CoCalc -- tlb_low

GitHub Repository: torvalds/linux
Path: blob/master/arch/powerpc/mm/nohash/tlb_low_64e.S
²⁶⁴⁸¹ views
1
/* SPDX-License-Identifier: GPL-2.0-or-later */
2
/*
3
 *  Low level TLB miss handlers for Book3E
4
 *
5
 *  Copyright (C) 2008-2009
6
 *      Ben. Herrenschmidt ([email protected]), IBM Corp.
7
 */
8

9
#include <linux/pgtable.h>
10
#include <asm/processor.h>
11
#include <asm/reg.h>
12
#include <asm/page.h>
13
#include <asm/mmu.h>
14
#include <asm/ppc_asm.h>
15
#include <asm/asm-offsets.h>
16
#include <asm/cputable.h>
17
#include <asm/exception-64e.h>
18
#include <asm/ppc-opcode.h>
19
#include <asm/kvm_asm.h>
20
#include <asm/kvm_booke_hv_asm.h>
21
#include <asm/feature-fixups.h>
22

23
#define VPTE_PMD_SHIFT	(PTE_INDEX_SIZE)
24
#define VPTE_PUD_SHIFT	(VPTE_PMD_SHIFT + PMD_INDEX_SIZE)
25
#define VPTE_PGD_SHIFT	(VPTE_PUD_SHIFT + PUD_INDEX_SIZE)
26
#define VPTE_INDEX_SIZE (VPTE_PGD_SHIFT + PGD_INDEX_SIZE)
27

28
/**********************************************************************
29
 *                                                                    *
30
 * TLB miss handling for Book3E with a bolted linear mapping          *
31
 * No virtual page table, no nested TLB misses                        *
32
 *                                                                    *
33
 **********************************************************************/
34

35
/*
36
 * Note that, unlike non-bolted handlers, TLB_EXFRAME is not
37
 * modified by the TLB miss handlers themselves, since the TLB miss
38
 * handler code will not itself cause a recursive TLB miss.
39
 *
40
 * TLB_EXFRAME will be modified when crit/mc/debug exceptions are
41
 * entered/exited.
42
 */
43
.macro tlb_prolog_bolted intnum addr
44
	mtspr	SPRN_SPRG_GEN_SCRATCH,r12
45
	mfspr	r12,SPRN_SPRG_TLB_EXFRAME
46
	std	r13,EX_TLB_R13(r12)
47
	std	r10,EX_TLB_R10(r12)
48
	mfspr	r13,SPRN_SPRG_PACA
49

50
	mfcr	r10
51
	std	r11,EX_TLB_R11(r12)
52
#ifdef CONFIG_KVM_BOOKE_HV
53
BEGIN_FTR_SECTION
54
	mfspr	r11, SPRN_SRR1
55
END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
56
#endif
57
	DO_KVM	\intnum, SPRN_SRR1
58
	std	r16,EX_TLB_R16(r12)
59
	mfspr	r16,\addr		/* get faulting address */
60
	std	r14,EX_TLB_R14(r12)
61
	ld	r14,PACAPGD(r13)
62
	std	r15,EX_TLB_R15(r12)
63
	std	r10,EX_TLB_CR(r12)
64
START_BTB_FLUSH_SECTION
65
	mfspr r11, SPRN_SRR1
66
	andi. r10,r11,MSR_PR
67
	beq 1f
68
	BTB_FLUSH(r10)
69
1:
70
END_BTB_FLUSH_SECTION
71
	std	r7,EX_TLB_R7(r12)
72
.endm
73

74
.macro tlb_epilog_bolted
75
	ld	r14,EX_TLB_CR(r12)
76
	ld	r7,EX_TLB_R7(r12)
77
	ld	r10,EX_TLB_R10(r12)
78
	ld	r11,EX_TLB_R11(r12)
79
	ld	r13,EX_TLB_R13(r12)
80
	mtcr	r14
81
	ld	r14,EX_TLB_R14(r12)
82
	ld	r15,EX_TLB_R15(r12)
83
	ld	r16,EX_TLB_R16(r12)
84
	mfspr	r12,SPRN_SPRG_GEN_SCRATCH
85
.endm
86

87
/* Data TLB miss */
88
	START_EXCEPTION(data_tlb_miss_bolted)
89
	tlb_prolog_bolted BOOKE_INTERRUPT_DTLB_MISS SPRN_DEAR
90

91
	/* We need _PAGE_PRESENT and  _PAGE_ACCESSED set */
92

93
	/* We do the user/kernel test for the PID here along with the RW test
94
	 */
95
	/* We pre-test some combination of permissions to avoid double
96
	 * faults:
97
	 *
98
	 * We move the ESR:ST bit into the position of _PAGE_BAP_SW in the PTE
99
	 * ESR_ST   is 0x00800000
100
	 * _PAGE_BAP_SW is 0x00000010
101
	 * So the shift is >> 19. This tests for supervisor writeability.
102
	 * If the page happens to be supervisor writeable and not user
103
	 * writeable, we will take a new fault later, but that should be
104
	 * a rare enough case.
105
	 *
106
	 * We also move ESR_ST in _PAGE_DIRTY position
107
	 * _PAGE_DIRTY is 0x00001000 so the shift is >> 11
108
	 *
109
	 * MAS1 is preset for all we need except for TID that needs to
110
	 * be cleared for kernel translations
111
	 */
112

113
	mfspr	r11,SPRN_ESR
114

115
	srdi	r15,r16,60		/* get region */
116
	rldicl.	r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4
117
	bne-	dtlb_miss_fault_bolted	/* Bail if fault addr is invalid */
118

119
	rlwinm	r10,r11,32-19,27,27
120
	rlwimi	r10,r11,32-16,19,19
121
	cmpwi	r15,0			/* user vs kernel check */
122
	ori	r10,r10,_PAGE_PRESENT
123
	oris	r11,r10,_PAGE_ACCESSED@h
124

125
	bne	tlb_miss_kernel_bolted
126

127
tlb_miss_user_bolted:
128
#ifdef CONFIG_PPC_KUAP
129
	mfspr	r10,SPRN_MAS1
130
	rlwinm.	r10,r10,0,0x3fff0000
131
	beq-	tlb_miss_fault_bolted /* KUAP fault */
132
#endif
133

134
tlb_miss_common_bolted:
135
/*
136
 * This is the guts of the TLB miss handler for bolted-linear.
137
 * We are entered with:
138
 *
139
 * r16 = faulting address
140
 * r15 = crap (free to use)
141
 * r14 = page table base
142
 * r13 = PACA
143
 * r11 = PTE permission mask
144
 * r10 = crap (free to use)
145
 */
146
	rldicl	r15,r16,64-PGDIR_SHIFT+3,64-PGD_INDEX_SIZE-3
147
	cmpldi	cr0,r14,0
148
	clrrdi	r15,r15,3
149
	beq	tlb_miss_fault_bolted	/* No PGDIR, bail */
150

151
	ldx	r14,r14,r15		/* grab pgd entry */
152

153
	rldicl	r15,r16,64-PUD_SHIFT+3,64-PUD_INDEX_SIZE-3
154
	clrrdi	r15,r15,3
155
	cmpdi	cr0,r14,0
156
	bge	tlb_miss_fault_bolted	/* Bad pgd entry or hugepage; bail */
157
	ldx	r14,r14,r15		/* grab pud entry */
158

159
	rldicl	r15,r16,64-PMD_SHIFT+3,64-PMD_INDEX_SIZE-3
160
	clrrdi	r15,r15,3
161
	cmpdi	cr0,r14,0
162
	bge	tlb_miss_fault_bolted
163
	ldx	r14,r14,r15		/* Grab pmd entry */
164

165
	rldicl	r15,r16,64-PAGE_SHIFT+3,64-PTE_INDEX_SIZE-3
166
	clrrdi	r15,r15,3
167
	cmpdi	cr0,r14,0
168
	bge	tlb_miss_fault_bolted
169
	ldx	r14,r14,r15		/* Grab PTE, normal (!huge) page */
170

171
	/* Check if required permissions are met */
172
	andc.	r15,r11,r14
173
	rldicr	r15,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT
174
	bne-	tlb_miss_fault_bolted
175

176
	/* Now we build the MAS:
177
	 *
178
	 * MAS 0   :	Fully setup with defaults in MAS4 and TLBnCFG
179
	 * MAS 1   :	Almost fully setup
180
	 *               - PID already updated by caller if necessary
181
	 *               - TSIZE need change if !base page size, not
182
	 *                 yet implemented for now
183
	 * MAS 2   :	Defaults not useful, need to be redone
184
	 * MAS 3+7 :	Needs to be done
185
	 */
186
	clrrdi	r11,r16,12		/* Clear low crap in EA */
187
	clrldi	r15,r15,12		/* Clear crap at the top */
188
	rlwimi	r11,r14,32-19,27,31	/* Insert WIMGE */
189
	rlwimi	r15,r14,32-8,22,25	/* Move in U bits */
190
	mtspr	SPRN_MAS2,r11
191
	andi.	r11,r14,_PAGE_DIRTY
192
	rlwimi	r15,r14,32-2,26,31	/* Move in BAP bits */
193

194
	/* Mask out SW and UW if !DIRTY (XXX optimize this !) */
195
	bne	1f
196
	li	r11,MAS3_SW|MAS3_UW
197
	andc	r15,r15,r11
198
1:
199
	mtspr	SPRN_MAS7_MAS3,r15
200
	tlbwe
201

202
tlb_miss_done_bolted:
203
	tlb_epilog_bolted
204
	rfi
205

206
itlb_miss_kernel_bolted:
207
	li	r11,_PAGE_PRESENT|_PAGE_BAP_SX	/* Base perm */
208
	oris	r11,r11,_PAGE_ACCESSED@h
209
tlb_miss_kernel_bolted:
210
	mfspr	r10,SPRN_MAS1
211
	ld	r14,PACA_KERNELPGD(r13)
212
	srdi	r15,r16,44		/* get kernel region */
213
	andi.	r15,r15,1		/* Check for vmalloc region */
214
	rlwinm	r10,r10,0,16,1		/* Clear TID */
215
	mtspr	SPRN_MAS1,r10
216
	bne+	tlb_miss_common_bolted
217

218
tlb_miss_fault_bolted:
219
	/* We need to check if it was an instruction miss */
220
	andi.	r10,r11,_PAGE_BAP_UX|_PAGE_BAP_SX
221
	bne	itlb_miss_fault_bolted
222
dtlb_miss_fault_bolted:
223
	tlb_epilog_bolted
224
	b	exc_data_storage_book3e
225
itlb_miss_fault_bolted:
226
	tlb_epilog_bolted
227
	b	exc_instruction_storage_book3e
228

229
/* Instruction TLB miss */
230
	START_EXCEPTION(instruction_tlb_miss_bolted)
231
	tlb_prolog_bolted BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR0
232

233
	rldicl.	r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4
234
	srdi	r15,r16,60		/* get region */
235
	bne-	itlb_miss_fault_bolted
236

237
	li	r11,_PAGE_PRESENT|_PAGE_BAP_UX	/* Base perm */
238

239
	/* We do the user/kernel test for the PID here along with the RW test
240
	 */
241

242
	cmpldi	cr0,r15,0			/* Check for user region */
243
	oris	r11,r11,_PAGE_ACCESSED@h
244
	beq	tlb_miss_user_bolted
245
	b	itlb_miss_kernel_bolted
246

247
/*
248
 * TLB miss handling for e6500 and derivatives, using hardware tablewalk.
249
 *
250
 * Linear mapping is bolted: no virtual page table or nested TLB misses
251
 * Indirect entries in TLB1, hardware loads resulting direct entries
252
 *    into TLB0
253
 * No HES or NV hint on TLB1, so we need to do software round-robin
254
 * No tlbsrx. so we need a spinlock, and we have to deal
255
 *    with MAS-damage caused by tlbsx
256
 * 4K pages only
257
 */
258

259
	START_EXCEPTION(instruction_tlb_miss_e6500)
260
	tlb_prolog_bolted BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR0
261

262
	ld	r11,PACA_TCD_PTR(r13)
263
	srdi.	r15,r16,60		/* get region */
264
	ori	r16,r16,1
265

266
	bne	tlb_miss_kernel_e6500	/* user/kernel test */
267

268
	b	tlb_miss_common_e6500
269

270
	START_EXCEPTION(data_tlb_miss_e6500)
271
	tlb_prolog_bolted BOOKE_INTERRUPT_DTLB_MISS SPRN_DEAR
272

273
	ld	r11,PACA_TCD_PTR(r13)
274
	srdi.	r15,r16,60		/* get region */
275
	rldicr	r16,r16,0,62
276

277
	bne	tlb_miss_kernel_e6500	/* user vs kernel check */
278

279
/*
280
 * This is the guts of the TLB miss handler for e6500 and derivatives.
281
 * We are entered with:
282
 *
283
 * r16 = page of faulting address (low bit 0 if data, 1 if instruction)
284
 * r15 = crap (free to use)
285
 * r14 = page table base
286
 * r13 = PACA
287
 * r11 = tlb_per_core ptr
288
 * r10 = crap (free to use)
289
 * r7  = esel_next
290
 */
291
tlb_miss_common_e6500:
292
	crmove	cr2*4+2,cr0*4+2		/* cr2.eq != 0 if kernel address */
293

294
BEGIN_FTR_SECTION		/* CPU_FTR_SMT */
295
	/*
296
	 * Search if we already have an indirect entry for that virtual
297
	 * address, and if we do, bail out.
298
	 *
299
	 * MAS6:IND should be already set based on MAS4
300
	 */
301
	lhz	r10,PACAPACAINDEX(r13)
302
	addi	r10,r10,1
303
	crclr	cr1*4+eq	/* set cr1.eq = 0 for non-recursive */
304
1:	lbarx	r15,0,r11
305
	cmpdi	r15,0
306
	bne	2f
307
	stbcx.	r10,0,r11
308
	bne	1b
309
3:
310
	.subsection 1
311
2:	cmpd	cr1,r15,r10	/* recursive lock due to mcheck/crit/etc? */
312
	beq	cr1,3b		/* unlock will happen if cr1.eq = 0 */
313
10:	lbz	r15,0(r11)
314
	cmpdi	r15,0
315
	bne	10b
316
	b	1b
317
	.previous
318
END_FTR_SECTION_IFSET(CPU_FTR_SMT)
319

320
	lbz	r7,TCD_ESEL_NEXT(r11)
321

322
BEGIN_FTR_SECTION		/* CPU_FTR_SMT */
323
	/*
324
	 * Erratum A-008139 says that we can't use tlbwe to change
325
	 * an indirect entry in any way (including replacing or
326
	 * invalidating) if the other thread could be in the process
327
	 * of a lookup.  The workaround is to invalidate the entry
328
	 * with tlbilx before overwriting.
329
	 */
330

331
	rlwinm	r10,r7,16,0xff0000
332
	oris	r10,r10,MAS0_TLBSEL(1)@h
333
	mtspr	SPRN_MAS0,r10
334
	isync
335
	tlbre
336
	mfspr	r15,SPRN_MAS1
337
	andis.	r15,r15,MAS1_VALID@h
338
	beq	5f
339

340
BEGIN_FTR_SECTION_NESTED(532)
341
	mfspr	r10,SPRN_MAS8
342
	rlwinm	r10,r10,0,0x80000fff  /* tgs,tlpid -> sgs,slpid */
343
	mtspr	SPRN_MAS5,r10
344
END_FTR_SECTION_NESTED(CPU_FTR_EMB_HV,CPU_FTR_EMB_HV,532)
345

346
	mfspr	r10,SPRN_MAS1
347
	rlwinm	r15,r10,0,0x3fff0000  /* tid -> spid */
348
	rlwimi	r15,r10,20,0x00000003 /* ind,ts -> sind,sas */
349
	mfspr	r10,SPRN_MAS6
350
	mtspr	SPRN_MAS6,r15
351

352
	mfspr	r15,SPRN_MAS2
353
	isync
354
	PPC_TLBILX_VA(0,R15)
355
	isync
356

357
	mtspr	SPRN_MAS6,r10
358

359
5:
360
BEGIN_FTR_SECTION_NESTED(532)
361
	li	r10,0
362
	mtspr	SPRN_MAS8,r10
363
	mtspr	SPRN_MAS5,r10
364
END_FTR_SECTION_NESTED(CPU_FTR_EMB_HV,CPU_FTR_EMB_HV,532)
365

366
	tlbsx	0,r16
367
	mfspr	r10,SPRN_MAS1
368
	andis.	r15,r10,MAS1_VALID@h
369
	bne	tlb_miss_done_e6500
370
FTR_SECTION_ELSE
371
	mfspr	r10,SPRN_MAS1
372
ALT_FTR_SECTION_END_IFSET(CPU_FTR_SMT)
373

374
	oris	r10,r10,MAS1_VALID@h
375
	beq	cr2,4f
376
	rlwinm	r10,r10,0,16,1		/* Clear TID */
377
4:	mtspr	SPRN_MAS1,r10
378

379
	/* Now, we need to walk the page tables. First check if we are in
380
	 * range.
381
	 */
382
	rldicl.	r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4
383
	bne-	tlb_miss_fault_e6500
384

385
	rldicl	r15,r16,64-PGDIR_SHIFT+3,64-PGD_INDEX_SIZE-3
386
	cmpldi	cr0,r14,0
387
	clrrdi	r15,r15,3
388
	beq-	tlb_miss_fault_e6500 /* No PGDIR, bail */
389
	ldx	r14,r14,r15		/* grab pgd entry */
390

391
	rldicl	r15,r16,64-PUD_SHIFT+3,64-PUD_INDEX_SIZE-3
392
	clrrdi	r15,r15,3
393
	cmpdi	cr0,r14,0
394
	bge	tlb_miss_huge_e6500	/* Bad pgd entry or hugepage; bail */
395
	ldx	r14,r14,r15		/* grab pud entry */
396

397
	rldicl	r15,r16,64-PMD_SHIFT+3,64-PMD_INDEX_SIZE-3
398
	clrrdi	r15,r15,3
399
	cmpdi	cr0,r14,0
400
	bge	tlb_miss_huge_e6500
401
	ldx	r14,r14,r15		/* Grab pmd entry */
402

403
	mfspr	r10,SPRN_MAS0
404
	cmpdi	cr0,r14,0
405
	bge	tlb_miss_huge_e6500
406

407
	/* Now we build the MAS for a 2M indirect page:
408
	 *
409
	 * MAS 0   :	ESEL needs to be filled by software round-robin
410
	 * MAS 1   :	Fully set up
411
	 *               - PID already updated by caller if necessary
412
	 *               - TSIZE for now is base ind page size always
413
	 *               - TID already cleared if necessary
414
	 * MAS 2   :	Default not 2M-aligned, need to be redone
415
	 * MAS 3+7 :	Needs to be done
416
	 */
417

418
	ori	r14,r14,(BOOK3E_PAGESZ_4K << MAS3_SPSIZE_SHIFT)
419
	mtspr	SPRN_MAS7_MAS3,r14
420

421
	clrrdi	r15,r16,21		/* make EA 2M-aligned */
422
	mtspr	SPRN_MAS2,r15
423

424
tlb_miss_huge_done_e6500:
425
	lbz	r16,TCD_ESEL_MAX(r11)
426
	lbz	r14,TCD_ESEL_FIRST(r11)
427
	rlwimi	r10,r7,16,0x00ff0000	/* insert esel_next into MAS0 */
428
	addi	r7,r7,1			/* increment esel_next */
429
	mtspr	SPRN_MAS0,r10
430
	cmpw	r7,r16
431
	iseleq	r7,r14,r7		/* if next == last use first */
432
	stb	r7,TCD_ESEL_NEXT(r11)
433

434
	tlbwe
435

436
tlb_miss_done_e6500:
437
	.macro	tlb_unlock_e6500
438
BEGIN_FTR_SECTION
439
	beq	cr1,1f		/* no unlock if lock was recursively grabbed */
440
	li	r15,0
441
	isync
442
	stb	r15,0(r11)
443
1:
444
END_FTR_SECTION_IFSET(CPU_FTR_SMT)
445
	.endm
446

447
	tlb_unlock_e6500
448
	tlb_epilog_bolted
449
	rfi
450

451
tlb_miss_huge_e6500:
452
	beq	tlb_miss_fault_e6500
453
	rlwinm	r15,r14,32-_PAGE_PSIZE_SHIFT,0x1e
454

455
	/*
456
	 * Now we build the MAS for a huge page.
457
	 *
458
	 * MAS 0   :	ESEL needs to be filled by software round-robin
459
	 *		 - can be handled by indirect code
460
	 * MAS 1   :	Need to clear IND and set TSIZE
461
	 * MAS 2,3+7:	Needs to be redone similar to non-tablewalk handler
462
	 */
463

464
	mfspr	r10,SPRN_MAS1
465
	rlwinm	r10,r10,0,~MAS1_IND
466
	rlwimi	r10,r15,MAS1_TSIZE_SHIFT,MAS1_TSIZE_MASK
467
	mtspr	SPRN_MAS1,r10
468

469
	li	r10,-0x400
470
	sld	r15,r10,r15		/* Generate mask based on size */
471
	and	r10,r16,r15
472
	rldicr	r15,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT
473
	rlwimi	r10,r14,32-19,27,31	/* Insert WIMGE */
474
	clrldi	r15,r15,PAGE_SHIFT	/* Clear crap at the top */
475
	rlwimi	r15,r14,32-8,22,25	/* Move in U bits */
476
	mtspr	SPRN_MAS2,r10
477
	andi.	r10,r14,_PAGE_DIRTY
478
	rlwimi	r15,r14,32-2,26,31	/* Move in BAP bits */
479

480
	/* Mask out SW and UW if !DIRTY (XXX optimize this !) */
481
	bne	1f
482
	li	r10,MAS3_SW|MAS3_UW
483
	andc	r15,r15,r10
484
1:
485
	mtspr	SPRN_MAS7_MAS3,r15
486

487
	mfspr	r10,SPRN_MAS0
488
	b	tlb_miss_huge_done_e6500
489

490
tlb_miss_kernel_e6500:
491
	ld	r14,PACA_KERNELPGD(r13)
492
	srdi	r15,r16,44		/* get kernel region */
493
	xoris	r15,r15,0xc		/* Check for vmalloc region */
494
	cmplwi	cr1,r15,1
495
	beq+	cr1,tlb_miss_common_e6500
496

497
tlb_miss_fault_e6500:
498
	tlb_unlock_e6500
499
	/* We need to check if it was an instruction miss */
500
	andi.	r16,r16,1
501
	bne	itlb_miss_fault_e6500
502
dtlb_miss_fault_e6500:
503
	tlb_epilog_bolted
504
	b	exc_data_storage_book3e
505
itlb_miss_fault_e6500:
506
	tlb_epilog_bolted
507
	b	exc_instruction_storage_book3e
508

509
/*
510
 * This is the guts of the second-level TLB miss handler for direct
511
 * misses. We are entered with:
512
 *
513
 * r16 = virtual page table faulting address
514
 * r15 = region (top 4 bits of address)
515
 * r14 = crap (free to use)
516
 * r13 = PACA
517
 * r12 = TLB exception frame in PACA
518
 * r11 = crap (free to use)
519
 * r10 = crap (free to use)
520
 *
521
 * Note that this should only ever be called as a second level handler
522
 * with the current scheme when using SW load.
523
 * That means we can always get the original fault DEAR at
524
 * EX_TLB_DEAR-EX_TLB_SIZE(r12)
525
 *
526
 * It can be re-entered by the linear mapping miss handler. However, to
527
 * avoid too much complication, it will restart the whole fault at level
528
 * 0 so we don't care too much about clobbers
529
 *
530
 * XXX That code was written back when we couldn't clobber r14. We can now,
531
 * so we could probably optimize things a bit
532
 */
533
virt_page_table_tlb_miss:
534
	/* Are we hitting a kernel page table ? */
535
	srdi	r15,r16,60
536
	andi.	r10,r15,0x8
537

538
	/* The cool thing now is that r10 contains 0 for user and 8 for kernel,
539
	 * and we happen to have the swapper_pg_dir at offset 8 from the user
540
	 * pgdir in the PACA :-).
541
	 */
542
	add	r11,r10,r13
543

544
	/* If kernel, we need to clear MAS1 TID */
545
	beq	1f
546
	/* XXX replace the RMW cycles with immediate loads + writes */
547
	mfspr	r10,SPRN_MAS1
548
	rlwinm	r10,r10,0,16,1			/* Clear TID */
549
	mtspr	SPRN_MAS1,r10
550
#ifdef CONFIG_PPC_KUAP
551
	b	2f
552
1:
553
	mfspr	r10,SPRN_MAS1
554
	rlwinm.	r10,r10,0,0x3fff0000
555
	beq-	virt_page_table_tlb_miss_fault /* KUAP fault */
556
2:
557
#else
558
1:
559
#endif
560

561
	/* Now, we need to walk the page tables. First check if we are in
562
	 * range.
563
	 */
564
	rldicl	r10,r16,64-(VPTE_INDEX_SIZE+3),VPTE_INDEX_SIZE+3+4
565
	cmpldi	r10,0x80
566
	bne-	virt_page_table_tlb_miss_fault
567

568
	/* Get the PGD pointer */
569
	ld	r15,PACAPGD(r11)
570
	cmpldi	cr0,r15,0
571
	beq-	virt_page_table_tlb_miss_fault
572

573
	/* Get to PGD entry */
574
	rldicl	r11,r16,64-VPTE_PGD_SHIFT,64-PGD_INDEX_SIZE-3
575
	clrrdi	r10,r11,3
576
	ldx	r15,r10,r15
577
	cmpdi	cr0,r15,0
578
	bge	virt_page_table_tlb_miss_fault
579

580
	/* Get to PUD entry */
581
	rldicl	r11,r16,64-VPTE_PUD_SHIFT,64-PUD_INDEX_SIZE-3
582
	clrrdi	r10,r11,3
583
	ldx	r15,r10,r15
584
	cmpdi	cr0,r15,0
585
	bge	virt_page_table_tlb_miss_fault
586

587
	/* Get to PMD entry */
588
	rldicl	r11,r16,64-VPTE_PMD_SHIFT,64-PMD_INDEX_SIZE-3
589
	clrrdi	r10,r11,3
590
	ldx	r15,r10,r15
591
	cmpdi	cr0,r15,0
592
	bge	virt_page_table_tlb_miss_fault
593

594
	/* Ok, we're all right, we can now create a kernel translation for
595
	 * a 4K or 64K page from r16 -> r15.
596
	 */
597
	/* Now we build the MAS:
598
	 *
599
	 * MAS 0   :	Fully setup with defaults in MAS4 and TLBnCFG
600
	 * MAS 1   :	Almost fully setup
601
	 *               - PID already updated by caller if necessary
602
	 *               - TSIZE for now is base page size always
603
	 * MAS 2   :	Use defaults
604
	 * MAS 3+7 :	Needs to be done
605
	 *
606
	 * So we only do MAS 2 and 3 for now...
607
	 */
608
	clrldi	r11,r15,4		/* remove region ID from RPN */
609
	ori	r10,r11,1		/* Or-in SR */
610

611
	srdi	r16,r10,32
612
	mtspr	SPRN_MAS3,r10
613
	mtspr	SPRN_MAS7,r16
614

615
	tlbwe
616

617
	/* Return to caller, normal case */
618
	TLB_MISS_EPILOG_SUCCESS
619
	rfi
620

621
virt_page_table_tlb_miss_fault:
622
	/* If we fault here, things are a little bit tricky. We need to call
623
	 * either data or instruction store fault, and we need to retrieve
624
	 * the original fault address and ESR (for data).
625
	 *
626
	 * The thing is, we know that in normal circumstances, this is
627
	 * always called as a second level tlb miss for SW load or as a first
628
	 * level TLB miss for HW load, so we should be able to peek at the
629
	 * relevant information in the first exception frame in the PACA.
630
	 *
631
	 * However, we do need to double check that, because we may just hit
632
	 * a stray kernel pointer or a userland attack trying to hit those
633
	 * areas. If that is the case, we do a data fault. (We can't get here
634
	 * from an instruction tlb miss anyway).
635
	 *
636
	 * Note also that when going to a fault, we must unwind the previous
637
	 * level as well. Since we are doing that, we don't need to clear or
638
	 * restore the TLB reservation neither.
639
	 */
640
	subf	r10,r13,r12
641
	cmpldi	cr0,r10,PACA_EXTLB+EX_TLB_SIZE
642
	bne-	virt_page_table_tlb_miss_whacko_fault
643

644
	/* We dig the original DEAR and ESR from slot 0 */
645
	ld	r15,EX_TLB_DEAR+PACA_EXTLB(r13)
646
	ld	r16,EX_TLB_ESR+PACA_EXTLB(r13)
647

648
	/* We check for the "special" ESR value for instruction faults */
649
	cmpdi	cr0,r16,-1
650
	beq	1f
651
	mtspr	SPRN_DEAR,r15
652
	mtspr	SPRN_ESR,r16
653
	TLB_MISS_EPILOG_ERROR
654
	b	exc_data_storage_book3e
655
1:	TLB_MISS_EPILOG_ERROR
656
	b	exc_instruction_storage_book3e
657

658
virt_page_table_tlb_miss_whacko_fault:
659
	/* The linear fault will restart everything so ESR and DEAR will
660
	 * not have been clobbered, let's just fault with what we have
661
	 */
662
	TLB_MISS_EPILOG_ERROR
663
	b	exc_data_storage_book3e
664

665
/*
666
 * This is the guts of "any" level TLB miss handler for kernel linear
667
 * mapping misses. We are entered with:
668
 *
669
 *
670
 * r16 = faulting address
671
 * r15 = crap (free to use)
672
 * r14 = ESR (data) or -1 (instruction)
673
 * r13 = PACA
674
 * r12 = TLB exception frame in PACA
675
 * r11 = crap (free to use)
676
 * r10 = crap (free to use)
677
 *
678
 * In addition we know that we will not re-enter, so in theory, we could
679
 * use a simpler epilog not restoring SRR0/1 etc.. but we'll do that later.
680
 *
681
 * We also need to be careful about MAS registers here & TLB reservation,
682
 * as we know we'll have clobbered them if we interrupt the main TLB miss
683
 * handlers in which case we probably want to do a full restart at level
684
 * 0 rather than saving / restoring the MAS.
685
 *
686
 * Note: If we care about performance of that core, we can easily shuffle
687
 *       a few things around
688
 */
689
tlb_load_linear:
690
	/* For now, we assume the linear mapping is contiguous and stops at
691
	 * linear_map_top. We also assume the size is a multiple of 1G, thus
692
	 * we only use 1G pages for now. That might have to be changed in a
693
	 * final implementation, especially when dealing with hypervisors
694
	 */
695
	__LOAD_PACA_TOC(r11)
696
	LOAD_REG_ADDR_ALTTOC(r11, r11, linear_map_top)
697
	ld	r10,0(r11)
698
	tovirt(10,10)
699
	cmpld	cr0,r16,r10
700
	bge	tlb_load_linear_fault
701

702
	/* MAS1 need whole new setup. */
703
	li	r15,(BOOK3E_PAGESZ_1GB<<MAS1_TSIZE_SHIFT)
704
	oris	r15,r15,MAS1_VALID@h	/* MAS1 needs V and TSIZE */
705
	mtspr	SPRN_MAS1,r15
706

707
	/* Already somebody there ? */
708
	PPC_TLBSRX_DOT(0,R16)
709
	beq	tlb_load_linear_done
710

711
	/* Now we build the remaining MAS. MAS0 and 2 should be fine
712
	 * with their defaults, which leaves us with MAS 3 and 7. The
713
	 * mapping is linear, so we just take the address, clear the
714
	 * region bits, and or in the permission bits which are currently
715
	 * hard wired
716
	 */
717
	clrrdi	r10,r16,30		/* 1G page index */
718
	clrldi	r10,r10,4		/* clear region bits */
719
	ori	r10,r10,MAS3_SR|MAS3_SW|MAS3_SX
720

721
	srdi	r16,r10,32
722
	mtspr	SPRN_MAS3,r10
723
	mtspr	SPRN_MAS7,r16
724

725
	tlbwe
726

727
tlb_load_linear_done:
728
	/* We use the "error" epilog for success as we do want to
729
	 * restore to the initial faulting context, whatever it was.
730
	 * We do that because we can't resume a fault within a TLB
731
	 * miss handler, due to MAS and TLB reservation being clobbered.
732
	 */
733
	TLB_MISS_EPILOG_ERROR
734
	rfi
735

736
tlb_load_linear_fault:
737
	/* We keep the DEAR and ESR around, this shouldn't have happened */
738
	cmpdi	cr0,r14,-1
739
	beq	1f
740
	TLB_MISS_EPILOG_ERROR_SPECIAL
741
	b	exc_data_storage_book3e
742
1:	TLB_MISS_EPILOG_ERROR_SPECIAL
743
	b	exc_instruction_storage_book3e
744

745
Product

Resources

Company
