projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
net: bcmgenet: Software reset EPHY after power on
[deliverable/linux.git] / arch / powerpc / mm / tlb_low_64e.S
CommitLineData
25d21ad6 1/*
6c504d42 2 * Low level TLB miss handlers for Book3E
25d21ad6
BH		 3 *
4 * Copyright (C) 2008-2009
5 * Ben. Herrenschmidt (benh@kernel.crashing.org), IBM Corp.
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 */
12
13#include <asm/processor.h>
14#include <asm/reg.h>
15#include <asm/page.h>
16#include <asm/mmu.h>
17#include <asm/ppc_asm.h>
18#include <asm/asm-offsets.h>
19#include <asm/cputable.h>
20#include <asm/pgtable.h>
25d21ad6
BH		 21#include <asm/exception-64e.h>
22#include <asm/ppc-opcode.h>
fecff0f7
MC		 23#include <asm/kvm_asm.h>
24#include <asm/kvm_booke_hv_asm.h>
25d21ad6
BH		 25
26#ifdef CONFIG_PPC_64K_PAGES
27#define VPTE_PMD_SHIFT (PTE_INDEX_SIZE+1)
28#else
29#define VPTE_PMD_SHIFT (PTE_INDEX_SIZE)
30#endif
31#define VPTE_PUD_SHIFT (VPTE_PMD_SHIFT + PMD_INDEX_SIZE)
32#define VPTE_PGD_SHIFT (VPTE_PUD_SHIFT + PUD_INDEX_SIZE)
33#define VPTE_INDEX_SIZE (VPTE_PGD_SHIFT + PGD_INDEX_SIZE)
34
f67f4ef5
SW		 35/**********************************************************************
36 * *
37 * TLB miss handling for Book3E with a bolted linear mapping *
38 * No virtual page table, no nested TLB misses *
39 * *
40 **********************************************************************/
41
a3dc6207
SW		 42/*
43 * Note that, unlike non-bolted handlers, TLB_EXFRAME is not
44 * modified by the TLB miss handlers themselves, since the TLB miss
45 * handler code will not itself cause a recursive TLB miss.
46 *
47 * TLB_EXFRAME will be modified when crit/mc/debug exceptions are
48 * entered/exited.
49 */
fecff0f7 50.macro tlb_prolog_bolted intnum addr
a3dc6207
SW		 51 mtspr SPRN_SPRG_GEN_SCRATCH,r12
52 mfspr r12,SPRN_SPRG_TLB_EXFRAME
53 std r13,EX_TLB_R13(r12)
54 std r10,EX_TLB_R10(r12)
f67f4ef5 55 mfspr r13,SPRN_SPRG_PACA
a3dc6207 56
f67f4ef5 57 mfcr r10
a3dc6207 58 std r11,EX_TLB_R11(r12)
fecff0f7
MC		 59#ifdef CONFIG_KVM_BOOKE_HV
60BEGIN_FTR_SECTION
61 mfspr r11, SPRN_SRR1
62END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
63#endif
64 DO_KVM \intnum, SPRN_SRR1
a3dc6207 65 std r16,EX_TLB_R16(r12)
f67f4ef5 66 mfspr r16,\addr /* get faulting address */
a3dc6207 67 std r14,EX_TLB_R14(r12)
f67f4ef5 68 ld r14,PACAPGD(r13)
a3dc6207
SW		 69 std r15,EX_TLB_R15(r12)
70 std r10,EX_TLB_CR(r12)
71 TLB_MISS_PROLOG_STATS
f67f4ef5
SW		 72.endm
73
74.macro tlb_epilog_bolted
a3dc6207
SW		 75 ld r14,EX_TLB_CR(r12)
76 ld r10,EX_TLB_R10(r12)
77 ld r11,EX_TLB_R11(r12)
78 ld r13,EX_TLB_R13(r12)
f67f4ef5 79 mtcr r14
a3dc6207
SW		 80 ld r14,EX_TLB_R14(r12)
81 ld r15,EX_TLB_R15(r12)
82 TLB_MISS_RESTORE_STATS
83 ld r16,EX_TLB_R16(r12)
84 mfspr r12,SPRN_SPRG_GEN_SCRATCH
f67f4ef5
SW		 85.endm
86
87/* Data TLB miss */
88 START_EXCEPTION(data_tlb_miss_bolted)
fecff0f7 89 tlb_prolog_bolted BOOKE_INTERRUPT_DTLB_MISS SPRN_DEAR
f67f4ef5
SW		 90
91 /* We need _PAGE_PRESENT and _PAGE_ACCESSED set */
92
93 /* We do the user/kernel test for the PID here along with the RW test
94 */
95 /* We pre-test some combination of permissions to avoid double
96 * faults:
97 *
98 * We move the ESR:ST bit into the position of _PAGE_BAP_SW in the PTE
99 * ESR_ST is 0x00800000
100 * _PAGE_BAP_SW is 0x00000010
101 * So the shift is >> 19. This tests for supervisor writeability.
102 * If the page happens to be supervisor writeable and not user
103 * writeable, we will take a new fault later, but that should be
104 * a rare enough case.
105 *
106 * We also move ESR_ST in _PAGE_DIRTY position
107 * _PAGE_DIRTY is 0x00001000 so the shift is >> 11
108 *
109 * MAS1 is preset for all we need except for TID that needs to
110 * be cleared for kernel translations
111 */
112
113 mfspr r11,SPRN_ESR
114
115 srdi r15,r16,60 /* get region */
116 rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4
27609a42 117 bne- dtlb_miss_fault_bolted /* Bail if fault addr is invalid */
f67f4ef5
SW		 118
119 rlwinm r10,r11,32-19,27,27
120 rlwimi r10,r11,32-16,19,19
27609a42 121 cmpwi r15,0 /* user vs kernel check */
f67f4ef5
SW		 122 ori r10,r10,_PAGE_PRESENT
123 oris r11,r10,_PAGE_ACCESSED@h
124
125 TLB_MISS_STATS_SAVE_INFO_BOLTED
126 bne tlb_miss_kernel_bolted
127
128tlb_miss_common_bolted:
129/*
130 * This is the guts of the TLB miss handler for bolted-linear.
131 * We are entered with:
132 *
133 * r16 = faulting address
134 * r15 = crap (free to use)
135 * r14 = page table base
136 * r13 = PACA
137 * r11 = PTE permission mask
138 * r10 = crap (free to use)
139 */
140 rldicl r15,r16,64-PGDIR_SHIFT+3,64-PGD_INDEX_SIZE-3
141 cmpldi cr0,r14,0
142 clrrdi r15,r15,3
27609a42 143 beq tlb_miss_fault_bolted /* No PGDIR, bail */
f67f4ef5
SW		 144
145BEGIN_MMU_FTR_SECTION
146 /* Set the TLB reservation and search for existing entry. Then load
147 * the entry.
148 */
962cffbd 149 PPC_TLBSRX_DOT(0,R16)
27609a42 150 ldx r14,r14,r15 /* grab pgd entry */
1149e8a7 151 beq tlb_miss_done_bolted /* tlb exists already, bail */
f67f4ef5 152MMU_FTR_SECTION_ELSE
27609a42 153 ldx r14,r14,r15 /* grab pgd entry */
f67f4ef5
SW		 154ALT_MMU_FTR_SECTION_END_IFSET(MMU_FTR_USE_TLBRSRV)
155
156#ifndef CONFIG_PPC_64K_PAGES
157 rldicl r15,r16,64-PUD_SHIFT+3,64-PUD_INDEX_SIZE-3
158 clrrdi r15,r15,3
d1b9b128
BB		 159 cmpdi cr0,r14,0
160 bge tlb_miss_fault_bolted /* Bad pgd entry or hugepage; bail */
27609a42 161 ldx r14,r14,r15 /* grab pud entry */
f67f4ef5
SW		 162#endif /* CONFIG_PPC_64K_PAGES */
163
164 rldicl r15,r16,64-PMD_SHIFT+3,64-PMD_INDEX_SIZE-3
165 clrrdi r15,r15,3
d1b9b128
BB		 166 cmpdi cr0,r14,0
167 bge tlb_miss_fault_bolted
27609a42 168 ldx r14,r14,r15 /* Grab pmd entry */
f67f4ef5
SW		 169
170 rldicl r15,r16,64-PAGE_SHIFT+3,64-PTE_INDEX_SIZE-3
171 clrrdi r15,r15,3
d1b9b128
BB		 172 cmpdi cr0,r14,0
173 bge tlb_miss_fault_bolted
174 ldx r14,r14,r15 /* Grab PTE, normal (!huge) page */
f67f4ef5
SW		 175
176 /* Check if required permissions are met */
177 andc. r15,r11,r14
178 rldicr r15,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT
179 bne- tlb_miss_fault_bolted
180
181 /* Now we build the MAS:
182 *
183 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG
184 * MAS 1 : Almost fully setup
185 * - PID already updated by caller if necessary
186 * - TSIZE need change if !base page size, not
187 * yet implemented for now
188 * MAS 2 : Defaults not useful, need to be redone
189 * MAS 3+7 : Needs to be done
190 */
191 clrrdi r11,r16,12 /* Clear low crap in EA */
192 clrldi r15,r15,12 /* Clear crap at the top */
193 rlwimi r11,r14,32-19,27,31 /* Insert WIMGE */
194 rlwimi r15,r14,32-8,22,25 /* Move in U bits */
195 mtspr SPRN_MAS2,r11
196 andi. r11,r14,_PAGE_DIRTY
197 rlwimi r15,r14,32-2,26,31 /* Move in BAP bits */
198
199 /* Mask out SW and UW if !DIRTY (XXX optimize this !) */
200 bne 1f
201 li r11,MAS3_SW|MAS3_UW
202 andc r15,r15,r11
2031:
204 mtspr SPRN_MAS7_MAS3,r15
205 tlbwe
206
1149e8a7 207tlb_miss_done_bolted:
f67f4ef5
SW		 208 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_NORM_OK)
209 tlb_epilog_bolted
210 rfi
211
212itlb_miss_kernel_bolted:
213 li r11,_PAGE_PRESENT|_PAGE_BAP_SX /* Base perm */
214 oris r11,r11,_PAGE_ACCESSED@h
215tlb_miss_kernel_bolted:
216 mfspr r10,SPRN_MAS1
217 ld r14,PACA_KERNELPGD(r13)
218 cmpldi cr0,r15,8 /* Check for vmalloc region */
219 rlwinm r10,r10,0,16,1 /* Clear TID */
220 mtspr SPRN_MAS1,r10
221 beq+ tlb_miss_common_bolted
222
223tlb_miss_fault_bolted:
224 /* We need to check if it was an instruction miss */
225 andi. r10,r11,_PAGE_EXEC|_PAGE_BAP_SX
226 bne itlb_miss_fault_bolted
227dtlb_miss_fault_bolted:
228 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT)
229 tlb_epilog_bolted
230 b exc_data_storage_book3e
231itlb_miss_fault_bolted:
232 TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT)
233 tlb_epilog_bolted
234 b exc_instruction_storage_book3e
235
236/* Instruction TLB miss */
237 START_EXCEPTION(instruction_tlb_miss_bolted)
fecff0f7 238 tlb_prolog_bolted BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR0
f67f4ef5
SW		 239
240 rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4
241 srdi r15,r16,60 /* get region */
242 TLB_MISS_STATS_SAVE_INFO_BOLTED
243 bne- itlb_miss_fault_bolted
244
245 li r11,_PAGE_PRESENT|_PAGE_EXEC /* Base perm */
246
247 /* We do the user/kernel test for the PID here along with the RW test
248 */
249
250 cmpldi cr0,r15,0 /* Check for user region */
251 oris r11,r11,_PAGE_ACCESSED@h
252 beq tlb_miss_common_bolted
253 b itlb_miss_kernel_bolted
25d21ad6 254
9841c79c 255#ifdef CONFIG_PPC_FSL_BOOK3E
28efc35f
SW		 256/*
257 * TLB miss handling for e6500 and derivatives, using hardware tablewalk.
258 *
259 * Linear mapping is bolted: no virtual page table or nested TLB misses
260 * Indirect entries in TLB1, hardware loads resulting direct entries
261 * into TLB0
262 * No HES or NV hint on TLB1, so we need to do software round-robin
263 * No tlbsrx. so we need a spinlock, and we have to deal
264 * with MAS-damage caused by tlbsx
265 * 4K pages only
266 */
267
268 START_EXCEPTION(instruction_tlb_miss_e6500)
269 tlb_prolog_bolted BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR0
270
271 ld r11,PACA_TCD_PTR(r13)
272 srdi. r15,r16,60 /* get region */
273 ori r16,r16,1
274
275 TLB_MISS_STATS_SAVE_INFO_BOLTED
276 bne tlb_miss_kernel_e6500 /* user/kernel test */
277
278 b tlb_miss_common_e6500
279
280 START_EXCEPTION(data_tlb_miss_e6500)
281 tlb_prolog_bolted BOOKE_INTERRUPT_DTLB_MISS SPRN_DEAR
282
283 ld r11,PACA_TCD_PTR(r13)
284 srdi. r15,r16,60 /* get region */
285 rldicr r16,r16,0,62
286
287 TLB_MISS_STATS_SAVE_INFO_BOLTED
288 bne tlb_miss_kernel_e6500 /* user vs kernel check */
289
290/*
291 * This is the guts of the TLB miss handler for e6500 and derivatives.
292 * We are entered with:
293 *
294 * r16 = page of faulting address (low bit 0 if data, 1 if instruction)
295 * r15 = crap (free to use)
296 * r14 = page table base
297 * r13 = PACA
298 * r11 = tlb_per_core ptr
1cb4ed92 299 * r10 = crap (free to use)
28efc35f
SW		 300 */
301tlb_miss_common_e6500:
48cd9b5d
SW		 302 crmove cr2*4+2,cr0*4+2 /* cr2.eq != 0 if kernel address */
303
304BEGIN_FTR_SECTION /* CPU_FTR_SMT */
28efc35f
SW		 305 /*
306 * Search if we already have an indirect entry for that virtual
307 * address, and if we do, bail out.
308 *
309 * MAS6:IND should be already set based on MAS4
310 */
82d86de2 311 lhz r10,PACAPACAINDEX(r13)
1cb4ed92 312 addi r10,r10,1
69399ee9
KH		 313 crclr cr1*4+eq /* set cr1.eq = 0 for non-recursive */
3141: lbarx r15,0,r11
315 cmpdi r15,0
28efc35f 316 bne 2f
82d86de2 317 stbcx. r10,0,r11
28efc35f 318 bne 1b
82d86de2 3193:
28efc35f 320 .subsection 1
82d86de2
SW		 3212: cmpd cr1,r15,r10 /* recursive lock due to mcheck/crit/etc? */
322 beq cr1,3b /* unlock will happen if cr1.eq = 0 */
69399ee9 32310: lbz r15,0(r11)
28efc35f 324 cmpdi r15,0
69399ee9 325 bne 10b
28efc35f
SW		 326 b 1b
327 .previous
328
48cd9b5d
SW		 329 /*
330 * Erratum A-008139 says that we can't use tlbwe to change
331 * an indirect entry in any way (including replacing or
332 * invalidating) if the other thread could be in the process
333 * of a lookup. The workaround is to invalidate the entry
334 * with tlbilx before overwriting.
335 */
336
337 lbz r15,TCD_ESEL_NEXT(r11)
338 rlwinm r10,r15,16,0xff0000
339 oris r10,r10,MAS0_TLBSEL(1)@h
340 mtspr SPRN_MAS0,r10
341 isync
342 tlbre
bbd08c72 343 mfspr r15,SPRN_MAS1
48cd9b5d
SW		 344 andis. r15,r15,MAS1_VALID@h
345 beq 5f
346
347BEGIN_FTR_SECTION_NESTED(532)
348 mfspr r10,SPRN_MAS8
349 rlwinm r10,r10,0,0x80000fff /* tgs,tlpid -> sgs,slpid */
350 mtspr SPRN_MAS5,r10
351END_FTR_SECTION_NESTED(CPU_FTR_EMB_HV,CPU_FTR_EMB_HV,532)
28efc35f 352
28efc35f 353 mfspr r10,SPRN_MAS1
48cd9b5d
SW		 354 rlwinm r15,r10,0,0x3fff0000 /* tid -> spid */
355 rlwimi r15,r10,20,0x00000003 /* ind,ts -> sind,sas */
356 mfspr r10,SPRN_MAS6
357 mtspr SPRN_MAS6,r15
358
359 mfspr r15,SPRN_MAS2
360 isync
361 tlbilxva 0,r15
362 isync
bbd08c72 363
48cd9b5d
SW		 364 mtspr SPRN_MAS6,r10
365
3665:
367BEGIN_FTR_SECTION_NESTED(532)
368 li r10,0
369 mtspr SPRN_MAS8,r10
370 mtspr SPRN_MAS5,r10
371END_FTR_SECTION_NESTED(CPU_FTR_EMB_HV,CPU_FTR_EMB_HV,532)
372
373 tlbsx 0,r16
374 mfspr r10,SPRN_MAS1
375 andis. r15,r10,MAS1_VALID@h
28efc35f 376 bne tlb_miss_done_e6500
48cd9b5d
SW		 377FTR_SECTION_ELSE
378 mfspr r10,SPRN_MAS1
379ALT_FTR_SECTION_END_IFSET(CPU_FTR_SMT)
380
381 oris r10,r10,MAS1_VALID@h
382 beq cr2,4f
383 rlwinm r10,r10,0,16,1 /* Clear TID */
3844: mtspr SPRN_MAS1,r10
28efc35f 385
28efc35f
SW		 386 /* Now, we need to walk the page tables. First check if we are in
387 * range.
388 */
389 rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4
390 bne- tlb_miss_fault_e6500
391
392 rldicl r15,r16,64-PGDIR_SHIFT+3,64-PGD_INDEX_SIZE-3
393 cmpldi cr0,r14,0
394 clrrdi r15,r15,3
395 beq- tlb_miss_fault_e6500 /* No PGDIR, bail */
396 ldx r14,r14,r15 /* grab pgd entry */
397
398 rldicl r15,r16,64-PUD_SHIFT+3,64-PUD_INDEX_SIZE-3
399 clrrdi r15,r15,3
400 cmpdi cr0,r14,0
c89ca8ab 401 bge tlb_miss_huge_e6500 /* Bad pgd entry or hugepage; bail */
28efc35f
SW		 402 ldx r14,r14,r15 /* grab pud entry */
403
404 rldicl r15,r16,64-PMD_SHIFT+3,64-PMD_INDEX_SIZE-3
405 clrrdi r15,r15,3
406 cmpdi cr0,r14,0
c89ca8ab 407 bge tlb_miss_huge_e6500
28efc35f
SW		 408 ldx r14,r14,r15 /* Grab pmd entry */
409
410 mfspr r10,SPRN_MAS0
411 cmpdi cr0,r14,0
c89ca8ab 412 bge tlb_miss_huge_e6500
28efc35f
SW		 413
414 /* Now we build the MAS for a 2M indirect page:
415 *
416 * MAS 0 : ESEL needs to be filled by software round-robin
417 * MAS 1 : Fully set up
418 * - PID already updated by caller if necessary
419 * - TSIZE for now is base ind page size always
420 * - TID already cleared if necessary
421 * MAS 2 : Default not 2M-aligned, need to be redone
422 * MAS 3+7 : Needs to be done
423 */
424
425 ori r14,r14,(BOOK3E_PAGESZ_4K << MAS3_SPSIZE_SHIFT)
426 mtspr SPRN_MAS7_MAS3,r14
427
428 clrrdi r15,r16,21 /* make EA 2M-aligned */
429 mtspr SPRN_MAS2,r15
430
c89ca8ab 431tlb_miss_huge_done_e6500:
28efc35f
SW		 432 lbz r15,TCD_ESEL_NEXT(r11)
433 lbz r16,TCD_ESEL_MAX(r11)
434 lbz r14,TCD_ESEL_FIRST(r11)
435 rlwimi r10,r15,16,0x00ff0000 /* insert esel_next into MAS0 */
436 addi r15,r15,1 /* increment esel_next */
437 mtspr SPRN_MAS0,r10
438 cmpw r15,r16
439 iseleq r15,r14,r15 /* if next == last use first */
440 stb r15,TCD_ESEL_NEXT(r11)
441
442 tlbwe
443
444tlb_miss_done_e6500:
445 .macro tlb_unlock_e6500
7c480050 446BEGIN_FTR_SECTION
82d86de2 447 beq cr1,1f /* no unlock if lock was recursively grabbed */
28efc35f
SW		 448 li r15,0
449 isync
82d86de2
SW		 450 stb r15,0(r11)
4511:
7c480050 452END_FTR_SECTION_IFSET(CPU_FTR_SMT)
28efc35f
SW		 453 .endm
454
455 tlb_unlock_e6500
456 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_NORM_OK)
457 tlb_epilog_bolted
458 rfi
459
c89ca8ab
SW		 460tlb_miss_huge_e6500:
461 beq tlb_miss_fault_e6500
462 li r10,1
463 andi. r15,r14,HUGEPD_SHIFT_MASK@l /* r15 = psize */
464 rldimi r14,r10,63,0 /* Set PD_HUGE */
465 xor r14,r14,r15 /* Clear size bits */
466 ldx r14,0,r14
467
468 /*
469 * Now we build the MAS for a huge page.
470 *
471 * MAS 0 : ESEL needs to be filled by software round-robin
472 * - can be handled by indirect code
473 * MAS 1 : Need to clear IND and set TSIZE
474 * MAS 2,3+7: Needs to be redone similar to non-tablewalk handler
475 */
476
477 subi r15,r15,10 /* Convert psize to tsize */
478 mfspr r10,SPRN_MAS1
479 rlwinm r10,r10,0,~MAS1_IND
480 rlwimi r10,r15,MAS1_TSIZE_SHIFT,MAS1_TSIZE_MASK
481 mtspr SPRN_MAS1,r10
482
483 li r10,-0x400
484 sld r15,r10,r15 /* Generate mask based on size */
485 and r10,r16,r15
486 rldicr r15,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT
487 rlwimi r10,r14,32-19,27,31 /* Insert WIMGE */
488 clrldi r15,r15,PAGE_SHIFT /* Clear crap at the top */
489 rlwimi r15,r14,32-8,22,25 /* Move in U bits */
490 mtspr SPRN_MAS2,r10
491 andi. r10,r14,_PAGE_DIRTY
492 rlwimi r15,r14,32-2,26,31 /* Move in BAP bits */
493
494 /* Mask out SW and UW if !DIRTY (XXX optimize this !) */
495 bne 1f
496 li r10,MAS3_SW|MAS3_UW
497 andc r15,r15,r10
4981:
499 mtspr SPRN_MAS7_MAS3,r15
500
501 mfspr r10,SPRN_MAS0
502 b tlb_miss_huge_done_e6500
503
28efc35f 504tlb_miss_kernel_e6500:
28efc35f 505 ld r14,PACA_KERNELPGD(r13)
48cd9b5d
SW		 506 cmpldi cr1,r15,8 /* Check for vmalloc region */
507 beq+ cr1,tlb_miss_common_e6500
28efc35f
SW		 508
509tlb_miss_fault_e6500:
510 tlb_unlock_e6500
511 /* We need to check if it was an instruction miss */
512 andi. r16,r16,1
513 bne itlb_miss_fault_e6500
514dtlb_miss_fault_e6500:
515 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT)
516 tlb_epilog_bolted
517 b exc_data_storage_book3e
518itlb_miss_fault_e6500:
519 TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT)
520 tlb_epilog_bolted
521 b exc_instruction_storage_book3e
9841c79c 522#endif /* CONFIG_PPC_FSL_BOOK3E */
28efc35f 523
25d21ad6
BH		 524/**********************************************************************
525 * *
526 * TLB miss handling for Book3E with TLB reservation and HES support *
527 * *
528 **********************************************************************/
529
530
531/* Data TLB miss */
532 START_EXCEPTION(data_tlb_miss)
533 TLB_MISS_PROLOG
534
535 /* Now we handle the fault proper. We only save DEAR in normal
536 * fault case since that's the only interesting values here.
537 * We could probably also optimize by not saving SRR0/1 in the
538 * linear mapping case but I'll leave that for later
539 */
540 mfspr r14,SPRN_ESR
541 mfspr r16,SPRN_DEAR /* get faulting address */
542 srdi r15,r16,60 /* get region */
543 cmpldi cr0,r15,0xc /* linear mapping ? */
544 TLB_MISS_STATS_SAVE_INFO
545 beq tlb_load_linear /* yes -> go to linear map load */
546
547 /* The page tables are mapped virtually linear. At this point, though,
548 * we don't know whether we are trying to fault in a first level
549 * virtual address or a virtual page table address. We can get that
550 * from bit 0x1 of the region ID which we have set for a page table
551 */
552 andi. r10,r15,0x1
553 bne- virt_page_table_tlb_miss
554
555 std r14,EX_TLB_ESR(r12); /* save ESR */
556 std r16,EX_TLB_DEAR(r12); /* save DEAR */
557
558 /* We need _PAGE_PRESENT and _PAGE_ACCESSED set */
559 li r11,_PAGE_PRESENT
560 oris r11,r11,_PAGE_ACCESSED@h
561
562 /* We do the user/kernel test for the PID here along with the RW test
563 */
564 cmpldi cr0,r15,0 /* Check for user region */
565
566 /* We pre-test some combination of permissions to avoid double
567 * faults:
568 *
569 * We move the ESR:ST bit into the position of _PAGE_BAP_SW in the PTE
570 * ESR_ST is 0x00800000
571 * _PAGE_BAP_SW is 0x00000010
572 * So the shift is >> 19. This tests for supervisor writeability.
573 * If the page happens to be supervisor writeable and not user
574 * writeable, we will take a new fault later, but that should be
575 * a rare enough case.
576 *
577 * We also move ESR_ST in _PAGE_DIRTY position
578 * _PAGE_DIRTY is 0x00001000 so the shift is >> 11
579 *
580 * MAS1 is preset for all we need except for TID that needs to
581 * be cleared for kernel translations
582 */
583 rlwimi r11,r14,32-19,27,27
584 rlwimi r11,r14,32-16,19,19
585 beq normal_tlb_miss
586 /* XXX replace the RMW cycles with immediate loads + writes */
5871: mfspr r10,SPRN_MAS1
588 cmpldi cr0,r15,8 /* Check for vmalloc region */
589 rlwinm r10,r10,0,16,1 /* Clear TID */
590 mtspr SPRN_MAS1,r10
591 beq+ normal_tlb_miss
592
593 /* We got a crappy address, just fault with whatever DEAR and ESR
594 * are here
595 */
596 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT)
597 TLB_MISS_EPILOG_ERROR
598 b exc_data_storage_book3e
599
600/* Instruction TLB miss */
601 START_EXCEPTION(instruction_tlb_miss)
602 TLB_MISS_PROLOG
603
604 /* If we take a recursive fault, the second level handler may need
605 * to know whether we are handling a data or instruction fault in
606 * order to get to the right store fault handler. We provide that
607 * info by writing a crazy value in ESR in our exception frame
608 */
609 li r14,-1 /* store to exception frame is done later */
610
611 /* Now we handle the fault proper. We only save DEAR in the non
612 * linear mapping case since we know the linear mapping case will
613 * not re-enter. We could indeed optimize and also not save SRR0/1
614 * in the linear mapping case but I'll leave that for later
615 *
616 * Faulting address is SRR0 which is already in r16
617 */
618 srdi r15,r16,60 /* get region */
619 cmpldi cr0,r15,0xc /* linear mapping ? */
620 TLB_MISS_STATS_SAVE_INFO
621 beq tlb_load_linear /* yes -> go to linear map load */
622
623 /* We do the user/kernel test for the PID here along with the RW test
624 */
ea3cc330 625 li r11,_PAGE_PRESENT|_PAGE_EXEC /* Base perm */
25d21ad6
BH		 626 oris r11,r11,_PAGE_ACCESSED@h
627
628 cmpldi cr0,r15,0 /* Check for user region */
629 std r14,EX_TLB_ESR(r12) /* write crazy -1 to frame */
630 beq normal_tlb_miss
82ae5eaf
KG		 631
632 li r11,_PAGE_PRESENT|_PAGE_BAP_SX /* Base perm */
633 oris r11,r11,_PAGE_ACCESSED@h
25d21ad6 634 /* XXX replace the RMW cycles with immediate loads + writes */
82ae5eaf 635 mfspr r10,SPRN_MAS1
25d21ad6
BH		 636 cmpldi cr0,r15,8 /* Check for vmalloc region */
637 rlwinm r10,r10,0,16,1 /* Clear TID */
638 mtspr SPRN_MAS1,r10
639 beq+ normal_tlb_miss
640
641 /* We got a crappy address, just fault */
642 TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT)
643 TLB_MISS_EPILOG_ERROR
644 b exc_instruction_storage_book3e
645
646/*
647 * This is the guts of the first-level TLB miss handler for direct
648 * misses. We are entered with:
649 *
650 * r16 = faulting address
651 * r15 = region ID
652 * r14 = crap (free to use)
653 * r13 = PACA
654 * r12 = TLB exception frame in PACA
655 * r11 = PTE permission mask
656 * r10 = crap (free to use)
657 */
658normal_tlb_miss:
659 /* So we first construct the page table address. We do that by
660 * shifting the bottom of the address (not the region ID) by
661 * PAGE_SHIFT-3, clearing the bottom 3 bits (get a PTE ptr) and
662 * or'ing the fourth high bit.
663 *
664 * NOTE: For 64K pages, we do things slightly differently in
665 * order to handle the weird page table format used by linux
666 */
667 ori r10,r15,0x1
668#ifdef CONFIG_PPC_64K_PAGES
669 /* For the top bits, 16 bytes per PTE */
670 rldicl r14,r16,64-(PAGE_SHIFT-4),PAGE_SHIFT-4+4
671 /* Now create the bottom bits as 0 in position 0x8000 and
672 * the rest calculated for 8 bytes per PTE
673 */
674 rldicl r15,r16,64-(PAGE_SHIFT-3),64-15
675 /* Insert the bottom bits in */
676 rlwimi r14,r15,0,16,31
677#else
678 rldicl r14,r16,64-(PAGE_SHIFT-3),PAGE_SHIFT-3+4
679#endif
680 sldi r15,r10,60
681 clrrdi r14,r14,3
682 or r10,r15,r14
683
df5d6ecf 684BEGIN_MMU_FTR_SECTION
25985edc 685 /* Set the TLB reservation and search for existing entry. Then load
25d21ad6
BH		 686 * the entry.
687 */
962cffbd 688 PPC_TLBSRX_DOT(0,R16)
25d21ad6
BH		 689 ld r14,0(r10)
690 beq normal_tlb_miss_done
df5d6ecf
KG		 691MMU_FTR_SECTION_ELSE
692 ld r14,0(r10)
693ALT_MMU_FTR_SECTION_END_IFSET(MMU_FTR_USE_TLBRSRV)
25d21ad6
BH		 694
695finish_normal_tlb_miss:
696 /* Check if required permissions are met */
697 andc. r15,r11,r14
698 bne- normal_tlb_miss_access_fault
699
700 /* Now we build the MAS:
701 *
702 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG
703 * MAS 1 : Almost fully setup
704 * - PID already updated by caller if necessary
705 * - TSIZE need change if !base page size, not
706 * yet implemented for now
707 * MAS 2 : Defaults not useful, need to be redone
708 * MAS 3+7 : Needs to be done
709 *
710 * TODO: mix up code below for better scheduling
711 */
712 clrrdi r11,r16,12 /* Clear low crap in EA */
713 rlwimi r11,r14,32-19,27,31 /* Insert WIMGE */
714 mtspr SPRN_MAS2,r11
715
716 /* Check page size, if not standard, update MAS1 */
717 rldicl r11,r14,64-8,64-8
718#ifdef CONFIG_PPC_64K_PAGES
719 cmpldi cr0,r11,BOOK3E_PAGESZ_64K
720#else
721 cmpldi cr0,r11,BOOK3E_PAGESZ_4K
722#endif
723 beq- 1f
724 mfspr r11,SPRN_MAS1
725 rlwimi r11,r14,31,21,24
726 rlwinm r11,r11,0,21,19
727 mtspr SPRN_MAS1,r11
7281:
729 /* Move RPN in position */
730 rldicr r11,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT
731 clrldi r15,r11,12 /* Clear crap at the top */
732 rlwimi r15,r14,32-8,22,25 /* Move in U bits */
733 rlwimi r15,r14,32-2,26,31 /* Move in BAP bits */
734
735 /* Mask out SW and UW if !DIRTY (XXX optimize this !) */
736 andi. r11,r14,_PAGE_DIRTY
737 bne 1f
738 li r11,MAS3_SW|MAS3_UW
739 andc r15,r15,r11
df5d6ecf
KG		 7401:
741BEGIN_MMU_FTR_SECTION
742 srdi r16,r15,32
743 mtspr SPRN_MAS3,r15
744 mtspr SPRN_MAS7,r16
745MMU_FTR_SECTION_ELSE
746 mtspr SPRN_MAS7_MAS3,r15
747ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS)
25d21ad6
BH		 748
749 tlbwe
750
751normal_tlb_miss_done:
752 /* We don't bother with restoring DEAR or ESR since we know we are
753 * level 0 and just going back to userland. They are only needed
754 * if you are going to take an access fault
755 */
756 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_NORM_OK)
757 TLB_MISS_EPILOG_SUCCESS
758 rfi
759
760normal_tlb_miss_access_fault:
761 /* We need to check if it was an instruction miss */
ea3cc330 762 andi. r10,r11,_PAGE_EXEC
25d21ad6
BH		 763 bne 1f
764 ld r14,EX_TLB_DEAR(r12)
765 ld r15,EX_TLB_ESR(r12)
766 mtspr SPRN_DEAR,r14
767 mtspr SPRN_ESR,r15
768 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT)
769 TLB_MISS_EPILOG_ERROR
770 b exc_data_storage_book3e
7711: TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT)
772 TLB_MISS_EPILOG_ERROR
773 b exc_instruction_storage_book3e
774
775
776/*
777 * This is the guts of the second-level TLB miss handler for direct
778 * misses. We are entered with:
779 *
780 * r16 = virtual page table faulting address
781 * r15 = region (top 4 bits of address)
782 * r14 = crap (free to use)
783 * r13 = PACA
784 * r12 = TLB exception frame in PACA
785 * r11 = crap (free to use)
786 * r10 = crap (free to use)
787 *
788 * Note that this should only ever be called as a second level handler
789 * with the current scheme when using SW load.
790 * That means we can always get the original fault DEAR at
791 * EX_TLB_DEAR-EX_TLB_SIZE(r12)
792 *
793 * It can be re-entered by the linear mapping miss handler. However, to
794 * avoid too much complication, it will restart the whole fault at level
795 * 0 so we don't care too much about clobbers
796 *
797 * XXX That code was written back when we couldn't clobber r14. We can now,
798 * so we could probably optimize things a bit
799 */
800virt_page_table_tlb_miss:
801 /* Are we hitting a kernel page table ? */
802 andi. r10,r15,0x8
803
804 /* The cool thing now is that r10 contains 0 for user and 8 for kernel,
805 * and we happen to have the swapper_pg_dir at offset 8 from the user
806 * pgdir in the PACA :-).
807 */
808 add r11,r10,r13
809
810 /* If kernel, we need to clear MAS1 TID */
811 beq 1f
812 /* XXX replace the RMW cycles with immediate loads + writes */
813 mfspr r10,SPRN_MAS1
814 rlwinm r10,r10,0,16,1 /* Clear TID */
815 mtspr SPRN_MAS1,r10
8161:
df5d6ecf 817BEGIN_MMU_FTR_SECTION
25d21ad6
BH		 818 /* Search if we already have a TLB entry for that virtual address, and
819 * if we do, bail out.
820 */
962cffbd 821 PPC_TLBSRX_DOT(0,R16)
25d21ad6 822 beq virt_page_table_tlb_miss_done
df5d6ecf 823END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_TLBRSRV)
25d21ad6
BH		 824
825 /* Now, we need to walk the page tables. First check if we are in
826 * range.
827 */
828 rldicl. r10,r16,64-(VPTE_INDEX_SIZE+3),VPTE_INDEX_SIZE+3+4
829 bne- virt_page_table_tlb_miss_fault
830
831 /* Get the PGD pointer */
832 ld r15,PACAPGD(r11)
833 cmpldi cr0,r15,0
834 beq- virt_page_table_tlb_miss_fault
835
836 /* Get to PGD entry */
837 rldicl r11,r16,64-VPTE_PGD_SHIFT,64-PGD_INDEX_SIZE-3
838 clrrdi r10,r11,3
839 ldx r15,r10,r15
41151e77
BB		 840 cmpdi cr0,r15,0
841 bge virt_page_table_tlb_miss_fault
25d21ad6
BH		 842
843#ifndef CONFIG_PPC_64K_PAGES
844 /* Get to PUD entry */
845 rldicl r11,r16,64-VPTE_PUD_SHIFT,64-PUD_INDEX_SIZE-3
846 clrrdi r10,r11,3
847 ldx r15,r10,r15
41151e77
BB		 848 cmpdi cr0,r15,0
849 bge virt_page_table_tlb_miss_fault
25d21ad6
BH		 850#endif /* CONFIG_PPC_64K_PAGES */
851
852 /* Get to PMD entry */
853 rldicl r11,r16,64-VPTE_PMD_SHIFT,64-PMD_INDEX_SIZE-3
854 clrrdi r10,r11,3
855 ldx r15,r10,r15
41151e77
BB		 856 cmpdi cr0,r15,0
857 bge virt_page_table_tlb_miss_fault
25d21ad6
BH		 858
859 /* Ok, we're all right, we can now create a kernel translation for
860 * a 4K or 64K page from r16 -> r15.
861 */
862 /* Now we build the MAS:
863 *
864 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG
865 * MAS 1 : Almost fully setup
866 * - PID already updated by caller if necessary
867 * - TSIZE for now is base page size always
868 * MAS 2 : Use defaults
869 * MAS 3+7 : Needs to be done
870 *
871 * So we only do MAS 2 and 3 for now...
872 */
873 clrldi r11,r15,4 /* remove region ID from RPN */
874 ori r10,r11,1 /* Or-in SR */
df5d6ecf
KG		 875
876BEGIN_MMU_FTR_SECTION
877 srdi r16,r10,32
878 mtspr SPRN_MAS3,r10
879 mtspr SPRN_MAS7,r16
880MMU_FTR_SECTION_ELSE
25d21ad6 881 mtspr SPRN_MAS7_MAS3,r10
df5d6ecf 882ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS)
25d21ad6
BH		 883
884 tlbwe
885
df5d6ecf 886BEGIN_MMU_FTR_SECTION
25d21ad6
BH		 887virt_page_table_tlb_miss_done:
888
889 /* We have overriden MAS2:EPN but currently our primary TLB miss
890 * handler will always restore it so that should not be an issue,
891 * if we ever optimize the primary handler to not write MAS2 on
892 * some cases, we'll have to restore MAS2:EPN here based on the
893 * original fault's DEAR. If we do that we have to modify the
894 * ITLB miss handler to also store SRR0 in the exception frame
895 * as DEAR.
896 *
897 * However, one nasty thing we did is we cleared the reservation
898 * (well, potentially we did). We do a trick here thus if we
899 * are not a level 0 exception (we interrupted the TLB miss) we
900 * offset the return address by -4 in order to replay the tlbsrx
901 * instruction there
902 */
903 subf r10,r13,r12
904 cmpldi cr0,r10,PACA_EXTLB+EX_TLB_SIZE
905 bne- 1f
906 ld r11,PACA_EXTLB+EX_TLB_SIZE+EX_TLB_SRR0(r13)
907 addi r10,r11,-4
908 std r10,PACA_EXTLB+EX_TLB_SIZE+EX_TLB_SRR0(r13)
9091:
df5d6ecf 910END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_TLBRSRV)
25d21ad6
BH		 911 /* Return to caller, normal case */
912 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_OK);
913 TLB_MISS_EPILOG_SUCCESS
914 rfi
915
916virt_page_table_tlb_miss_fault:
917 /* If we fault here, things are a little bit tricky. We need to call
25985edc 918 * either data or instruction store fault, and we need to retrieve
25d21ad6
BH		 919 * the original fault address and ESR (for data).
920 *
921 * The thing is, we know that in normal circumstances, this is
922 * always called as a second level tlb miss for SW load or as a first
923 * level TLB miss for HW load, so we should be able to peek at the
f65e51d7 924 * relevant information in the first exception frame in the PACA.
25d21ad6
BH		 925 *
926 * However, we do need to double check that, because we may just hit
927 * a stray kernel pointer or a userland attack trying to hit those
928 * areas. If that is the case, we do a data fault. (We can't get here
929 * from an instruction tlb miss anyway).
930 *
931 * Note also that when going to a fault, we must unwind the previous
932 * level as well. Since we are doing that, we don't need to clear or
933 * restore the TLB reservation neither.
934 */
935 subf r10,r13,r12
936 cmpldi cr0,r10,PACA_EXTLB+EX_TLB_SIZE
937 bne- virt_page_table_tlb_miss_whacko_fault
938
939 /* We dig the original DEAR and ESR from slot 0 */
940 ld r15,EX_TLB_DEAR+PACA_EXTLB(r13)
941 ld r16,EX_TLB_ESR+PACA_EXTLB(r13)
942
943 /* We check for the "special" ESR value for instruction faults */
944 cmpdi cr0,r16,-1
945 beq 1f
946 mtspr SPRN_DEAR,r15
947 mtspr SPRN_ESR,r16
948 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_PT_FAULT);
949 TLB_MISS_EPILOG_ERROR
950 b exc_data_storage_book3e
9511: TLB_MISS_STATS_I(MMSTAT_TLB_MISS_PT_FAULT);
952 TLB_MISS_EPILOG_ERROR
953 b exc_instruction_storage_book3e
954
955virt_page_table_tlb_miss_whacko_fault:
956 /* The linear fault will restart everything so ESR and DEAR will
957 * not have been clobbered, let's just fault with what we have
958 */
959 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_FAULT);
960 TLB_MISS_EPILOG_ERROR
961 b exc_data_storage_book3e
962
963
964/**************************************************************
965 * *
966 * TLB miss handling for Book3E with hw page table support *
967 * *
968 **************************************************************/
969
970
971/* Data TLB miss */
972 START_EXCEPTION(data_tlb_miss_htw)
973 TLB_MISS_PROLOG
974
975 /* Now we handle the fault proper. We only save DEAR in normal
976 * fault case since that's the only interesting values here.
977 * We could probably also optimize by not saving SRR0/1 in the
978 * linear mapping case but I'll leave that for later
979 */
980 mfspr r14,SPRN_ESR
981 mfspr r16,SPRN_DEAR /* get faulting address */
982 srdi r11,r16,60 /* get region */
983 cmpldi cr0,r11,0xc /* linear mapping ? */
984 TLB_MISS_STATS_SAVE_INFO
985 beq tlb_load_linear /* yes -> go to linear map load */
986
987 /* We do the user/kernel test for the PID here along with the RW test
988 */
989 cmpldi cr0,r11,0 /* Check for user region */
990 ld r15,PACAPGD(r13) /* Load user pgdir */
991 beq htw_tlb_miss
992
993 /* XXX replace the RMW cycles with immediate loads + writes */
9941: mfspr r10,SPRN_MAS1
995 cmpldi cr0,r11,8 /* Check for vmalloc region */
996 rlwinm r10,r10,0,16,1 /* Clear TID */
997 mtspr SPRN_MAS1,r10
998 ld r15,PACA_KERNELPGD(r13) /* Load kernel pgdir */
999 beq+ htw_tlb_miss
1000
1001 /* We got a crappy address, just fault with whatever DEAR and ESR
1002 * are here
1003 */
1004 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT)
1005 TLB_MISS_EPILOG_ERROR
1006 b exc_data_storage_book3e
1007
1008/* Instruction TLB miss */
1009 START_EXCEPTION(instruction_tlb_miss_htw)
1010 TLB_MISS_PROLOG
1011
1012 /* If we take a recursive fault, the second level handler may need
1013 * to know whether we are handling a data or instruction fault in
1014 * order to get to the right store fault handler. We provide that
1015 * info by keeping a crazy value for ESR in r14
1016 */
1017 li r14,-1 /* store to exception frame is done later */
1018
1019 /* Now we handle the fault proper. We only save DEAR in the non
1020 * linear mapping case since we know the linear mapping case will
1021 * not re-enter. We could indeed optimize and also not save SRR0/1
1022 * in the linear mapping case but I'll leave that for later
1023 *
1024 * Faulting address is SRR0 which is already in r16
1025 */
1026 srdi r11,r16,60 /* get region */
1027 cmpldi cr0,r11,0xc /* linear mapping ? */
1028 TLB_MISS_STATS_SAVE_INFO
1029 beq tlb_load_linear /* yes -> go to linear map load */
1030
1031 /* We do the user/kernel test for the PID here along with the RW test
1032 */
1033 cmpldi cr0,r11,0 /* Check for user region */
1034 ld r15,PACAPGD(r13) /* Load user pgdir */
1035 beq htw_tlb_miss
1036
1037 /* XXX replace the RMW cycles with immediate loads + writes */
10381: mfspr r10,SPRN_MAS1
1039 cmpldi cr0,r11,8 /* Check for vmalloc region */
1040 rlwinm r10,r10,0,16,1 /* Clear TID */
1041 mtspr SPRN_MAS1,r10
1042 ld r15,PACA_KERNELPGD(r13) /* Load kernel pgdir */
1043 beq+ htw_tlb_miss
1044
1045 /* We got a crappy address, just fault */
1046 TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT)
1047 TLB_MISS_EPILOG_ERROR
1048 b exc_instruction_storage_book3e
1049
1050
1051/*
1052 * This is the guts of the second-level TLB miss handler for direct
1053 * misses. We are entered with:
1054 *
1055 * r16 = virtual page table faulting address
1056 * r15 = PGD pointer
1057 * r14 = ESR
1058 * r13 = PACA
1059 * r12 = TLB exception frame in PACA
1060 * r11 = crap (free to use)
1061 * r10 = crap (free to use)
1062 *
1063 * It can be re-entered by the linear mapping miss handler. However, to
1064 * avoid too much complication, it will save/restore things for us
1065 */
1066htw_tlb_miss:
1067 /* Search if we already have a TLB entry for that virtual address, and
1068 * if we do, bail out.
1069 *
1070 * MAS1:IND should be already set based on MAS4
1071 */
962cffbd 1072 PPC_TLBSRX_DOT(0,R16)
25d21ad6
BH		 1073 beq htw_tlb_miss_done
1074
1075 /* Now, we need to walk the page tables. First check if we are in
1076 * range.
1077 */
1078 rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4
1079 bne- htw_tlb_miss_fault
1080
1081 /* Get the PGD pointer */
1082 cmpldi cr0,r15,0
1083 beq- htw_tlb_miss_fault
1084
1085 /* Get to PGD entry */
1086 rldicl r11,r16,64-(PGDIR_SHIFT-3),64-PGD_INDEX_SIZE-3
1087 clrrdi r10,r11,3
1088 ldx r15,r10,r15
41151e77
BB		 1089 cmpdi cr0,r15,0
1090 bge htw_tlb_miss_fault
25d21ad6
BH		 1091
1092#ifndef CONFIG_PPC_64K_PAGES
1093 /* Get to PUD entry */
1094 rldicl r11,r16,64-(PUD_SHIFT-3),64-PUD_INDEX_SIZE-3
1095 clrrdi r10,r11,3
1096 ldx r15,r10,r15
41151e77
BB		 1097 cmpdi cr0,r15,0
1098 bge htw_tlb_miss_fault
25d21ad6
BH		 1099#endif /* CONFIG_PPC_64K_PAGES */
1100
1101 /* Get to PMD entry */
1102 rldicl r11,r16,64-(PMD_SHIFT-3),64-PMD_INDEX_SIZE-3
1103 clrrdi r10,r11,3
1104 ldx r15,r10,r15
41151e77
BB		 1105 cmpdi cr0,r15,0
1106 bge htw_tlb_miss_fault
25d21ad6
BH		 1107
1108 /* Ok, we're all right, we can now create an indirect entry for
1109 * a 1M or 256M page.
1110 *
1111 * The last trick is now that because we use "half" pages for
1112 * the HTW (1M IND is 2K and 256M IND is 32K) we need to account
1113 * for an added LSB bit to the RPN. For 64K pages, there is no
1114 * problem as we already use 32K arrays (half PTE pages), but for
1115 * 4K page we need to extract a bit from the virtual address and
1116 * insert it into the "PA52" bit of the RPN.
1117 */
1118#ifndef CONFIG_PPC_64K_PAGES
1119 rlwimi r15,r16,32-9,20,20
1120#endif
1121 /* Now we build the MAS:
1122 *
1123 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG
1124 * MAS 1 : Almost fully setup
1125 * - PID already updated by caller if necessary
1126 * - TSIZE for now is base ind page size always
1127 * MAS 2 : Use defaults
1128 * MAS 3+7 : Needs to be done
1129 */
1130#ifdef CONFIG_PPC_64K_PAGES
1131 ori r10,r15,(BOOK3E_PAGESZ_64K << MAS3_SPSIZE_SHIFT)
1132#else
1133 ori r10,r15,(BOOK3E_PAGESZ_4K << MAS3_SPSIZE_SHIFT)
1134#endif
df5d6ecf
KG		 1135
1136BEGIN_MMU_FTR_SECTION
1137 srdi r16,r10,32
1138 mtspr SPRN_MAS3,r10
1139 mtspr SPRN_MAS7,r16
1140MMU_FTR_SECTION_ELSE
25d21ad6 1141 mtspr SPRN_MAS7_MAS3,r10
df5d6ecf 1142ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS)
25d21ad6
BH		 1143
1144 tlbwe
1145
1146htw_tlb_miss_done:
1147 /* We don't bother with restoring DEAR or ESR since we know we are
1148 * level 0 and just going back to userland. They are only needed
1149 * if you are going to take an access fault
1150 */
1151 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_OK)
1152 TLB_MISS_EPILOG_SUCCESS
1153 rfi
1154
1155htw_tlb_miss_fault:
1156 /* We need to check if it was an instruction miss. We know this
1157 * though because r14 would contain -1
1158 */
1159 cmpdi cr0,r14,-1
1160 beq 1f
1161 mtspr SPRN_DEAR,r16
1162 mtspr SPRN_ESR,r14
1163 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_PT_FAULT)
1164 TLB_MISS_EPILOG_ERROR
1165 b exc_data_storage_book3e
11661: TLB_MISS_STATS_I(MMSTAT_TLB_MISS_PT_FAULT)
1167 TLB_MISS_EPILOG_ERROR
1168 b exc_instruction_storage_book3e
1169
1170/*
1171 * This is the guts of "any" level TLB miss handler for kernel linear
1172 * mapping misses. We are entered with:
1173 *
1174 *
1175 * r16 = faulting address
1176 * r15 = crap (free to use)
1177 * r14 = ESR (data) or -1 (instruction)
1178 * r13 = PACA
1179 * r12 = TLB exception frame in PACA
1180 * r11 = crap (free to use)
1181 * r10 = crap (free to use)
1182 *
1183 * In addition we know that we will not re-enter, so in theory, we could
1184 * use a simpler epilog not restoring SRR0/1 etc.. but we'll do that later.
1185 *
1186 * We also need to be careful about MAS registers here & TLB reservation,
1187 * as we know we'll have clobbered them if we interrupt the main TLB miss
1188 * handlers in which case we probably want to do a full restart at level
1189 * 0 rather than saving / restoring the MAS.
1190 *
1191 * Note: If we care about performance of that core, we can easily shuffle
1192 * a few things around
1193 */
1194tlb_load_linear:
1195 /* For now, we assume the linear mapping is contiguous and stops at
1196 * linear_map_top. We also assume the size is a multiple of 1G, thus
1197 * we only use 1G pages for now. That might have to be changed in a
1198 * final implementation, especially when dealing with hypervisors
1199 */
1200 ld r11,PACATOC(r13)
1201 ld r11,linear_map_top@got(r11)
1202 ld r10,0(r11)
60b96223
BK		 1203 tovirt(10,10)
1204 cmpld cr0,r16,r10
25d21ad6
BH		 1205 bge tlb_load_linear_fault
1206
1207 /* MAS1 need whole new setup. */
1208 li r15,(BOOK3E_PAGESZ_1GB<<MAS1_TSIZE_SHIFT)
1209 oris r15,r15,MAS1_VALID@h /* MAS1 needs V and TSIZE */
1210 mtspr SPRN_MAS1,r15
1211
1212 /* Already somebody there ? */
962cffbd 1213 PPC_TLBSRX_DOT(0,R16)
25d21ad6
BH		 1214 beq tlb_load_linear_done
1215
1216 /* Now we build the remaining MAS. MAS0 and 2 should be fine
1217 * with their defaults, which leaves us with MAS 3 and 7. The
1218 * mapping is linear, so we just take the address, clear the
1219 * region bits, and or in the permission bits which are currently
1220 * hard wired
1221 */
1222 clrrdi r10,r16,30 /* 1G page index */
1223 clrldi r10,r10,4 /* clear region bits */
1224 ori r10,r10,MAS3_SR|MAS3_SW|MAS3_SX
df5d6ecf
KG		 1225
1226BEGIN_MMU_FTR_SECTION
1227 srdi r16,r10,32
1228 mtspr SPRN_MAS3,r10
1229 mtspr SPRN_MAS7,r16
1230MMU_FTR_SECTION_ELSE
25d21ad6 1231 mtspr SPRN_MAS7_MAS3,r10
df5d6ecf 1232ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS)
25d21ad6
BH		 1233
1234 tlbwe
1235
1236tlb_load_linear_done:
1237 /* We use the "error" epilog for success as we do want to
1238 * restore to the initial faulting context, whatever it was.
1239 * We do that because we can't resume a fault within a TLB
1240 * miss handler, due to MAS and TLB reservation being clobbered.
1241 */
1242 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_LINEAR)
1243 TLB_MISS_EPILOG_ERROR
1244 rfi
1245
1246tlb_load_linear_fault:
1247 /* We keep the DEAR and ESR around, this shouldn't have happened */
1248 cmpdi cr0,r14,-1
1249 beq 1f
1250 TLB_MISS_EPILOG_ERROR_SPECIAL
1251 b exc_data_storage_book3e
12521: TLB_MISS_EPILOG_ERROR_SPECIAL
1253 b exc_instruction_storage_book3e
1254
1255
1256#ifdef CONFIG_BOOK3E_MMU_TLB_STATS
1257.tlb_stat_inc:
12581: ldarx r8,0,r9
1259 addi r8,r8,1
1260 stdcx. r8,0,r9
1261 bne- 1b
1262 blr
1263#endif
Linux kernel - Deliverables
This page took 0.527242 seconds and 5 git commands to generate.