsigned long new_hashmask;
637 	int i, *old_swslots;
638 
639 	new_swhash = hashinit(UAO_SWHASH_BUCKETS(pages), M_UVMAOBJ,
640 	    M_WAITOK | M_CANFAIL, &new_hashmask);
641 	if (new_swhash == NULL)
642 		return ENOMEM;
643 
644 	/* Set these now, so we can use uao_find_swhash_elt(). */
645 	old_swslots = aobj->u_swslots;
646 	aobj->u_swhash = new_swhash;
647 	aobj->u_swhashmask = new_hashmask;
648 
649 	for (i = 0; i < aobj->u_pages; i++) {
650 		if (old_swslots[i] != 0) {
651 			elt = uao_find_swhash_elt(aobj, i, TRUE);
652 			elt->count++;
653 			UAO_SWHASH_ELT_PAGESLOT(elt, i) = old_swslots[i];
654 		}
655 	}
656 
657 	free(old_swslots, M_UVMAOBJ, 0);
658 	aobj->u_pages = pages;
659 
660 	return 0;
661 }
662 
663 int
664 uao_grow(struct uvm_object *uobj, int pages)
665 {
666 	struct uvm_aobj *aobj = (struct uvm_aobj *)uobj;
667 
668 	KASSERT(pages > aobj->u_pages);
669 
670 	/*
671 	 * Distinguish between three possible cases:
672 	 * 1. aobj uses hash and hash size needs to be adjusted.
673 	 * 2. aobj uses array and array size needs to be adjusted.
674 	 * 3. aobj uses array and must be converted to hash.
675 	 */
676 	if (pages <= UAO_SWHASH_THRESHOLD)
677 		return uao_grow_array(uobj, pages);	/* case 2 */
678 	else if (aobj->u_pages > UAO_SWHASH_THRESHOLD)
679 		return uao_grow_hash(uobj, pages);	/* case 1 */
680 	else
681 		return uao_grow_convert(uobj, pages);
682 }
683 
684 /*
685  * uao_create: create an aobj of the given size and return its uvm_object.
686  *
687  * => for normal use, flags are zero or UAO_FLAG_CANFAIL.
688  * => for the kernel object, the flags are:
689  *	UAO_FLAG_KERNOBJ - allocate the kernel object (can only happen once)
690  *	UAO_FLAG_KERNSWAP - enable swapping of kernel object ("           ")
691  */
692 struct uvm_object *
693 uao_create(vsize_t size, int flags)
694 {
695 	static struct uvm_aobj kernel_object_store; /* home of kernel_object */
696 	static int kobj_alloced = 0;			/* not allocated yet */
697 	int pages = round_page(size) >> PAGE_SHIFT;
698 	int refs = UVM_OBJ_KERN;
699 	int mflags;
700 	struct uvm_aobj *aobj;
701 
702 	/* malloc a new aobj unless we are asked for the kernel object */
703 	if (flags & UAO_FLAG_KERNOBJ) {		/* want kernel object? */
704 		if (kobj_alloced)
705 			panic("uao_create: kernel object already allocated");
706 
707 		aobj = &kernel_object_store;
708 		aobj->u_pages = pages;
709 		aobj->u_flags = UAO_FLAG_NOSWAP;	/* no swap to start */
710 		/* we are special, we never die */
711 		kobj_alloced = UAO_FLAG_KERNOBJ;
712 	} else if (flags & UAO_FLAG_KERNSWAP) {
713 		aobj = &kernel_object_store;
714 		if (kobj_alloced != UAO_FLAG_KERNOBJ)
715 		    panic("uao_create: asked to enable swap on kernel object");
716 		kobj_alloced = UAO_FLAG_KERNSWAP;
717 	} else {	/* normal object */
718 		aobj = pool_get(&uvm_aobj_pool, PR_WAITOK);
719 		aobj->u_pages = pages;
720 		aobj->u_flags = 0;		/* normal object */
721 		refs = 1;			/* normal object so 1 ref */
722 	}
723 
724 	/* allocate hash/array if necessary */
725  	if (flags == 0 || (flags & (UAO_FLAG_KERNSWAP | UAO_FLAG_CANFAIL))) {
726 		if (flags)
727 			mflags = M_NOWAIT;
728 		else
729 			mflags = M_WAITOK;
730 
731 		/* allocate hash table or array depending on object size */
732 		if (aobj->u_pages > UAO_SWHASH_THRESHOLD) {
733 			aobj->u_swhash = hashinit(UAO_SWHASH_BUCKETS(pages),
734 			    M_UVMAOBJ, mflags, &aobj->u_swhashmask);
735 			if (aobj->u_swhash == NULL) {
736 				if (flags & UAO_FLAG_CANFAIL) {
737 					pool_put(&uvm_aobj_pool, aobj);
738 					return (NULL);
739 				}
740 				panic("uao_create: hashinit swhash failed");
741 			}
742 		} else {
743 			aobj->u_swslots = malloc(pages * sizeof(int),
744 			    M_UVMAOBJ, mflags|M_ZERO);
745 			if (aobj->u_swslots == NULL) {
746 				if (flags & UAO_FLAG_CANFAIL) {
747 					pool_put(&uvm_aobj_pool, aobj);
748 					return (NULL);
749 				}
750 				panic("uao_create: malloc swslots failed");
751 			}
752 		}
753 
754 		if (flags & UAO_FLAG_KERNSWAP) {
755 			aobj->u_flags &= ~UAO_FLAG_NOSWAP; /* clear noswap */
756 			return(&aobj->u_obj);
757 			/* done! */
758 		}
759 	}
760 
761 	uvm_objinit(&aobj->u_obj, &aobj_pager, refs);
762 
763 	/* now that aobj is ready, add it to the global list */
764 	mtx_enter(&uao_list_lock);
765 	LIST_INSERT_HEAD(&uao_list, aobj, u_list);
766 	mtx_leave(&uao_list_lock);
767 
768 	return(&aobj->u_obj);
769 }
770 
771 
772 
773 /*
774  * uao_init: set up aobj pager subsystem
775  *
776  * => called at boot time from uvm_pager_init()
777  */
778 void
779 uao_init(void)
780 {
781 	static int uao_initialized;
782 
783 	if (uao_initialized)
784 		return;
785 	uao_initialized = TRUE;
786 
787 	/*
788 	 * NOTE: Pages for this pool must not come from a pageable
789 	 * kernel map!
790 	 */
791 	pool_init(&uao_swhash_elt_pool, sizeof(struct uao_swhash_elt),
792 	    0, 0, 0, "uaoeltpl", &pool_allocator_nointr);
793 
794 	pool_init(&uvm_aobj_pool, sizeof(struct uvm_aobj), 0, 0, 0,
795 	    "aobjpl", &pool_allocator_nointr);
796 }
797 
798 /*
799  * uao_reference: add a ref to an aobj
800  */
801 void
802 uao_reference(struct uvm_object *uobj)
803 {
804 	uao_reference_locked(uobj);
805 }
806 
807 /*
808  * uao_reference_locked: add a ref to an aobj
809  */
810 void
811 uao_reference_locked(struct uvm_object *uobj)
812 {
813 
814 	/* kernel_object already has plenty of references, leave it alone. */
815 	if (UVM_OBJ_IS_KERN_OBJECT(uobj))
816 		return;
817 
818 	uobj->uo_refs++;		/* bump! */
819 }
820 
821 
822 /*
823  * uao_detach: drop a reference to an aobj
824  */
825 void
826 uao_detach(struct uvm_object *uobj)
827 {
828 	uao_detach_locked(uobj);
829 }
830 
831 
832 /*
833  * uao_detach_locked: drop a reference to an aobj
834  *
835  * => aobj may freed upon return.
836  */
837 void
838 uao_detach_locked(struct uvm_object *uobj)
839 {
840 	struct uvm_aobj *aobj = (struct uvm_aobj *)uobj;
841 	struct vm_page *pg;
842 
843 	/* detaching from kernel_object is a noop. */
844 	if (UVM_OBJ_IS_KERN_OBJECT(uobj)) {
845 		return;
846 	}
847 
848 	uobj->uo_refs--;				/* drop ref! */
849 	if (uobj->uo_refs) {				/* still more refs? */
850 		return;
851 	}
852 
853 	/* remove the aobj from the global list. */
854 	mtx_enter(&uao_list_lock);
855 	LIST_REMOVE(aobj, u_list);
856 	mtx_leave(&uao_list_lock);
857 
858 	/*
859 	 * Free all pages left in the object. If they're busy, wait
860 	 * for them to become available before we kill it.
861 	 * Release swap resources then free the page.
862  	 */
863 	uvm_lock_pageq();
864 	while((pg = RB_ROOT(&uobj->memt)) != NULL) {
865 		if (pg->pg_flags & PG_BUSY) {
866 			atomic_setbits_int(&pg->pg_flags, PG_WANTED);
867 			uvm_unlock_pageq();
868 			UVM_WAIT(pg, 0, "uao_det", 0);
869 			uvm_lock_pageq();
870 			continue;
871 		}
872 		pmap_page_protect(pg, VM_PROT_NONE);
873 		uao_dropswap(&aobj->u_obj, pg->offset >> PAGE_SHIFT);
874 		uvm_pagefree(pg);
875 	}
876 	uvm_unlock_pageq();
877 
878 	/* finally, free the rest. */
879 	uao_free(aobj);
880 }
881 
882 /*
883  * uao_flush: "flush" pages out of a uvm object
884  *
885  * => if PGO_CLEANIT is not set, then we will not block.
886  * => if PGO_ALLPAGE is set, then all pages in the object are valid targets
887  *	for flushing.
888  * => NOTE: we are allowed to lock the page queues, so the caller
889  *	must not be holding the lock on them [e.g. pagedaemon had
890  *	better not call us with the queues locked]
891  * => we return TRUE unless we encountered some sort of I/O error
892  *	XXXJRT currently never happens, as we never directly initiate
893  *	XXXJRT I/O
894  */
895 
896 #define	UAO_HASH_PENALTY 4	/* XXX: a guess */
897 
898 boolean_t
899 uao_flush(struct uvm_object *uobj, voff_t start, voff_t stop, int flags)
900 {
901 	struct uvm_aobj *aobj = (struct uvm_aobj *) uobj;
902 	struct vm_page *pp;
903 	voff_t curoff;
904 
905 	if (flags & PGO_ALLPAGES) {
906 		start = 0;
907 		stop = (voff_t)aobj->u_pages << PAGE_SHIFT;
908 	} else {
909 		start = trunc_page(start);
910 		stop = round_page(stop);
911 		if (stop > ((voff_t)aobj->u_pages << PAGE_SHIFT)) {
912 			printf("uao_flush: strange, got an out of range "
913 			    "flush (fixed)\n");
914 			stop = (voff_t)aobj->u_pages << PAGE_SHIFT;
915 		}
916 	}
917 
918 	/*
919 	 * Don't need to do any work here if we're not freeing
920 	 * or deactivating pages.
921 	 */
922 	if ((flags & (PGO_DEACTIVATE|PGO_FREE)) == 0)
923 		return (TRUE);
924 
925 	curoff = start;
926 	for (;;) {
927 		if (curoff < stop) {
928 			pp = uvm_pagelookup(uobj, curoff);
929 			curoff += PAGE_SIZE;
930 			if (pp == NULL)
931 				continue;
932 		} else {
933 			break;
934 		}
935 
936 		/* Make sure page is unbusy, else wait for it. */
937 		if (pp->pg_flags & PG_BUSY) {
938 			atomic_setbits_int(&pp->pg_flags, PG_WANTED);
939 			UVM_WAIT(pp, 0, "uaoflsh", 0);
940 			curoff -= PAGE_SIZE;
941 			continue;
942 		}
943 
944 		switch (flags & (PGO_CLEANIT|PGO_FREE|PGO_DEACTIVATE)) {
945 		/*
946 		 * XXX In these first 3 cases, we always just
947 		 * XXX deactivate the page.  We may want to
948 		 * XXX handle the different cases more specifically
949 		 * XXX in the future.
950 		 */
951 		case PGO_CLEANIT|PGO_FREE:
952 			/* FALLTHROUGH */
953 		case PGO_CLEANIT|PGO_DEACTIVATE:
954 			/* FALLTHROUGH */
955 		case PGO_DEACTIVATE:
956  deactivate_it:
957 			/* skip the page if it's loaned or wired */
958 			if (pp->loan_count != 0 ||
959 			    pp->wire_count != 0)
960 				continue;
961 
962 			uvm_lock_pageq();
963 			/* zap all mappings for the page. */
964 			pmap_page_protect(pp, VM_PROT_NONE);
965 
966 			/* ...and deactivate the page. */
967 			uvm_pagedeactivate(pp);
968 			uvm_unlock_pageq();
969 
970 			continue;
971 		case PGO_FREE:
972 			/*
973 			 * If there are multiple references to
974 			 * the object, just deactivate the page.
975 			 */
976 			if (uobj->uo_refs > 1)
977 				goto deactivate_it;
978 
979 			/* XXX skip the page if it's loaned or wired */
980 			if (pp->loan_count != 0 ||
981 			    pp->wire_count != 0)
982 				continue;
983 
984 			/* zap all mappings for the page. */
985 			pmap_page_protect(pp, VM_PROT_NONE);
986 
987 			uao_dropswap(uobj, pp->offset >> PAGE_SHIFT);
988 			uvm_lock_pageq();
989 			uvm_pagefree(pp);
990 			uvm_unlock_pageq();
991 
992 			continue;
993 		default:
994 			panic("uao_flush: weird flags");
995 		}
996 	}
997 
998 	return (TRUE);
999 }
1000 
1001 /*
1002  * uao_get: fetch me a page
1003  *
1004  * we have three cases:
1005  * 1: page is resident     -> just return the page.
1006  * 2: page is zero-fill    -> allocate a new page and zero it.
1007  * 3: page is swapped out  -> fetch the page from swap.
1008  *
1009  * cases 1 and 2 can be handled with PGO_LOCKED, case 3 cannot.
1010  * so, if the "center" page hits case 3 (or any page, with PGO_ALLPAGES),
1011  * then we will need to return VM_PAGER_UNLOCK.
1012  *
1013  * => flags: PGO_ALLPAGES: get all of the pages
1014  *           PGO_LOCKED: fault data structures are locked
1015  * => NOTE: offset is the offset of pps[0], _NOT_ pps[centeridx]
1016  * => NOTE: caller must check for released pages!!
1017  */
1018 static int
1019 uao_get(struct uvm_object *uobj, voff_t offset, struct vm_page **pps,
1020     int *npagesp, int centeridx, vm_prot_t access_type, int advice, int flags)
1021 {
1022 	struct uvm_aobj *aobj = (struct uvm_aobj *)uobj;
1023 	voff_t current_offset;
1024 	vm_page_t ptmp;
1025 	int lcv, gotpages, maxpages, swslot, rv, pageidx;
1026 	boolean_t done;
1027 
1028 	/* get number of pages */
1029 	maxpages = *npagesp;
1030 
1031 	/* step 1: handled the case where fault data structures are locked. */
1032 	if (flags & PGO_LOCKED) {
1033 		/* step 1a: get pages that are already resident. */
1034 
1035 		done = TRUE;	/* be optimistic */
1036 		gotpages = 0;	/* # of pages we got so far */
1037 
1038 		for (lcv = 0, current_offset = offset ; lcv < maxpages ;
1039 		    lcv++, current_offset += PAGE_SIZE) {
1040 			/* do we care about this page?  if not, skip it */
1041 			if (pps[lcv] == PGO_DONTCARE)
1042 				continue;
1043 
1044 			ptmp = uvm_pagelookup(uobj, current_offset);
1045 
1046 			/*
1047  			 * if page is new, attempt to allocate the page,
1048 			 * zero-fill'd.
1049  			 */
1050 			if (ptmp == NULL && uao_find_swslot(aobj,
1051 			    current_offset >> PAGE_SHIFT) == 0) {
1052 				ptmp = uvm_pagealloc(uobj, current_offset,
1053 				    NULL, UVM_PGA_ZERO);
1054 				if (ptmp) {
1055 					/* new page */
1056 					atomic_clearbits_int(&ptmp->pg_flags,
1057 					    PG_BUSY|PG_FAKE);
1058 					atomic_setbits_int(&ptmp->pg_flags,
1059 					    PQ_AOBJ);
1060 					UVM_PAGE_OWN(ptmp, NULL);
1061 				}
1062 			}
1063 
1064 			/* to be useful must get a non-busy page */
1065 			if (ptmp == NULL ||
1066 			    (ptmp->pg_flags & PG_BUSY) != 0) {
1067 				if (lcv == centeridx ||
1068 				    (flags & PGO_ALLPAGES) != 0)
1069 					/* need to do a wait or I/O! */
1070 					done = FALSE;
1071 					continue;
1072 			}
1073 
1074 			/*
1075 			 * useful page: busy it and plug it in our
1076 			 * result array
1077 			 */
1078 			/* caller must un-busy this page */
1079 			atomic_setbits_int(&ptmp->pg_flags, PG_BUSY);
1080 			UVM_PAGE_OWN(ptmp, "uao_get1");
1081 			pps[lcv] = ptmp;
1082 			gotpages++;
1083 
1084 		}
1085 
1086 		/*
1087  		 * step 1b: now we've either done everything needed or we
1088 		 * to unlock and do some waiting or I/O.
1089  		 */
1090 		*npagesp = gotpages;
1091 		if (done)
1092 			/* bingo! */
1093 			return(VM_PAGER_OK);
1094 		else
1095 			/* EEK!   Need to unlock and I/O */
1096 			return(VM_PAGER_UNLOCK);
1097 	}
1098 
1099 	/*
1100  	 * step 2: get non-resident or busy pages.
1101  	 * data structures are unlocked.
1102  	 */
1103 	for (lcv = 0, current_offset = offset ; lcv < maxpages ;
1104 	    lcv++, current_offset += PAGE_SIZE) {
1105 		/*
1106 		 * - skip over pages we've already gotten or don't want
1107 		 * - skip over pages we don't _have_ to get
1108 		 */
1109 		if (pps[lcv] != NULL ||
1110 		    (lcv != centeridx && (flags & PGO_ALLPAGES) == 0))
1111 			continue;
1112 
1113 		pageidx = current_offset >> PAGE_SHIFT;
1114 
1115 		/*
1116  		 * we have yet to locate the current page (pps[lcv]).   we
1117 		 * first look for a page that is already at the current offset.
1118 		 * if we find a page, we check to see if it is busy or
1119 		 * released.  if that is the case, then we sleep on the page
1120 		 * until it is no longer busy or released and repeat the lookup.
1121 		 * if the page we found is neither busy nor released, then we
1122 		 * busy it (so we own it) and plug it into pps[lcv].   this
1123 		 * 'break's the following while loop and indicates we are
1124 		 * ready to move on to the next page in the "lcv" loop above.
1125  		 *
1126  		 * if we exit the while loop with pps[lcv] still set to NULL,
1127 		 * then it means that we allocated a new busy/fake/clean page
1128 		 * ptmp in the object and we need to do I/O to fill in the data.
1129  		 */
1130 
1131 		/* top of "pps" while loop */
1132 		while (pps[lcv] == NULL) {
1133 			/* look for a resident page */
1134 			ptmp = uvm_pagelookup(uobj, current_offset);
1135 
1136 			/* not resident?   allocate one now (if we can) */
1137 			if (ptmp == NULL) {
1138 
1139 				ptmp = uvm_pagealloc(uobj, current_offset,
1140 				    NULL, 0);
1141 
1142 				/* out of RAM? */
1143 				if (ptmp == NULL) {
1144 					uvm_wait("uao_getpage");
1145 					/* goto top of pps while loop */
1146 					continue;
1147 				}
1148 
1149 				/*
1150 				 * safe with PQ's unlocked: because we just
1151 				 * alloc'd the page
1152 				 */
1153 				atomic_setbits_int(&ptmp->pg_flags, PQ_AOBJ);
1154 
1155 				/*
1156 				 * got new page ready for I/O.  break pps while
1157 				 * loop.  pps[lcv] is still NULL.
1158 				 */
1159 				break;
1160 			}
1161 
1162 			/* page is there, see if we need to wait on it */
1163 			if ((ptmp->pg_flags & PG_BUSY) != 0) {
1164 				atomic_setbits_int(&ptmp->pg_flags, PG_WANTED);
1165 				UVM_WAIT(ptmp, FALSE, "uao_get", 0);
1166 				continue;	/* goto top of pps while loop */
1167 			}
1168 
1169 			/*
1170  			 * if we get here then the page has become resident and
1171 			 * unbusy between steps 1 and 2.  we busy it now (so we
1172 			 * own it) and set pps[lcv] (so that we exit the while
1173 			 * loop).
1174  			 */
1175 			/* we own it, caller must un-busy */
1176 			atomic_setbits_int(&ptmp->pg_flags, PG_BUSY);
1177 			UVM_PAGE_OWN(ptmp, "uao_get2");
1178 			pps[lcv] = ptmp;
1179 		}
1180 
1181 		/*
1182  		 * if we own the valid page at the correct offset, pps[lcv] will
1183  		 * point to it.   nothing more to do except go to the next page.
1184  		 */
1185 		if (pps[lcv])
1186 			continue;			/* next lcv */
1187 
1188 		/*
1189  		 * we have a "fake/busy/clean" page that we just allocated.
1190  		 * do the needed "i/o", either reading from swap or zeroing.
1191  		 */
1192 		swslot = uao_find_swslot(aobj, pageidx);
1193 
1194 		/* just zero the page if there's nothing in swap.  */
1195 		if (swslot == 0) {
1196 			/* page hasn't existed before, just zero it. */
1197 			uvm_pagezero(ptmp);
1198 		} else {
1199 			/* page in the swapped-out page. */
1200 			rv = uvm_swap_get(ptmp, swslot, PGO_SYNCIO);
1201 
1202 			/* I/O done.  check for errors. */
1203 			if (rv != VM_PAGER_OK) {
1204 				/*
1205 				 * remove the swap slot from the aobj
1206 				 * and mark the aobj as having no real slot.
1207 				 * don't free the swap slot, thus preventing
1208 				 * it from being used again.
1209 				 */
1210 				swslot = uao_set_swslot(&aobj->u_obj, pageidx,
1211 							SWSLOT_BAD);
1212 				uvm_swap_markbad(swslot, 1);
1213 
1214 				if (ptmp->pg_flags & PG_WANTED)
1215 					wakeup(ptmp);
1216 				atomic_clearbits_int(&ptmp->pg_flags,
1217 				    PG_WANTED|PG_BUSY);
1218 				UVM_PAGE_OWN(ptmp, NULL);
1219 				uvm_lock_pageq();
1220 				uvm_pagefree(ptmp);
1221 				uvm_unlock_pageq();
1222 
1223 				return (rv);
1224 			}
1225 		}
1226 
1227 		/*
1228  		 * we got the page!   clear the fake flag (indicates valid
1229 		 * data now in page) and plug into our result array.   note
1230 		 * that page is still busy.
1231  		 *
1232  		 * it is the callers job to:
1233  		 * => check if the page is released
1234  		 * => unbusy the page
1235  		 * => activate the page
1236  		 */
1237 
1238 		/* data is valid ... */
1239 		atomic_clearbits_int(&ptmp->pg_flags, PG_FAKE);
1240 		pmap_clear_modify(ptmp);		/* ... and clean */
1241 		pps[lcv] = ptmp;
1242 
1243 	}	/* lcv loop */
1244 
1245 	return(VM_PAGER_OK);
1246 }
1247 
1248 /*
1249  * uao_dropswap:  release any swap resources from this aobj page.
1250  */
1251 int
1252 uao_dropswap(struct uvm_object *uobj, int pageidx)
1253 {
1254 	int slot;
1255 
1256 	slot = uao_set_swslot(uobj, pageidx, 0);
1257 	if (slot) {
1258 		uvm_swap_free(slot, 1);
1259 	}
1260 	return (slot);
1261 }
1262 
1263 /*
1264  * page in every page in every aobj that is paged-out to a range of swslots.
1265  *
1266  * => returns TRUE if pagein was aborted due to lack of memory.
1267  */
1268 boolean_t
1269 uao_swap_off(int startslot, int endslot)
1270 {
1271 	struct uvm_aobj *aobj, *nextaobj, *prevaobj = NULL;
1272 
1273 	/* walk the list of all aobjs. */
1274 	mtx_enter(&uao_list_lock);
1275 
1276 	for (aobj = LIST_FIRST(&uao_list);
1277 	     aobj != NULL;
1278 	     aobj = nextaobj) {
1279 		boolean_t rv;
1280 
1281 		/*
1282 		 * add a ref to the aobj so it doesn't disappear
1283 		 * while we're working.
1284 		 */
1285 		uao_reference_locked(&aobj->u_obj);
1286 
1287 		/*
1288 		 * now it's safe to unlock the uao list.
1289 		 * note that lock interleaving is alright with IPL_NONE mutexes.
1290 		 */
1291 		mtx_leave(&uao_list_lock);
1292 
1293 		if (prevaobj) {
1294 			uao_detach_locked(&prevaobj->u_obj);
1295 			prevaobj = NULL;
1296 		}
1297 
1298 		/*
1299 		 * page in any pages in the swslot range.
1300 		 * if there's an error, abort and return the error.
1301 		 */
1302 		rv = uao_pagein(aobj, startslot, endslot);
1303 		if (rv) {
1304 			uao_detach_locked(&aobj->u_obj);
1305 			return rv;
1306 		}
1307 
1308 		/*
1309 		 * we're done with this aobj.
1310 		 * relock the list and drop our ref on the aobj.
1311 		 */
1312 		mtx_enter(&uao_list_lock);
1313 		nextaobj = LIST_NEXT(aobj, u_list);
1314 		/*
1315 		 * prevaobj means that we have an object that we need
1316 		 * to drop a reference for. We can't just drop it now with
1317 		 * the list locked since that could cause lock recursion in
1318 		 * the case where we reduce the refcount to 0. It will be
1319 		 * released the next time we drop the list lock.
1320 		 */
1321 		prevaobj = aobj;
1322 	}
1323 
1324 	/* done with traversal, unlock the list */
1325 	mtx_leave(&uao_list_lock);
1326 	if (prevaobj) {
1327 		uao_detach_locked(&prevaobj->u_obj);
1328 	}
1329 	return FALSE;
1330 }
1331 
1332 /*
1333  * page in any pages from aobj in the given range.
1334  *
1335  * => returns TRUE if pagein was aborted due to lack of memory.
1336  */
1337 static boolean_t
1338 uao_pagein(struct uvm_aobj *aobj, int startslot, int endslot)
1339 {
1340 	boolean_t rv;
1341 
1342 	if (aobj->u_pages > UAO_SWHASH_THRESHOLD) {
1343 		struct uao_swhash_elt *elt;
1344 		int bucket;
1345 
1346 restart:
1347 		for (bucket = aobj->u_swhashmask; bucket >= 0; bucket--) {
1348 			for (elt = LIST_FIRST(&aobj->u_swhash[bucket]);
1349 			     elt != NULL;
1350 			     elt = LIST_NEXT(elt, list)) {
1351 				int i;
1352 
1353 				for (i = 0; i < UAO_SWHASH_CLUSTER_SIZE; i++) {
1354 					int slot = elt->slots[i];
1355 
1356 					/* if slot isn't in range, skip it. */
1357 					if (slot < startslot ||
1358 					    slot >= endslot) {
1359 						continue;
1360 					}
1361 
1362 					/*
1363 					 * process the page,
1364 					 * the start over on this object
1365 					 * since the swhash elt
1366 					 * may have been freed.
1367 					 */
1368 					rv = uao_pagein_page(aobj,
1369 					  UAO_SWHASH_ELT_PAGEIDX_BASE(elt) + i);
1370 					if (rv) {
1371 						return rv;
1372 					}
1373 					goto restart;
1374 				}
1375 			}
1376 		}
1377 	} else {
1378 		int i;
1379 
1380 		for (i = 0; i < aobj->u_pages; i++) {
1381 			int slot = aobj->u_swslots[i];
1382 
1383 			/* if the slot isn't in range, skip it */
1384 			if (slot < startslot || slot >= endslot) {
1385 				continue;
1386 			}
1387 
1388 			/* process the page.  */
1389 			rv = uao_pagein_page(aobj, i);
1390 			if (rv) {
1391 				return rv;
1392 			}
1393 		}
1394 	}
1395 
1396 	return FALSE;
1397 }
1398 
1399 /*
1400  * page in a page from an aobj.  used for swap_off.
1401  * returns TRUE if pagein was aborted due to lack of memory.
1402  */
1403 static boolean_t
1404 uao_pagein_page(struct uvm_aobj *aobj, int pageidx)
1405 {
1406 	struct vm_page *pg;
1407 	int rv, slot, npages;
1408 
1409 	pg = NULL;
1410 	npages = 1;
1411 	rv = uao_get(&aobj->u_obj, (voff_t)pageidx << PAGE_SHIFT,
1412 		     &pg, &npages, 0, VM_PROT_READ|VM_PROT_WRITE, 0, 0);
1413 
1414 	switch (rv) {
1415 	case VM_PAGER_OK:
1416 		break;
1417 
1418 	case VM_PAGER_ERROR:
1419 	case VM_PAGER_REFAULT:
1420 		/*
1421 		 * nothing more to do on errors.
1422 		 * VM_PAGER_REFAULT can only mean that the anon was freed,
1423 		 * so again there's nothing to do.
1424 		 */
1425 		return FALSE;
1426 	}
1427 
1428 	/*
1429 	 * ok, we've got the page now.
1430 	 * mark it as dirty, clear its swslot and un-busy it.
1431 	 */
1432 	slot = uao_set_swslot(&aobj->u_obj, pageidx, 0);
1433 	uvm_swap_free(slot, 1);
1434 	atomic_clearbits_int(&pg->pg_flags, PG_BUSY|PG_CLEAN|PG_FAKE);
1435 	UVM_PAGE_OWN(pg, NULL);
1436 
1437 	/* deactivate the page (to put it on a page queue). */
1438 	pmap_clear_reference(pg);
1439 	uvm_lock_pageq();
1440 	uvm_pagedeactivate(pg);
1441 	uvm_unlock_pageq();
1442 
1443 	return FALSE;
1444 }
1445 
1446 /*
1447  * XXX pedro: Once we are comfortable enough with this function, we can adapt
1448  * uao_free() to use it.
1449  *
1450  * uao_dropswap_range: drop swapslots in the range.
1451  *
1452  * => aobj must be locked and is returned locked.
1453  * => start is inclusive.  end is exclusive.
1454  */
1455 void
1456 uao_dropswap_range(struct uvm_object *uobj, voff_t start, voff_t end)
1457 {
1458 	struct uvm_aobj *aobj = (struct uvm_aobj *)uobj;
1459 	int swpgonlydelta = 0;
1460 
1461 	/* KASSERT(mutex_owned(uobj->vmobjlock)); */
1462 
1463 	if (end == 0) {
1464 		end = INT64_MAX;
1465 	}
1466 
1467 	if (aobj->u_pages > UAO_SWHASH_THRESHOLD) {
1468 		int i, hashbuckets = aobj->u_swhashmask + 1;
1469 		voff_t taghi;
1470 		voff_t taglo;
1471 
1472 		taglo = UAO_SWHASH_ELT_TAG(start);
1473 		taghi = UAO_SWHASH_ELT_TAG(end);
1474 
1475 		for (i = 0; i < hashbuckets; i++) {
1476 			struct uao_swhash_elt *elt, *next;
1477 
1478 			for (elt = LIST_FIRST(&aobj->u_swhash[i]);
1479 			     elt != NULL;
1480 			     elt = next) {
1481 				int startidx, endidx;
1482 				int j;
1483 
1484 				next = LIST_NEXT(elt, list);
1485 
1486 				if (elt->tag < taglo || taghi < elt->tag) {
1487 					continue;
1488 				}
1489 
1490 				if (elt->tag == taglo) {
1491 					startidx =
1492 					    UAO_SWHASH_ELT_PAGESLOT_IDX(start);
1493 				} else {
1494 					startidx = 0;
1495 				}
1496 
1497 				if (elt->tag == taghi) {
1498 					endidx =
1499 					    UAO_SWHASH_ELT_PAGESLOT_IDX(end);
1500 				} else {
1501 					endidx = UAO_SWHASH_CLUSTER_SIZE;
1502 				}
1503 
1504 				for (j = startidx; j < endidx; j++) {
1505 					int slot = elt->slots[j];
1506 
1507 					KASSERT(uvm_pagelookup(&aobj->u_obj,
1508 					    (voff_t)(UAO_SWHASH_ELT_PAGEIDX_BASE(elt)
1509 					    + j) << PAGE_SHIFT) == NULL);
1510 
1511 					if (slot > 0) {
1512 						uvm_swap_free(slot, 1);
1513 						swpgonlydelta++;
1514 						KASSERT(elt->count > 0);
1515 						elt->slots[j] = 0;
1516 						elt->count--;
1517 					}
1518 				}
1519 
1520 				if (elt->count == 0) {
1521 					LIST_REMOVE(elt, list);
1522 					pool_put(&uao_swhash_elt_pool, elt);
1523 				}
1524 			}
1525 		}
1526 	} else {
1527 		int i;
1528 
1529 		if (aobj->u_pages < end) {
1530 			end = aobj->u_pages;
1531 		}
1532 		for (i = start; i < end; i++) {
1533 			int slot = aobj->u_swslots[i];
1534 
1535 			if (slot > 0) {
1536 				uvm_swap_free(slot, 1);
1537 				swpgonlydelta++;
1538 			}
1539 		}
1540 	}
1541 
1542 	/*
1543 	 * adjust the counter of pages only in swap for all
1544 	 * the swap slots we've freed.
1545 	 */
1546 	if (swpgonlydelta > 0) {
1547 		simple_lock(&uvm.swap_data_lock);
1548 		KASSERT(uvmexp.swpgonly >= swpgonlydelta);
1549 		uvmexp.swpgonly -= swpgonlydelta;
1550 		simple_unlock(&uvm.swap_data_lock);
1551 	}
1552 }
1553