]>
Commit | Line | Data |
---|---|---|
2874c5fd | 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
25d21ad6 | 2 | /* |
6c504d42 | 3 | * Low level TLB miss handlers for Book3E |
25d21ad6 BH |
4 | * |
5 | * Copyright (C) 2008-2009 | |
6 | * Ben. Herrenschmidt (benh@kernel.crashing.org), IBM Corp. | |
25d21ad6 BH |
7 | */ |
8 | ||
9 | #include <asm/processor.h> | |
10 | #include <asm/reg.h> | |
11 | #include <asm/page.h> | |
12 | #include <asm/mmu.h> | |
13 | #include <asm/ppc_asm.h> | |
14 | #include <asm/asm-offsets.h> | |
15 | #include <asm/cputable.h> | |
16 | #include <asm/pgtable.h> | |
25d21ad6 BH |
17 | #include <asm/exception-64e.h> |
18 | #include <asm/ppc-opcode.h> | |
fecff0f7 MC |
19 | #include <asm/kvm_asm.h> |
20 | #include <asm/kvm_booke_hv_asm.h> | |
2c86cd18 | 21 | #include <asm/feature-fixups.h> |
25d21ad6 | 22 | |
25d21ad6 | 23 | #define VPTE_PMD_SHIFT (PTE_INDEX_SIZE) |
25d21ad6 BH |
24 | #define VPTE_PUD_SHIFT (VPTE_PMD_SHIFT + PMD_INDEX_SIZE) |
25 | #define VPTE_PGD_SHIFT (VPTE_PUD_SHIFT + PUD_INDEX_SIZE) | |
26 | #define VPTE_INDEX_SIZE (VPTE_PGD_SHIFT + PGD_INDEX_SIZE) | |
27 | ||
f67f4ef5 SW |
28 | /********************************************************************** |
29 | * * | |
30 | * TLB miss handling for Book3E with a bolted linear mapping * | |
31 | * No virtual page table, no nested TLB misses * | |
32 | * * | |
33 | **********************************************************************/ | |
34 | ||
a3dc6207 SW |
35 | /* |
36 | * Note that, unlike non-bolted handlers, TLB_EXFRAME is not | |
37 | * modified by the TLB miss handlers themselves, since the TLB miss | |
38 | * handler code will not itself cause a recursive TLB miss. | |
39 | * | |
40 | * TLB_EXFRAME will be modified when crit/mc/debug exceptions are | |
41 | * entered/exited. | |
42 | */ | |
fecff0f7 | 43 | .macro tlb_prolog_bolted intnum addr |
a3dc6207 SW |
44 | mtspr SPRN_SPRG_GEN_SCRATCH,r12 |
45 | mfspr r12,SPRN_SPRG_TLB_EXFRAME | |
46 | std r13,EX_TLB_R13(r12) | |
47 | std r10,EX_TLB_R10(r12) | |
f67f4ef5 | 48 | mfspr r13,SPRN_SPRG_PACA |
a3dc6207 | 49 | |
f67f4ef5 | 50 | mfcr r10 |
a3dc6207 | 51 | std r11,EX_TLB_R11(r12) |
fecff0f7 MC |
52 | #ifdef CONFIG_KVM_BOOKE_HV |
53 | BEGIN_FTR_SECTION | |
54 | mfspr r11, SPRN_SRR1 | |
55 | END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV) | |
56 | #endif | |
57 | DO_KVM \intnum, SPRN_SRR1 | |
a3dc6207 | 58 | std r16,EX_TLB_R16(r12) |
f67f4ef5 | 59 | mfspr r16,\addr /* get faulting address */ |
a3dc6207 | 60 | std r14,EX_TLB_R14(r12) |
f67f4ef5 | 61 | ld r14,PACAPGD(r13) |
a3dc6207 SW |
62 | std r15,EX_TLB_R15(r12) |
63 | std r10,EX_TLB_CR(r12) | |
e1f580e8 | 64 | #ifdef CONFIG_PPC_FSL_BOOK3E |
10c5e83a DC |
65 | START_BTB_FLUSH_SECTION |
66 | mfspr r11, SPRN_SRR1 | |
67 | andi. r10,r11,MSR_PR | |
68 | beq 1f | |
69 | BTB_FLUSH(r10) | |
70 | 1: | |
71 | END_BTB_FLUSH_SECTION | |
e1f580e8 KH |
72 | std r7,EX_TLB_R7(r12) |
73 | #endif | |
a3dc6207 | 74 | TLB_MISS_PROLOG_STATS |
f67f4ef5 SW |
75 | .endm |
76 | ||
77 | .macro tlb_epilog_bolted | |
a3dc6207 | 78 | ld r14,EX_TLB_CR(r12) |
e1f580e8 KH |
79 | #ifdef CONFIG_PPC_FSL_BOOK3E |
80 | ld r7,EX_TLB_R7(r12) | |
81 | #endif | |
a3dc6207 SW |
82 | ld r10,EX_TLB_R10(r12) |
83 | ld r11,EX_TLB_R11(r12) | |
84 | ld r13,EX_TLB_R13(r12) | |
f67f4ef5 | 85 | mtcr r14 |
a3dc6207 SW |
86 | ld r14,EX_TLB_R14(r12) |
87 | ld r15,EX_TLB_R15(r12) | |
88 | TLB_MISS_RESTORE_STATS | |
89 | ld r16,EX_TLB_R16(r12) | |
90 | mfspr r12,SPRN_SPRG_GEN_SCRATCH | |
f67f4ef5 SW |
91 | .endm |
92 | ||
93 | /* Data TLB miss */ | |
94 | START_EXCEPTION(data_tlb_miss_bolted) | |
fecff0f7 | 95 | tlb_prolog_bolted BOOKE_INTERRUPT_DTLB_MISS SPRN_DEAR |
f67f4ef5 SW |
96 | |
97 | /* We need _PAGE_PRESENT and _PAGE_ACCESSED set */ | |
98 | ||
99 | /* We do the user/kernel test for the PID here along with the RW test | |
100 | */ | |
101 | /* We pre-test some combination of permissions to avoid double | |
102 | * faults: | |
103 | * | |
104 | * We move the ESR:ST bit into the position of _PAGE_BAP_SW in the PTE | |
105 | * ESR_ST is 0x00800000 | |
106 | * _PAGE_BAP_SW is 0x00000010 | |
107 | * So the shift is >> 19. This tests for supervisor writeability. | |
108 | * If the page happens to be supervisor writeable and not user | |
109 | * writeable, we will take a new fault later, but that should be | |
110 | * a rare enough case. | |
111 | * | |
112 | * We also move ESR_ST in _PAGE_DIRTY position | |
113 | * _PAGE_DIRTY is 0x00001000 so the shift is >> 11 | |
114 | * | |
115 | * MAS1 is preset for all we need except for TID that needs to | |
116 | * be cleared for kernel translations | |
117 | */ | |
118 | ||
119 | mfspr r11,SPRN_ESR | |
120 | ||
121 | srdi r15,r16,60 /* get region */ | |
122 | rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4 | |
27609a42 | 123 | bne- dtlb_miss_fault_bolted /* Bail if fault addr is invalid */ |
f67f4ef5 SW |
124 | |
125 | rlwinm r10,r11,32-19,27,27 | |
126 | rlwimi r10,r11,32-16,19,19 | |
27609a42 | 127 | cmpwi r15,0 /* user vs kernel check */ |
f67f4ef5 SW |
128 | ori r10,r10,_PAGE_PRESENT |
129 | oris r11,r10,_PAGE_ACCESSED@h | |
130 | ||
131 | TLB_MISS_STATS_SAVE_INFO_BOLTED | |
132 | bne tlb_miss_kernel_bolted | |
133 | ||
134 | tlb_miss_common_bolted: | |
135 | /* | |
136 | * This is the guts of the TLB miss handler for bolted-linear. | |
137 | * We are entered with: | |
138 | * | |
139 | * r16 = faulting address | |
140 | * r15 = crap (free to use) | |
141 | * r14 = page table base | |
142 | * r13 = PACA | |
143 | * r11 = PTE permission mask | |
144 | * r10 = crap (free to use) | |
145 | */ | |
146 | rldicl r15,r16,64-PGDIR_SHIFT+3,64-PGD_INDEX_SIZE-3 | |
147 | cmpldi cr0,r14,0 | |
148 | clrrdi r15,r15,3 | |
27609a42 | 149 | beq tlb_miss_fault_bolted /* No PGDIR, bail */ |
f67f4ef5 SW |
150 | |
151 | BEGIN_MMU_FTR_SECTION | |
152 | /* Set the TLB reservation and search for existing entry. Then load | |
153 | * the entry. | |
154 | */ | |
962cffbd | 155 | PPC_TLBSRX_DOT(0,R16) |
27609a42 | 156 | ldx r14,r14,r15 /* grab pgd entry */ |
1149e8a7 | 157 | beq tlb_miss_done_bolted /* tlb exists already, bail */ |
f67f4ef5 | 158 | MMU_FTR_SECTION_ELSE |
27609a42 | 159 | ldx r14,r14,r15 /* grab pgd entry */ |
f67f4ef5 SW |
160 | ALT_MMU_FTR_SECTION_END_IFSET(MMU_FTR_USE_TLBRSRV) |
161 | ||
f67f4ef5 SW |
162 | rldicl r15,r16,64-PUD_SHIFT+3,64-PUD_INDEX_SIZE-3 |
163 | clrrdi r15,r15,3 | |
d1b9b128 BB |
164 | cmpdi cr0,r14,0 |
165 | bge tlb_miss_fault_bolted /* Bad pgd entry or hugepage; bail */ | |
27609a42 | 166 | ldx r14,r14,r15 /* grab pud entry */ |
f67f4ef5 SW |
167 | |
168 | rldicl r15,r16,64-PMD_SHIFT+3,64-PMD_INDEX_SIZE-3 | |
169 | clrrdi r15,r15,3 | |
d1b9b128 BB |
170 | cmpdi cr0,r14,0 |
171 | bge tlb_miss_fault_bolted | |
27609a42 | 172 | ldx r14,r14,r15 /* Grab pmd entry */ |
f67f4ef5 SW |
173 | |
174 | rldicl r15,r16,64-PAGE_SHIFT+3,64-PTE_INDEX_SIZE-3 | |
175 | clrrdi r15,r15,3 | |
d1b9b128 BB |
176 | cmpdi cr0,r14,0 |
177 | bge tlb_miss_fault_bolted | |
178 | ldx r14,r14,r15 /* Grab PTE, normal (!huge) page */ | |
f67f4ef5 SW |
179 | |
180 | /* Check if required permissions are met */ | |
181 | andc. r15,r11,r14 | |
182 | rldicr r15,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT | |
183 | bne- tlb_miss_fault_bolted | |
184 | ||
185 | /* Now we build the MAS: | |
186 | * | |
187 | * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG | |
188 | * MAS 1 : Almost fully setup | |
189 | * - PID already updated by caller if necessary | |
190 | * - TSIZE need change if !base page size, not | |
191 | * yet implemented for now | |
192 | * MAS 2 : Defaults not useful, need to be redone | |
193 | * MAS 3+7 : Needs to be done | |
194 | */ | |
195 | clrrdi r11,r16,12 /* Clear low crap in EA */ | |
196 | clrldi r15,r15,12 /* Clear crap at the top */ | |
197 | rlwimi r11,r14,32-19,27,31 /* Insert WIMGE */ | |
198 | rlwimi r15,r14,32-8,22,25 /* Move in U bits */ | |
199 | mtspr SPRN_MAS2,r11 | |
200 | andi. r11,r14,_PAGE_DIRTY | |
201 | rlwimi r15,r14,32-2,26,31 /* Move in BAP bits */ | |
202 | ||
203 | /* Mask out SW and UW if !DIRTY (XXX optimize this !) */ | |
204 | bne 1f | |
205 | li r11,MAS3_SW|MAS3_UW | |
206 | andc r15,r15,r11 | |
207 | 1: | |
208 | mtspr SPRN_MAS7_MAS3,r15 | |
209 | tlbwe | |
210 | ||
1149e8a7 | 211 | tlb_miss_done_bolted: |
f67f4ef5 SW |
212 | TLB_MISS_STATS_X(MMSTAT_TLB_MISS_NORM_OK) |
213 | tlb_epilog_bolted | |
214 | rfi | |
215 | ||
216 | itlb_miss_kernel_bolted: | |
217 | li r11,_PAGE_PRESENT|_PAGE_BAP_SX /* Base perm */ | |
218 | oris r11,r11,_PAGE_ACCESSED@h | |
219 | tlb_miss_kernel_bolted: | |
220 | mfspr r10,SPRN_MAS1 | |
221 | ld r14,PACA_KERNELPGD(r13) | |
222 | cmpldi cr0,r15,8 /* Check for vmalloc region */ | |
223 | rlwinm r10,r10,0,16,1 /* Clear TID */ | |
224 | mtspr SPRN_MAS1,r10 | |
225 | beq+ tlb_miss_common_bolted | |
226 | ||
227 | tlb_miss_fault_bolted: | |
228 | /* We need to check if it was an instruction miss */ | |
229 | andi. r10,r11,_PAGE_EXEC|_PAGE_BAP_SX | |
230 | bne itlb_miss_fault_bolted | |
231 | dtlb_miss_fault_bolted: | |
232 | TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT) | |
233 | tlb_epilog_bolted | |
234 | b exc_data_storage_book3e | |
235 | itlb_miss_fault_bolted: | |
236 | TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT) | |
237 | tlb_epilog_bolted | |
238 | b exc_instruction_storage_book3e | |
239 | ||
240 | /* Instruction TLB miss */ | |
241 | START_EXCEPTION(instruction_tlb_miss_bolted) | |
fecff0f7 | 242 | tlb_prolog_bolted BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR0 |
f67f4ef5 SW |
243 | |
244 | rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4 | |
245 | srdi r15,r16,60 /* get region */ | |
246 | TLB_MISS_STATS_SAVE_INFO_BOLTED | |
247 | bne- itlb_miss_fault_bolted | |
248 | ||
249 | li r11,_PAGE_PRESENT|_PAGE_EXEC /* Base perm */ | |
250 | ||
251 | /* We do the user/kernel test for the PID here along with the RW test | |
252 | */ | |
253 | ||
254 | cmpldi cr0,r15,0 /* Check for user region */ | |
255 | oris r11,r11,_PAGE_ACCESSED@h | |
256 | beq tlb_miss_common_bolted | |
257 | b itlb_miss_kernel_bolted | |
25d21ad6 | 258 | |
9841c79c | 259 | #ifdef CONFIG_PPC_FSL_BOOK3E |
28efc35f SW |
260 | /* |
261 | * TLB miss handling for e6500 and derivatives, using hardware tablewalk. | |
262 | * | |
263 | * Linear mapping is bolted: no virtual page table or nested TLB misses | |
264 | * Indirect entries in TLB1, hardware loads resulting direct entries | |
265 | * into TLB0 | |
266 | * No HES or NV hint on TLB1, so we need to do software round-robin | |
267 | * No tlbsrx. so we need a spinlock, and we have to deal | |
268 | * with MAS-damage caused by tlbsx | |
269 | * 4K pages only | |
270 | */ | |
271 | ||
272 | START_EXCEPTION(instruction_tlb_miss_e6500) | |
273 | tlb_prolog_bolted BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR0 | |
274 | ||
275 | ld r11,PACA_TCD_PTR(r13) | |
276 | srdi. r15,r16,60 /* get region */ | |
277 | ori r16,r16,1 | |
278 | ||
279 | TLB_MISS_STATS_SAVE_INFO_BOLTED | |
280 | bne tlb_miss_kernel_e6500 /* user/kernel test */ | |
281 | ||
282 | b tlb_miss_common_e6500 | |
283 | ||
284 | START_EXCEPTION(data_tlb_miss_e6500) | |
285 | tlb_prolog_bolted BOOKE_INTERRUPT_DTLB_MISS SPRN_DEAR | |
286 | ||
287 | ld r11,PACA_TCD_PTR(r13) | |
288 | srdi. r15,r16,60 /* get region */ | |
289 | rldicr r16,r16,0,62 | |
290 | ||
291 | TLB_MISS_STATS_SAVE_INFO_BOLTED | |
292 | bne tlb_miss_kernel_e6500 /* user vs kernel check */ | |
293 | ||
294 | /* | |
295 | * This is the guts of the TLB miss handler for e6500 and derivatives. | |
296 | * We are entered with: | |
297 | * | |
298 | * r16 = page of faulting address (low bit 0 if data, 1 if instruction) | |
299 | * r15 = crap (free to use) | |
300 | * r14 = page table base | |
301 | * r13 = PACA | |
302 | * r11 = tlb_per_core ptr | |
1cb4ed92 | 303 | * r10 = crap (free to use) |
e1f580e8 | 304 | * r7 = esel_next |
28efc35f SW |
305 | */ |
306 | tlb_miss_common_e6500: | |
48cd9b5d SW |
307 | crmove cr2*4+2,cr0*4+2 /* cr2.eq != 0 if kernel address */ |
308 | ||
309 | BEGIN_FTR_SECTION /* CPU_FTR_SMT */ | |
28efc35f SW |
310 | /* |
311 | * Search if we already have an indirect entry for that virtual | |
312 | * address, and if we do, bail out. | |
313 | * | |
314 | * MAS6:IND should be already set based on MAS4 | |
315 | */ | |
82d86de2 | 316 | lhz r10,PACAPACAINDEX(r13) |
1cb4ed92 | 317 | addi r10,r10,1 |
69399ee9 KH |
318 | crclr cr1*4+eq /* set cr1.eq = 0 for non-recursive */ |
319 | 1: lbarx r15,0,r11 | |
320 | cmpdi r15,0 | |
28efc35f | 321 | bne 2f |
82d86de2 | 322 | stbcx. r10,0,r11 |
28efc35f | 323 | bne 1b |
82d86de2 | 324 | 3: |
28efc35f | 325 | .subsection 1 |
82d86de2 SW |
326 | 2: cmpd cr1,r15,r10 /* recursive lock due to mcheck/crit/etc? */ |
327 | beq cr1,3b /* unlock will happen if cr1.eq = 0 */ | |
69399ee9 | 328 | 10: lbz r15,0(r11) |
28efc35f | 329 | cmpdi r15,0 |
69399ee9 | 330 | bne 10b |
28efc35f SW |
331 | b 1b |
332 | .previous | |
e1f580e8 KH |
333 | END_FTR_SECTION_IFSET(CPU_FTR_SMT) |
334 | ||
335 | lbz r7,TCD_ESEL_NEXT(r11) | |
28efc35f | 336 | |
e1f580e8 | 337 | BEGIN_FTR_SECTION /* CPU_FTR_SMT */ |
48cd9b5d SW |
338 | /* |
339 | * Erratum A-008139 says that we can't use tlbwe to change | |
340 | * an indirect entry in any way (including replacing or | |
341 | * invalidating) if the other thread could be in the process | |
342 | * of a lookup. The workaround is to invalidate the entry | |
343 | * with tlbilx before overwriting. | |
344 | */ | |
345 | ||
e1f580e8 | 346 | rlwinm r10,r7,16,0xff0000 |
48cd9b5d SW |
347 | oris r10,r10,MAS0_TLBSEL(1)@h |
348 | mtspr SPRN_MAS0,r10 | |
349 | isync | |
350 | tlbre | |
bbd08c72 | 351 | mfspr r15,SPRN_MAS1 |
48cd9b5d SW |
352 | andis. r15,r15,MAS1_VALID@h |
353 | beq 5f | |
354 | ||
355 | BEGIN_FTR_SECTION_NESTED(532) | |
356 | mfspr r10,SPRN_MAS8 | |
357 | rlwinm r10,r10,0,0x80000fff /* tgs,tlpid -> sgs,slpid */ | |
358 | mtspr SPRN_MAS5,r10 | |
359 | END_FTR_SECTION_NESTED(CPU_FTR_EMB_HV,CPU_FTR_EMB_HV,532) | |
28efc35f | 360 | |
28efc35f | 361 | mfspr r10,SPRN_MAS1 |
48cd9b5d SW |
362 | rlwinm r15,r10,0,0x3fff0000 /* tid -> spid */ |
363 | rlwimi r15,r10,20,0x00000003 /* ind,ts -> sind,sas */ | |
364 | mfspr r10,SPRN_MAS6 | |
365 | mtspr SPRN_MAS6,r15 | |
366 | ||
367 | mfspr r15,SPRN_MAS2 | |
368 | isync | |
369 | tlbilxva 0,r15 | |
370 | isync | |
bbd08c72 | 371 | |
48cd9b5d SW |
372 | mtspr SPRN_MAS6,r10 |
373 | ||
374 | 5: | |
375 | BEGIN_FTR_SECTION_NESTED(532) | |
376 | li r10,0 | |
377 | mtspr SPRN_MAS8,r10 | |
378 | mtspr SPRN_MAS5,r10 | |
379 | END_FTR_SECTION_NESTED(CPU_FTR_EMB_HV,CPU_FTR_EMB_HV,532) | |
380 | ||
381 | tlbsx 0,r16 | |
382 | mfspr r10,SPRN_MAS1 | |
383 | andis. r15,r10,MAS1_VALID@h | |
28efc35f | 384 | bne tlb_miss_done_e6500 |
48cd9b5d SW |
385 | FTR_SECTION_ELSE |
386 | mfspr r10,SPRN_MAS1 | |
387 | ALT_FTR_SECTION_END_IFSET(CPU_FTR_SMT) | |
388 | ||
389 | oris r10,r10,MAS1_VALID@h | |
390 | beq cr2,4f | |
391 | rlwinm r10,r10,0,16,1 /* Clear TID */ | |
392 | 4: mtspr SPRN_MAS1,r10 | |
28efc35f | 393 | |
28efc35f SW |
394 | /* Now, we need to walk the page tables. First check if we are in |
395 | * range. | |
396 | */ | |
397 | rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4 | |
398 | bne- tlb_miss_fault_e6500 | |
399 | ||
400 | rldicl r15,r16,64-PGDIR_SHIFT+3,64-PGD_INDEX_SIZE-3 | |
401 | cmpldi cr0,r14,0 | |
402 | clrrdi r15,r15,3 | |
403 | beq- tlb_miss_fault_e6500 /* No PGDIR, bail */ | |
404 | ldx r14,r14,r15 /* grab pgd entry */ | |
405 | ||
406 | rldicl r15,r16,64-PUD_SHIFT+3,64-PUD_INDEX_SIZE-3 | |
407 | clrrdi r15,r15,3 | |
408 | cmpdi cr0,r14,0 | |
c89ca8ab | 409 | bge tlb_miss_huge_e6500 /* Bad pgd entry or hugepage; bail */ |
28efc35f SW |
410 | ldx r14,r14,r15 /* grab pud entry */ |
411 | ||
412 | rldicl r15,r16,64-PMD_SHIFT+3,64-PMD_INDEX_SIZE-3 | |
413 | clrrdi r15,r15,3 | |
414 | cmpdi cr0,r14,0 | |
c89ca8ab | 415 | bge tlb_miss_huge_e6500 |
28efc35f SW |
416 | ldx r14,r14,r15 /* Grab pmd entry */ |
417 | ||
418 | mfspr r10,SPRN_MAS0 | |
419 | cmpdi cr0,r14,0 | |
c89ca8ab | 420 | bge tlb_miss_huge_e6500 |
28efc35f SW |
421 | |
422 | /* Now we build the MAS for a 2M indirect page: | |
423 | * | |
424 | * MAS 0 : ESEL needs to be filled by software round-robin | |
425 | * MAS 1 : Fully set up | |
426 | * - PID already updated by caller if necessary | |
427 | * - TSIZE for now is base ind page size always | |
428 | * - TID already cleared if necessary | |
429 | * MAS 2 : Default not 2M-aligned, need to be redone | |
430 | * MAS 3+7 : Needs to be done | |
431 | */ | |
432 | ||
433 | ori r14,r14,(BOOK3E_PAGESZ_4K << MAS3_SPSIZE_SHIFT) | |
434 | mtspr SPRN_MAS7_MAS3,r14 | |
435 | ||
436 | clrrdi r15,r16,21 /* make EA 2M-aligned */ | |
437 | mtspr SPRN_MAS2,r15 | |
438 | ||
c89ca8ab | 439 | tlb_miss_huge_done_e6500: |
28efc35f SW |
440 | lbz r16,TCD_ESEL_MAX(r11) |
441 | lbz r14,TCD_ESEL_FIRST(r11) | |
e1f580e8 KH |
442 | rlwimi r10,r7,16,0x00ff0000 /* insert esel_next into MAS0 */ |
443 | addi r7,r7,1 /* increment esel_next */ | |
28efc35f | 444 | mtspr SPRN_MAS0,r10 |
e1f580e8 KH |
445 | cmpw r7,r16 |
446 | iseleq r7,r14,r7 /* if next == last use first */ | |
447 | stb r7,TCD_ESEL_NEXT(r11) | |
28efc35f SW |
448 | |
449 | tlbwe | |
450 | ||
451 | tlb_miss_done_e6500: | |
452 | .macro tlb_unlock_e6500 | |
7c480050 | 453 | BEGIN_FTR_SECTION |
82d86de2 | 454 | beq cr1,1f /* no unlock if lock was recursively grabbed */ |
28efc35f SW |
455 | li r15,0 |
456 | isync | |
82d86de2 SW |
457 | stb r15,0(r11) |
458 | 1: | |
7c480050 | 459 | END_FTR_SECTION_IFSET(CPU_FTR_SMT) |
28efc35f SW |
460 | .endm |
461 | ||
462 | tlb_unlock_e6500 | |
463 | TLB_MISS_STATS_X(MMSTAT_TLB_MISS_NORM_OK) | |
464 | tlb_epilog_bolted | |
465 | rfi | |
466 | ||
c89ca8ab SW |
467 | tlb_miss_huge_e6500: |
468 | beq tlb_miss_fault_e6500 | |
469 | li r10,1 | |
470 | andi. r15,r14,HUGEPD_SHIFT_MASK@l /* r15 = psize */ | |
471 | rldimi r14,r10,63,0 /* Set PD_HUGE */ | |
472 | xor r14,r14,r15 /* Clear size bits */ | |
473 | ldx r14,0,r14 | |
474 | ||
475 | /* | |
476 | * Now we build the MAS for a huge page. | |
477 | * | |
478 | * MAS 0 : ESEL needs to be filled by software round-robin | |
479 | * - can be handled by indirect code | |
480 | * MAS 1 : Need to clear IND and set TSIZE | |
481 | * MAS 2,3+7: Needs to be redone similar to non-tablewalk handler | |
482 | */ | |
483 | ||
484 | subi r15,r15,10 /* Convert psize to tsize */ | |
485 | mfspr r10,SPRN_MAS1 | |
486 | rlwinm r10,r10,0,~MAS1_IND | |
487 | rlwimi r10,r15,MAS1_TSIZE_SHIFT,MAS1_TSIZE_MASK | |
488 | mtspr SPRN_MAS1,r10 | |
489 | ||
490 | li r10,-0x400 | |
491 | sld r15,r10,r15 /* Generate mask based on size */ | |
492 | and r10,r16,r15 | |
493 | rldicr r15,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT | |
494 | rlwimi r10,r14,32-19,27,31 /* Insert WIMGE */ | |
495 | clrldi r15,r15,PAGE_SHIFT /* Clear crap at the top */ | |
496 | rlwimi r15,r14,32-8,22,25 /* Move in U bits */ | |
497 | mtspr SPRN_MAS2,r10 | |
498 | andi. r10,r14,_PAGE_DIRTY | |
499 | rlwimi r15,r14,32-2,26,31 /* Move in BAP bits */ | |
500 | ||
501 | /* Mask out SW and UW if !DIRTY (XXX optimize this !) */ | |
502 | bne 1f | |
503 | li r10,MAS3_SW|MAS3_UW | |
504 | andc r15,r15,r10 | |
505 | 1: | |
506 | mtspr SPRN_MAS7_MAS3,r15 | |
507 | ||
508 | mfspr r10,SPRN_MAS0 | |
509 | b tlb_miss_huge_done_e6500 | |
510 | ||
28efc35f | 511 | tlb_miss_kernel_e6500: |
28efc35f | 512 | ld r14,PACA_KERNELPGD(r13) |
48cd9b5d SW |
513 | cmpldi cr1,r15,8 /* Check for vmalloc region */ |
514 | beq+ cr1,tlb_miss_common_e6500 | |
28efc35f SW |
515 | |
516 | tlb_miss_fault_e6500: | |
517 | tlb_unlock_e6500 | |
518 | /* We need to check if it was an instruction miss */ | |
519 | andi. r16,r16,1 | |
520 | bne itlb_miss_fault_e6500 | |
521 | dtlb_miss_fault_e6500: | |
522 | TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT) | |
523 | tlb_epilog_bolted | |
524 | b exc_data_storage_book3e | |
525 | itlb_miss_fault_e6500: | |
526 | TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT) | |
527 | tlb_epilog_bolted | |
528 | b exc_instruction_storage_book3e | |
9841c79c | 529 | #endif /* CONFIG_PPC_FSL_BOOK3E */ |
28efc35f | 530 | |
25d21ad6 BH |
531 | /********************************************************************** |
532 | * * | |
533 | * TLB miss handling for Book3E with TLB reservation and HES support * | |
534 | * * | |
535 | **********************************************************************/ | |
536 | ||
537 | ||
538 | /* Data TLB miss */ | |
539 | START_EXCEPTION(data_tlb_miss) | |
540 | TLB_MISS_PROLOG | |
541 | ||
542 | /* Now we handle the fault proper. We only save DEAR in normal | |
543 | * fault case since that's the only interesting values here. | |
544 | * We could probably also optimize by not saving SRR0/1 in the | |
545 | * linear mapping case but I'll leave that for later | |
546 | */ | |
547 | mfspr r14,SPRN_ESR | |
548 | mfspr r16,SPRN_DEAR /* get faulting address */ | |
549 | srdi r15,r16,60 /* get region */ | |
550 | cmpldi cr0,r15,0xc /* linear mapping ? */ | |
551 | TLB_MISS_STATS_SAVE_INFO | |
552 | beq tlb_load_linear /* yes -> go to linear map load */ | |
553 | ||
554 | /* The page tables are mapped virtually linear. At this point, though, | |
555 | * we don't know whether we are trying to fault in a first level | |
556 | * virtual address or a virtual page table address. We can get that | |
557 | * from bit 0x1 of the region ID which we have set for a page table | |
558 | */ | |
559 | andi. r10,r15,0x1 | |
560 | bne- virt_page_table_tlb_miss | |
561 | ||
562 | std r14,EX_TLB_ESR(r12); /* save ESR */ | |
563 | std r16,EX_TLB_DEAR(r12); /* save DEAR */ | |
564 | ||
565 | /* We need _PAGE_PRESENT and _PAGE_ACCESSED set */ | |
566 | li r11,_PAGE_PRESENT | |
567 | oris r11,r11,_PAGE_ACCESSED@h | |
568 | ||
569 | /* We do the user/kernel test for the PID here along with the RW test | |
570 | */ | |
571 | cmpldi cr0,r15,0 /* Check for user region */ | |
572 | ||
573 | /* We pre-test some combination of permissions to avoid double | |
574 | * faults: | |
575 | * | |
576 | * We move the ESR:ST bit into the position of _PAGE_BAP_SW in the PTE | |
577 | * ESR_ST is 0x00800000 | |
578 | * _PAGE_BAP_SW is 0x00000010 | |
579 | * So the shift is >> 19. This tests for supervisor writeability. | |
580 | * If the page happens to be supervisor writeable and not user | |
581 | * writeable, we will take a new fault later, but that should be | |
582 | * a rare enough case. | |
583 | * | |
584 | * We also move ESR_ST in _PAGE_DIRTY position | |
585 | * _PAGE_DIRTY is 0x00001000 so the shift is >> 11 | |
586 | * | |
587 | * MAS1 is preset for all we need except for TID that needs to | |
588 | * be cleared for kernel translations | |
589 | */ | |
590 | rlwimi r11,r14,32-19,27,27 | |
591 | rlwimi r11,r14,32-16,19,19 | |
592 | beq normal_tlb_miss | |
593 | /* XXX replace the RMW cycles with immediate loads + writes */ | |
594 | 1: mfspr r10,SPRN_MAS1 | |
595 | cmpldi cr0,r15,8 /* Check for vmalloc region */ | |
596 | rlwinm r10,r10,0,16,1 /* Clear TID */ | |
597 | mtspr SPRN_MAS1,r10 | |
598 | beq+ normal_tlb_miss | |
599 | ||
600 | /* We got a crappy address, just fault with whatever DEAR and ESR | |
601 | * are here | |
602 | */ | |
603 | TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT) | |
604 | TLB_MISS_EPILOG_ERROR | |
605 | b exc_data_storage_book3e | |
606 | ||
607 | /* Instruction TLB miss */ | |
608 | START_EXCEPTION(instruction_tlb_miss) | |
609 | TLB_MISS_PROLOG | |
610 | ||
611 | /* If we take a recursive fault, the second level handler may need | |
612 | * to know whether we are handling a data or instruction fault in | |
613 | * order to get to the right store fault handler. We provide that | |
614 | * info by writing a crazy value in ESR in our exception frame | |
615 | */ | |
616 | li r14,-1 /* store to exception frame is done later */ | |
617 | ||
618 | /* Now we handle the fault proper. We only save DEAR in the non | |
619 | * linear mapping case since we know the linear mapping case will | |
620 | * not re-enter. We could indeed optimize and also not save SRR0/1 | |
621 | * in the linear mapping case but I'll leave that for later | |
622 | * | |
623 | * Faulting address is SRR0 which is already in r16 | |
624 | */ | |
625 | srdi r15,r16,60 /* get region */ | |
626 | cmpldi cr0,r15,0xc /* linear mapping ? */ | |
627 | TLB_MISS_STATS_SAVE_INFO | |
628 | beq tlb_load_linear /* yes -> go to linear map load */ | |
629 | ||
630 | /* We do the user/kernel test for the PID here along with the RW test | |
631 | */ | |
ea3cc330 | 632 | li r11,_PAGE_PRESENT|_PAGE_EXEC /* Base perm */ |
25d21ad6 BH |
633 | oris r11,r11,_PAGE_ACCESSED@h |
634 | ||
635 | cmpldi cr0,r15,0 /* Check for user region */ | |
636 | std r14,EX_TLB_ESR(r12) /* write crazy -1 to frame */ | |
637 | beq normal_tlb_miss | |
82ae5eaf KG |
638 | |
639 | li r11,_PAGE_PRESENT|_PAGE_BAP_SX /* Base perm */ | |
640 | oris r11,r11,_PAGE_ACCESSED@h | |
25d21ad6 | 641 | /* XXX replace the RMW cycles with immediate loads + writes */ |
82ae5eaf | 642 | mfspr r10,SPRN_MAS1 |
25d21ad6 BH |
643 | cmpldi cr0,r15,8 /* Check for vmalloc region */ |
644 | rlwinm r10,r10,0,16,1 /* Clear TID */ | |
645 | mtspr SPRN_MAS1,r10 | |
646 | beq+ normal_tlb_miss | |
647 | ||
648 | /* We got a crappy address, just fault */ | |
649 | TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT) | |
650 | TLB_MISS_EPILOG_ERROR | |
651 | b exc_instruction_storage_book3e | |
652 | ||
653 | /* | |
654 | * This is the guts of the first-level TLB miss handler for direct | |
655 | * misses. We are entered with: | |
656 | * | |
657 | * r16 = faulting address | |
658 | * r15 = region ID | |
659 | * r14 = crap (free to use) | |
660 | * r13 = PACA | |
661 | * r12 = TLB exception frame in PACA | |
662 | * r11 = PTE permission mask | |
663 | * r10 = crap (free to use) | |
664 | */ | |
665 | normal_tlb_miss: | |
666 | /* So we first construct the page table address. We do that by | |
667 | * shifting the bottom of the address (not the region ID) by | |
668 | * PAGE_SHIFT-3, clearing the bottom 3 bits (get a PTE ptr) and | |
669 | * or'ing the fourth high bit. | |
670 | * | |
671 | * NOTE: For 64K pages, we do things slightly differently in | |
672 | * order to handle the weird page table format used by linux | |
673 | */ | |
674 | ori r10,r15,0x1 | |
25d21ad6 | 675 | rldicl r14,r16,64-(PAGE_SHIFT-3),PAGE_SHIFT-3+4 |
25d21ad6 BH |
676 | sldi r15,r10,60 |
677 | clrrdi r14,r14,3 | |
678 | or r10,r15,r14 | |
679 | ||
df5d6ecf | 680 | BEGIN_MMU_FTR_SECTION |
25985edc | 681 | /* Set the TLB reservation and search for existing entry. Then load |
25d21ad6 BH |
682 | * the entry. |
683 | */ | |
962cffbd | 684 | PPC_TLBSRX_DOT(0,R16) |
25d21ad6 BH |
685 | ld r14,0(r10) |
686 | beq normal_tlb_miss_done | |
df5d6ecf KG |
687 | MMU_FTR_SECTION_ELSE |
688 | ld r14,0(r10) | |
689 | ALT_MMU_FTR_SECTION_END_IFSET(MMU_FTR_USE_TLBRSRV) | |
25d21ad6 BH |
690 | |
691 | finish_normal_tlb_miss: | |
692 | /* Check if required permissions are met */ | |
693 | andc. r15,r11,r14 | |
694 | bne- normal_tlb_miss_access_fault | |
695 | ||
696 | /* Now we build the MAS: | |
697 | * | |
698 | * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG | |
699 | * MAS 1 : Almost fully setup | |
700 | * - PID already updated by caller if necessary | |
701 | * - TSIZE need change if !base page size, not | |
702 | * yet implemented for now | |
703 | * MAS 2 : Defaults not useful, need to be redone | |
704 | * MAS 3+7 : Needs to be done | |
705 | * | |
706 | * TODO: mix up code below for better scheduling | |
707 | */ | |
708 | clrrdi r11,r16,12 /* Clear low crap in EA */ | |
709 | rlwimi r11,r14,32-19,27,31 /* Insert WIMGE */ | |
710 | mtspr SPRN_MAS2,r11 | |
711 | ||
712 | /* Check page size, if not standard, update MAS1 */ | |
713 | rldicl r11,r14,64-8,64-8 | |
25d21ad6 | 714 | cmpldi cr0,r11,BOOK3E_PAGESZ_4K |
25d21ad6 BH |
715 | beq- 1f |
716 | mfspr r11,SPRN_MAS1 | |
717 | rlwimi r11,r14,31,21,24 | |
718 | rlwinm r11,r11,0,21,19 | |
719 | mtspr SPRN_MAS1,r11 | |
720 | 1: | |
721 | /* Move RPN in position */ | |
722 | rldicr r11,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT | |
723 | clrldi r15,r11,12 /* Clear crap at the top */ | |
724 | rlwimi r15,r14,32-8,22,25 /* Move in U bits */ | |
725 | rlwimi r15,r14,32-2,26,31 /* Move in BAP bits */ | |
726 | ||
727 | /* Mask out SW and UW if !DIRTY (XXX optimize this !) */ | |
728 | andi. r11,r14,_PAGE_DIRTY | |
729 | bne 1f | |
730 | li r11,MAS3_SW|MAS3_UW | |
731 | andc r15,r15,r11 | |
df5d6ecf KG |
732 | 1: |
733 | BEGIN_MMU_FTR_SECTION | |
734 | srdi r16,r15,32 | |
735 | mtspr SPRN_MAS3,r15 | |
736 | mtspr SPRN_MAS7,r16 | |
737 | MMU_FTR_SECTION_ELSE | |
738 | mtspr SPRN_MAS7_MAS3,r15 | |
739 | ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) | |
25d21ad6 BH |
740 | |
741 | tlbwe | |
742 | ||
743 | normal_tlb_miss_done: | |
744 | /* We don't bother with restoring DEAR or ESR since we know we are | |
745 | * level 0 and just going back to userland. They are only needed | |
746 | * if you are going to take an access fault | |
747 | */ | |
748 | TLB_MISS_STATS_X(MMSTAT_TLB_MISS_NORM_OK) | |
749 | TLB_MISS_EPILOG_SUCCESS | |
750 | rfi | |
751 | ||
752 | normal_tlb_miss_access_fault: | |
753 | /* We need to check if it was an instruction miss */ | |
ea3cc330 | 754 | andi. r10,r11,_PAGE_EXEC |
25d21ad6 BH |
755 | bne 1f |
756 | ld r14,EX_TLB_DEAR(r12) | |
757 | ld r15,EX_TLB_ESR(r12) | |
758 | mtspr SPRN_DEAR,r14 | |
759 | mtspr SPRN_ESR,r15 | |
760 | TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT) | |
761 | TLB_MISS_EPILOG_ERROR | |
762 | b exc_data_storage_book3e | |
763 | 1: TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT) | |
764 | TLB_MISS_EPILOG_ERROR | |
765 | b exc_instruction_storage_book3e | |
766 | ||
767 | ||
768 | /* | |
769 | * This is the guts of the second-level TLB miss handler for direct | |
770 | * misses. We are entered with: | |
771 | * | |
772 | * r16 = virtual page table faulting address | |
773 | * r15 = region (top 4 bits of address) | |
774 | * r14 = crap (free to use) | |
775 | * r13 = PACA | |
776 | * r12 = TLB exception frame in PACA | |
777 | * r11 = crap (free to use) | |
778 | * r10 = crap (free to use) | |
779 | * | |
780 | * Note that this should only ever be called as a second level handler | |
781 | * with the current scheme when using SW load. | |
782 | * That means we can always get the original fault DEAR at | |
783 | * EX_TLB_DEAR-EX_TLB_SIZE(r12) | |
784 | * | |
785 | * It can be re-entered by the linear mapping miss handler. However, to | |
786 | * avoid too much complication, it will restart the whole fault at level | |
787 | * 0 so we don't care too much about clobbers | |
788 | * | |
789 | * XXX That code was written back when we couldn't clobber r14. We can now, | |
790 | * so we could probably optimize things a bit | |
791 | */ | |
792 | virt_page_table_tlb_miss: | |
793 | /* Are we hitting a kernel page table ? */ | |
794 | andi. r10,r15,0x8 | |
795 | ||
796 | /* The cool thing now is that r10 contains 0 for user and 8 for kernel, | |
797 | * and we happen to have the swapper_pg_dir at offset 8 from the user | |
798 | * pgdir in the PACA :-). | |
799 | */ | |
800 | add r11,r10,r13 | |
801 | ||
802 | /* If kernel, we need to clear MAS1 TID */ | |
803 | beq 1f | |
804 | /* XXX replace the RMW cycles with immediate loads + writes */ | |
805 | mfspr r10,SPRN_MAS1 | |
806 | rlwinm r10,r10,0,16,1 /* Clear TID */ | |
807 | mtspr SPRN_MAS1,r10 | |
808 | 1: | |
df5d6ecf | 809 | BEGIN_MMU_FTR_SECTION |
25d21ad6 BH |
810 | /* Search if we already have a TLB entry for that virtual address, and |
811 | * if we do, bail out. | |
812 | */ | |
962cffbd | 813 | PPC_TLBSRX_DOT(0,R16) |
25d21ad6 | 814 | beq virt_page_table_tlb_miss_done |
df5d6ecf | 815 | END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_TLBRSRV) |
25d21ad6 BH |
816 | |
817 | /* Now, we need to walk the page tables. First check if we are in | |
818 | * range. | |
819 | */ | |
820 | rldicl. r10,r16,64-(VPTE_INDEX_SIZE+3),VPTE_INDEX_SIZE+3+4 | |
821 | bne- virt_page_table_tlb_miss_fault | |
822 | ||
823 | /* Get the PGD pointer */ | |
824 | ld r15,PACAPGD(r11) | |
825 | cmpldi cr0,r15,0 | |
826 | beq- virt_page_table_tlb_miss_fault | |
827 | ||
828 | /* Get to PGD entry */ | |
829 | rldicl r11,r16,64-VPTE_PGD_SHIFT,64-PGD_INDEX_SIZE-3 | |
830 | clrrdi r10,r11,3 | |
831 | ldx r15,r10,r15 | |
41151e77 BB |
832 | cmpdi cr0,r15,0 |
833 | bge virt_page_table_tlb_miss_fault | |
25d21ad6 | 834 | |
25d21ad6 BH |
835 | /* Get to PUD entry */ |
836 | rldicl r11,r16,64-VPTE_PUD_SHIFT,64-PUD_INDEX_SIZE-3 | |
837 | clrrdi r10,r11,3 | |
838 | ldx r15,r10,r15 | |
41151e77 BB |
839 | cmpdi cr0,r15,0 |
840 | bge virt_page_table_tlb_miss_fault | |
25d21ad6 BH |
841 | |
842 | /* Get to PMD entry */ | |
843 | rldicl r11,r16,64-VPTE_PMD_SHIFT,64-PMD_INDEX_SIZE-3 | |
844 | clrrdi r10,r11,3 | |
845 | ldx r15,r10,r15 | |
41151e77 BB |
846 | cmpdi cr0,r15,0 |
847 | bge virt_page_table_tlb_miss_fault | |
25d21ad6 BH |
848 | |
849 | /* Ok, we're all right, we can now create a kernel translation for | |
850 | * a 4K or 64K page from r16 -> r15. | |
851 | */ | |
852 | /* Now we build the MAS: | |
853 | * | |
854 | * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG | |
855 | * MAS 1 : Almost fully setup | |
856 | * - PID already updated by caller if necessary | |
857 | * - TSIZE for now is base page size always | |
858 | * MAS 2 : Use defaults | |
859 | * MAS 3+7 : Needs to be done | |
860 | * | |
861 | * So we only do MAS 2 and 3 for now... | |
862 | */ | |
863 | clrldi r11,r15,4 /* remove region ID from RPN */ | |
864 | ori r10,r11,1 /* Or-in SR */ | |
df5d6ecf KG |
865 | |
866 | BEGIN_MMU_FTR_SECTION | |
867 | srdi r16,r10,32 | |
868 | mtspr SPRN_MAS3,r10 | |
869 | mtspr SPRN_MAS7,r16 | |
870 | MMU_FTR_SECTION_ELSE | |
25d21ad6 | 871 | mtspr SPRN_MAS7_MAS3,r10 |
df5d6ecf | 872 | ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) |
25d21ad6 BH |
873 | |
874 | tlbwe | |
875 | ||
df5d6ecf | 876 | BEGIN_MMU_FTR_SECTION |
25d21ad6 BH |
877 | virt_page_table_tlb_miss_done: |
878 | ||
446957ba | 879 | /* We have overridden MAS2:EPN but currently our primary TLB miss |
25d21ad6 BH |
880 | * handler will always restore it so that should not be an issue, |
881 | * if we ever optimize the primary handler to not write MAS2 on | |
882 | * some cases, we'll have to restore MAS2:EPN here based on the | |
883 | * original fault's DEAR. If we do that we have to modify the | |
884 | * ITLB miss handler to also store SRR0 in the exception frame | |
885 | * as DEAR. | |
886 | * | |
887 | * However, one nasty thing we did is we cleared the reservation | |
888 | * (well, potentially we did). We do a trick here thus if we | |
889 | * are not a level 0 exception (we interrupted the TLB miss) we | |
890 | * offset the return address by -4 in order to replay the tlbsrx | |
891 | * instruction there | |
892 | */ | |
893 | subf r10,r13,r12 | |
894 | cmpldi cr0,r10,PACA_EXTLB+EX_TLB_SIZE | |
895 | bne- 1f | |
896 | ld r11,PACA_EXTLB+EX_TLB_SIZE+EX_TLB_SRR0(r13) | |
897 | addi r10,r11,-4 | |
898 | std r10,PACA_EXTLB+EX_TLB_SIZE+EX_TLB_SRR0(r13) | |
899 | 1: | |
df5d6ecf | 900 | END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_TLBRSRV) |
25d21ad6 BH |
901 | /* Return to caller, normal case */ |
902 | TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_OK); | |
903 | TLB_MISS_EPILOG_SUCCESS | |
904 | rfi | |
905 | ||
906 | virt_page_table_tlb_miss_fault: | |
907 | /* If we fault here, things are a little bit tricky. We need to call | |
25985edc | 908 | * either data or instruction store fault, and we need to retrieve |
25d21ad6 BH |
909 | * the original fault address and ESR (for data). |
910 | * | |
911 | * The thing is, we know that in normal circumstances, this is | |
912 | * always called as a second level tlb miss for SW load or as a first | |
913 | * level TLB miss for HW load, so we should be able to peek at the | |
f65e51d7 | 914 | * relevant information in the first exception frame in the PACA. |
25d21ad6 BH |
915 | * |
916 | * However, we do need to double check that, because we may just hit | |
917 | * a stray kernel pointer or a userland attack trying to hit those | |
918 | * areas. If that is the case, we do a data fault. (We can't get here | |
919 | * from an instruction tlb miss anyway). | |
920 | * | |
921 | * Note also that when going to a fault, we must unwind the previous | |
922 | * level as well. Since we are doing that, we don't need to clear or | |
923 | * restore the TLB reservation neither. | |
924 | */ | |
925 | subf r10,r13,r12 | |
926 | cmpldi cr0,r10,PACA_EXTLB+EX_TLB_SIZE | |
927 | bne- virt_page_table_tlb_miss_whacko_fault | |
928 | ||
929 | /* We dig the original DEAR and ESR from slot 0 */ | |
930 | ld r15,EX_TLB_DEAR+PACA_EXTLB(r13) | |
931 | ld r16,EX_TLB_ESR+PACA_EXTLB(r13) | |
932 | ||
933 | /* We check for the "special" ESR value for instruction faults */ | |
934 | cmpdi cr0,r16,-1 | |
935 | beq 1f | |
936 | mtspr SPRN_DEAR,r15 | |
937 | mtspr SPRN_ESR,r16 | |
938 | TLB_MISS_STATS_D(MMSTAT_TLB_MISS_PT_FAULT); | |
939 | TLB_MISS_EPILOG_ERROR | |
940 | b exc_data_storage_book3e | |
941 | 1: TLB_MISS_STATS_I(MMSTAT_TLB_MISS_PT_FAULT); | |
942 | TLB_MISS_EPILOG_ERROR | |
943 | b exc_instruction_storage_book3e | |
944 | ||
945 | virt_page_table_tlb_miss_whacko_fault: | |
946 | /* The linear fault will restart everything so ESR and DEAR will | |
947 | * not have been clobbered, let's just fault with what we have | |
948 | */ | |
949 | TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_FAULT); | |
950 | TLB_MISS_EPILOG_ERROR | |
951 | b exc_data_storage_book3e | |
952 | ||
953 | ||
954 | /************************************************************** | |
955 | * * | |
956 | * TLB miss handling for Book3E with hw page table support * | |
957 | * * | |
958 | **************************************************************/ | |
959 | ||
960 | ||
961 | /* Data TLB miss */ | |
962 | START_EXCEPTION(data_tlb_miss_htw) | |
963 | TLB_MISS_PROLOG | |
964 | ||
965 | /* Now we handle the fault proper. We only save DEAR in normal | |
966 | * fault case since that's the only interesting values here. | |
967 | * We could probably also optimize by not saving SRR0/1 in the | |
968 | * linear mapping case but I'll leave that for later | |
969 | */ | |
970 | mfspr r14,SPRN_ESR | |
971 | mfspr r16,SPRN_DEAR /* get faulting address */ | |
972 | srdi r11,r16,60 /* get region */ | |
973 | cmpldi cr0,r11,0xc /* linear mapping ? */ | |
974 | TLB_MISS_STATS_SAVE_INFO | |
975 | beq tlb_load_linear /* yes -> go to linear map load */ | |
976 | ||
977 | /* We do the user/kernel test for the PID here along with the RW test | |
978 | */ | |
979 | cmpldi cr0,r11,0 /* Check for user region */ | |
980 | ld r15,PACAPGD(r13) /* Load user pgdir */ | |
981 | beq htw_tlb_miss | |
982 | ||
983 | /* XXX replace the RMW cycles with immediate loads + writes */ | |
984 | 1: mfspr r10,SPRN_MAS1 | |
985 | cmpldi cr0,r11,8 /* Check for vmalloc region */ | |
986 | rlwinm r10,r10,0,16,1 /* Clear TID */ | |
987 | mtspr SPRN_MAS1,r10 | |
988 | ld r15,PACA_KERNELPGD(r13) /* Load kernel pgdir */ | |
989 | beq+ htw_tlb_miss | |
990 | ||
991 | /* We got a crappy address, just fault with whatever DEAR and ESR | |
992 | * are here | |
993 | */ | |
994 | TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT) | |
995 | TLB_MISS_EPILOG_ERROR | |
996 | b exc_data_storage_book3e | |
997 | ||
998 | /* Instruction TLB miss */ | |
999 | START_EXCEPTION(instruction_tlb_miss_htw) | |
1000 | TLB_MISS_PROLOG | |
1001 | ||
1002 | /* If we take a recursive fault, the second level handler may need | |
1003 | * to know whether we are handling a data or instruction fault in | |
1004 | * order to get to the right store fault handler. We provide that | |
1005 | * info by keeping a crazy value for ESR in r14 | |
1006 | */ | |
1007 | li r14,-1 /* store to exception frame is done later */ | |
1008 | ||
1009 | /* Now we handle the fault proper. We only save DEAR in the non | |
1010 | * linear mapping case since we know the linear mapping case will | |
1011 | * not re-enter. We could indeed optimize and also not save SRR0/1 | |
1012 | * in the linear mapping case but I'll leave that for later | |
1013 | * | |
1014 | * Faulting address is SRR0 which is already in r16 | |
1015 | */ | |
1016 | srdi r11,r16,60 /* get region */ | |
1017 | cmpldi cr0,r11,0xc /* linear mapping ? */ | |
1018 | TLB_MISS_STATS_SAVE_INFO | |
1019 | beq tlb_load_linear /* yes -> go to linear map load */ | |
1020 | ||
1021 | /* We do the user/kernel test for the PID here along with the RW test | |
1022 | */ | |
1023 | cmpldi cr0,r11,0 /* Check for user region */ | |
1024 | ld r15,PACAPGD(r13) /* Load user pgdir */ | |
1025 | beq htw_tlb_miss | |
1026 | ||
1027 | /* XXX replace the RMW cycles with immediate loads + writes */ | |
1028 | 1: mfspr r10,SPRN_MAS1 | |
1029 | cmpldi cr0,r11,8 /* Check for vmalloc region */ | |
1030 | rlwinm r10,r10,0,16,1 /* Clear TID */ | |
1031 | mtspr SPRN_MAS1,r10 | |
1032 | ld r15,PACA_KERNELPGD(r13) /* Load kernel pgdir */ | |
1033 | beq+ htw_tlb_miss | |
1034 | ||
1035 | /* We got a crappy address, just fault */ | |
1036 | TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT) | |
1037 | TLB_MISS_EPILOG_ERROR | |
1038 | b exc_instruction_storage_book3e | |
1039 | ||
1040 | ||
1041 | /* | |
1042 | * This is the guts of the second-level TLB miss handler for direct | |
1043 | * misses. We are entered with: | |
1044 | * | |
1045 | * r16 = virtual page table faulting address | |
1046 | * r15 = PGD pointer | |
1047 | * r14 = ESR | |
1048 | * r13 = PACA | |
1049 | * r12 = TLB exception frame in PACA | |
1050 | * r11 = crap (free to use) | |
1051 | * r10 = crap (free to use) | |
1052 | * | |
1053 | * It can be re-entered by the linear mapping miss handler. However, to | |
1054 | * avoid too much complication, it will save/restore things for us | |
1055 | */ | |
1056 | htw_tlb_miss: | |
1057 | /* Search if we already have a TLB entry for that virtual address, and | |
1058 | * if we do, bail out. | |
1059 | * | |
1060 | * MAS1:IND should be already set based on MAS4 | |
1061 | */ | |
962cffbd | 1062 | PPC_TLBSRX_DOT(0,R16) |
25d21ad6 BH |
1063 | beq htw_tlb_miss_done |
1064 | ||
1065 | /* Now, we need to walk the page tables. First check if we are in | |
1066 | * range. | |
1067 | */ | |
1068 | rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4 | |
1069 | bne- htw_tlb_miss_fault | |
1070 | ||
1071 | /* Get the PGD pointer */ | |
1072 | cmpldi cr0,r15,0 | |
1073 | beq- htw_tlb_miss_fault | |
1074 | ||
1075 | /* Get to PGD entry */ | |
1076 | rldicl r11,r16,64-(PGDIR_SHIFT-3),64-PGD_INDEX_SIZE-3 | |
1077 | clrrdi r10,r11,3 | |
1078 | ldx r15,r10,r15 | |
41151e77 BB |
1079 | cmpdi cr0,r15,0 |
1080 | bge htw_tlb_miss_fault | |
25d21ad6 | 1081 | |
25d21ad6 BH |
1082 | /* Get to PUD entry */ |
1083 | rldicl r11,r16,64-(PUD_SHIFT-3),64-PUD_INDEX_SIZE-3 | |
1084 | clrrdi r10,r11,3 | |
1085 | ldx r15,r10,r15 | |
41151e77 BB |
1086 | cmpdi cr0,r15,0 |
1087 | bge htw_tlb_miss_fault | |
25d21ad6 BH |
1088 | |
1089 | /* Get to PMD entry */ | |
1090 | rldicl r11,r16,64-(PMD_SHIFT-3),64-PMD_INDEX_SIZE-3 | |
1091 | clrrdi r10,r11,3 | |
1092 | ldx r15,r10,r15 | |
41151e77 BB |
1093 | cmpdi cr0,r15,0 |
1094 | bge htw_tlb_miss_fault | |
25d21ad6 BH |
1095 | |
1096 | /* Ok, we're all right, we can now create an indirect entry for | |
1097 | * a 1M or 256M page. | |
1098 | * | |
1099 | * The last trick is now that because we use "half" pages for | |
1100 | * the HTW (1M IND is 2K and 256M IND is 32K) we need to account | |
1101 | * for an added LSB bit to the RPN. For 64K pages, there is no | |
1102 | * problem as we already use 32K arrays (half PTE pages), but for | |
1103 | * 4K page we need to extract a bit from the virtual address and | |
1104 | * insert it into the "PA52" bit of the RPN. | |
1105 | */ | |
25d21ad6 | 1106 | rlwimi r15,r16,32-9,20,20 |
25d21ad6 BH |
1107 | /* Now we build the MAS: |
1108 | * | |
1109 | * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG | |
1110 | * MAS 1 : Almost fully setup | |
1111 | * - PID already updated by caller if necessary | |
1112 | * - TSIZE for now is base ind page size always | |
1113 | * MAS 2 : Use defaults | |
1114 | * MAS 3+7 : Needs to be done | |
1115 | */ | |
25d21ad6 | 1116 | ori r10,r15,(BOOK3E_PAGESZ_4K << MAS3_SPSIZE_SHIFT) |
df5d6ecf KG |
1117 | |
1118 | BEGIN_MMU_FTR_SECTION | |
1119 | srdi r16,r10,32 | |
1120 | mtspr SPRN_MAS3,r10 | |
1121 | mtspr SPRN_MAS7,r16 | |
1122 | MMU_FTR_SECTION_ELSE | |
25d21ad6 | 1123 | mtspr SPRN_MAS7_MAS3,r10 |
df5d6ecf | 1124 | ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) |
25d21ad6 BH |
1125 | |
1126 | tlbwe | |
1127 | ||
1128 | htw_tlb_miss_done: | |
1129 | /* We don't bother with restoring DEAR or ESR since we know we are | |
1130 | * level 0 and just going back to userland. They are only needed | |
1131 | * if you are going to take an access fault | |
1132 | */ | |
1133 | TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_OK) | |
1134 | TLB_MISS_EPILOG_SUCCESS | |
1135 | rfi | |
1136 | ||
1137 | htw_tlb_miss_fault: | |
1138 | /* We need to check if it was an instruction miss. We know this | |
1139 | * though because r14 would contain -1 | |
1140 | */ | |
1141 | cmpdi cr0,r14,-1 | |
1142 | beq 1f | |
1143 | mtspr SPRN_DEAR,r16 | |
1144 | mtspr SPRN_ESR,r14 | |
1145 | TLB_MISS_STATS_D(MMSTAT_TLB_MISS_PT_FAULT) | |
1146 | TLB_MISS_EPILOG_ERROR | |
1147 | b exc_data_storage_book3e | |
1148 | 1: TLB_MISS_STATS_I(MMSTAT_TLB_MISS_PT_FAULT) | |
1149 | TLB_MISS_EPILOG_ERROR | |
1150 | b exc_instruction_storage_book3e | |
1151 | ||
1152 | /* | |
1153 | * This is the guts of "any" level TLB miss handler for kernel linear | |
1154 | * mapping misses. We are entered with: | |
1155 | * | |
1156 | * | |
1157 | * r16 = faulting address | |
1158 | * r15 = crap (free to use) | |
1159 | * r14 = ESR (data) or -1 (instruction) | |
1160 | * r13 = PACA | |
1161 | * r12 = TLB exception frame in PACA | |
1162 | * r11 = crap (free to use) | |
1163 | * r10 = crap (free to use) | |
1164 | * | |
1165 | * In addition we know that we will not re-enter, so in theory, we could | |
1166 | * use a simpler epilog not restoring SRR0/1 etc.. but we'll do that later. | |
1167 | * | |
1168 | * We also need to be careful about MAS registers here & TLB reservation, | |
1169 | * as we know we'll have clobbered them if we interrupt the main TLB miss | |
1170 | * handlers in which case we probably want to do a full restart at level | |
1171 | * 0 rather than saving / restoring the MAS. | |
1172 | * | |
1173 | * Note: If we care about performance of that core, we can easily shuffle | |
1174 | * a few things around | |
1175 | */ | |
1176 | tlb_load_linear: | |
1177 | /* For now, we assume the linear mapping is contiguous and stops at | |
1178 | * linear_map_top. We also assume the size is a multiple of 1G, thus | |
1179 | * we only use 1G pages for now. That might have to be changed in a | |
1180 | * final implementation, especially when dealing with hypervisors | |
1181 | */ | |
1182 | ld r11,PACATOC(r13) | |
1183 | ld r11,linear_map_top@got(r11) | |
1184 | ld r10,0(r11) | |
60b96223 BK |
1185 | tovirt(10,10) |
1186 | cmpld cr0,r16,r10 | |
25d21ad6 BH |
1187 | bge tlb_load_linear_fault |
1188 | ||
1189 | /* MAS1 need whole new setup. */ | |
1190 | li r15,(BOOK3E_PAGESZ_1GB<<MAS1_TSIZE_SHIFT) | |
1191 | oris r15,r15,MAS1_VALID@h /* MAS1 needs V and TSIZE */ | |
1192 | mtspr SPRN_MAS1,r15 | |
1193 | ||
1194 | /* Already somebody there ? */ | |
962cffbd | 1195 | PPC_TLBSRX_DOT(0,R16) |
25d21ad6 BH |
1196 | beq tlb_load_linear_done |
1197 | ||
1198 | /* Now we build the remaining MAS. MAS0 and 2 should be fine | |
1199 | * with their defaults, which leaves us with MAS 3 and 7. The | |
1200 | * mapping is linear, so we just take the address, clear the | |
1201 | * region bits, and or in the permission bits which are currently | |
1202 | * hard wired | |
1203 | */ | |
1204 | clrrdi r10,r16,30 /* 1G page index */ | |
1205 | clrldi r10,r10,4 /* clear region bits */ | |
1206 | ori r10,r10,MAS3_SR|MAS3_SW|MAS3_SX | |
df5d6ecf KG |
1207 | |
1208 | BEGIN_MMU_FTR_SECTION | |
1209 | srdi r16,r10,32 | |
1210 | mtspr SPRN_MAS3,r10 | |
1211 | mtspr SPRN_MAS7,r16 | |
1212 | MMU_FTR_SECTION_ELSE | |
25d21ad6 | 1213 | mtspr SPRN_MAS7_MAS3,r10 |
df5d6ecf | 1214 | ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) |
25d21ad6 BH |
1215 | |
1216 | tlbwe | |
1217 | ||
1218 | tlb_load_linear_done: | |
1219 | /* We use the "error" epilog for success as we do want to | |
1220 | * restore to the initial faulting context, whatever it was. | |
1221 | * We do that because we can't resume a fault within a TLB | |
1222 | * miss handler, due to MAS and TLB reservation being clobbered. | |
1223 | */ | |
1224 | TLB_MISS_STATS_X(MMSTAT_TLB_MISS_LINEAR) | |
1225 | TLB_MISS_EPILOG_ERROR | |
1226 | rfi | |
1227 | ||
1228 | tlb_load_linear_fault: | |
1229 | /* We keep the DEAR and ESR around, this shouldn't have happened */ | |
1230 | cmpdi cr0,r14,-1 | |
1231 | beq 1f | |
1232 | TLB_MISS_EPILOG_ERROR_SPECIAL | |
1233 | b exc_data_storage_book3e | |
1234 | 1: TLB_MISS_EPILOG_ERROR_SPECIAL | |
1235 | b exc_instruction_storage_book3e | |
1236 | ||
1237 | ||
1238 | #ifdef CONFIG_BOOK3E_MMU_TLB_STATS | |
1239 | .tlb_stat_inc: | |
1240 | 1: ldarx r8,0,r9 | |
1241 | addi r8,r8,1 | |
1242 | stdcx. r8,0,r9 | |
1243 | bne- 1b | |
1244 | blr | |
1245 | #endif |