1/* 2 * TLB Exception Handling for ARC 3 * 4 * Copyright (C) 2004, 2007-2010, 2011-2012 Synopsys, Inc. (www.synopsys.com) 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 2 as 8 * published by the Free Software Foundation. 9 * 10 * Vineetg: April 2011 : 11 * -MMU v1: moved out legacy code into a seperate file 12 * -MMU v3: PD{0,1} bits layout changed: They don't overlap anymore, 13 * helps avoid a shift when preparing PD0 from PTE 14 * 15 * Vineetg: July 2009 16 * -For MMU V2, we need not do heuristics at the time of commiting a D-TLB 17 * entry, so that it doesn't knock out it's I-TLB entry 18 * -Some more fine tuning: 19 * bmsk instead of add, asl.cc instead of branch, delay slot utilise etc 20 * 21 * Vineetg: July 2009 22 * -Practically rewrote the I/D TLB Miss handlers 23 * Now 40 and 135 instructions a peice as compared to 131 and 449 resp. 24 * Hence Leaner by 1.5 K 25 * Used Conditional arithmetic to replace excessive branching 26 * Also used short instructions wherever possible 27 * 28 * Vineetg: Aug 13th 2008 29 * -Passing ECR (Exception Cause REG) to do_page_fault( ) for printing 30 * more information in case of a Fatality 31 * 32 * Vineetg: March 25th Bug #92690 33 * -Added Debug Code to check if sw-ASID == hw-ASID 34 35 * Rahul Trivedi, Amit Bhor: Codito Technologies 2004 36 */ 37 38 .cpu A7 39 40#include <linux/linkage.h> 41#include <asm/entry.h> 42#include <asm/tlb.h> 43#include <asm/pgtable.h> 44#include <asm/arcregs.h> 45#include <asm/cache.h> 46#include <asm/processor.h> 47#if (CONFIG_ARC_MMU_VER == 1) 48#include <asm/tlb-mmu1.h> 49#endif 50 51;-------------------------------------------------------------------------- 52; scratch memory to save the registers (r0-r3) used to code TLB refill Handler 53; For details refer to comments before TLBMISS_FREEUP_REGS below 54;-------------------------------------------------------------------------- 55 56ARCFP_DATA ex_saved_reg1 57 .align 1 << L1_CACHE_SHIFT ; IMP: Must be Cache Line aligned 58 .type ex_saved_reg1, @object 59#ifdef CONFIG_SMP 60 .size ex_saved_reg1, (CONFIG_NR_CPUS << L1_CACHE_SHIFT) 61ex_saved_reg1: 62 .zero (CONFIG_NR_CPUS << L1_CACHE_SHIFT) 63#else 64 .size ex_saved_reg1, 16 65ex_saved_reg1: 66 .zero 16 67#endif 68 69;============================================================================ 70; Troubleshooting Stuff 71;============================================================================ 72 73; Linux keeps ASID (Address Space ID) in task->active_mm->context.asid 74; When Creating TLB Entries, instead of doing 3 dependent loads from memory, 75; we use the MMU PID Reg to get current ASID. 76; In bizzare scenrios SW and HW ASID can get out-of-sync which is trouble. 77; So we try to detect this in TLB Mis shandler 78 79 80.macro DBG_ASID_MISMATCH 81 82#ifdef CONFIG_ARC_DBG_TLB_PARANOIA 83 84 ; make sure h/w ASID is same as s/w ASID 85 86 GET_CURR_TASK_ON_CPU r3 87 ld r0, [r3, TASK_ACT_MM] 88 ld r0, [r0, MM_CTXT+MM_CTXT_ASID] 89 90 lr r1, [ARC_REG_PID] 91 and r1, r1, 0xFF 92 breq r1, r0, 5f 93 94 ; Error if H/w and S/w ASID don't match, but NOT if in kernel mode 95 lr r0, [erstatus] 96 bbit0 r0, STATUS_U_BIT, 5f 97 98 ; We sure are in troubled waters, Flag the error, but to do so 99 ; need to switch to kernel mode stack to call error routine 100 GET_TSK_STACK_BASE r3, sp 101 102 ; Call printk to shoutout aloud 103 mov r0, 1 104 j print_asid_mismatch 105 1065: ; ASIDs match so proceed normally 107 nop 108 109#endif 110 111.endm 112 113;============================================================================ 114;TLB Miss handling Code 115;============================================================================ 116 117;----------------------------------------------------------------------------- 118; This macro does the page-table lookup for the faulting address. 119; OUT: r0 = PTE faulted on, r1 = ptr to PTE, r2 = Faulting V-address 120.macro LOAD_FAULT_PTE 121 122 lr r2, [efa] 123 124#ifndef CONFIG_SMP 125 lr r1, [ARC_REG_SCRATCH_DATA0] ; current pgd 126#else 127 GET_CURR_TASK_ON_CPU r1 128 ld r1, [r1, TASK_ACT_MM] 129 ld r1, [r1, MM_PGD] 130#endif 131 132 lsr r0, r2, PGDIR_SHIFT ; Bits for indexing into PGD 133 ld.as r1, [r1, r0] ; PGD entry corresp to faulting addr 134 and.f r1, r1, PAGE_MASK ; Ignoring protection and other flags 135 ; contains Ptr to Page Table 136 bz.d do_slow_path_pf ; if no Page Table, do page fault 137 138 ; Get the PTE entry: The idea is 139 ; (1) x = addr >> PAGE_SHIFT -> masks page-off bits from @fault-addr 140 ; (2) y = x & (PTRS_PER_PTE - 1) -> to get index 141 ; (3) z = pgtbl[y] 142 ; To avoid the multiply by in end, we do the -2, <<2 below 143 144 lsr r0, r2, (PAGE_SHIFT - 2) 145 and r0, r0, ( (PTRS_PER_PTE - 1) << 2) 146 ld.aw r0, [r1, r0] ; get PTE and PTE ptr for fault addr 147#ifdef CONFIG_ARC_DBG_TLB_MISS_COUNT 148 and.f 0, r0, _PAGE_PRESENT 149 bz 1f 150 ld r2, [num_pte_not_present] 151 add r2, r2, 1 152 st r2, [num_pte_not_present] 1531: 154#endif 155 156.endm 157 158;----------------------------------------------------------------- 159; Convert Linux PTE entry into TLB entry 160; A one-word PTE entry is programmed as two-word TLB Entry [PD0:PD1] in mmu 161; IN: r0 = PTE, r1 = ptr to PTE 162 163.macro CONV_PTE_TO_TLB 164 and r3, r0, PTE_BITS_IN_PD1 ; Extract permission flags+PFN from PTE 165 sr r3, [ARC_REG_TLBPD1] ; these go in PD1 166 167 and r2, r0, PTE_BITS_IN_PD0 ; Extract other PTE flags: (V)alid, (G)lb 168#if (CONFIG_ARC_MMU_VER <= 2) /* Neednot be done with v3 onwards */ 169 lsr r2, r2 ; shift PTE flags to match layout in PD0 170#endif 171 172 lr r3,[ARC_REG_TLBPD0] ; MMU prepares PD0 with vaddr and asid 173 174 or r3, r3, r2 ; S | vaddr | {sasid|asid} 175 sr r3,[ARC_REG_TLBPD0] ; rewrite PD0 176.endm 177 178;----------------------------------------------------------------- 179; Commit the TLB entry into MMU 180 181.macro COMMIT_ENTRY_TO_MMU 182 183 /* Get free TLB slot: Set = computed from vaddr, way = random */ 184 sr TLBGetIndex, [ARC_REG_TLBCOMMAND] 185 186 /* Commit the Write */ 187#if (CONFIG_ARC_MMU_VER >= 2) /* introduced in v2 */ 188 sr TLBWriteNI, [ARC_REG_TLBCOMMAND] 189#else 190 sr TLBWrite, [ARC_REG_TLBCOMMAND] 191#endif 192.endm 193 194;----------------------------------------------------------------- 195; ARC700 Exception Handling doesn't auto-switch stack and it only provides 196; ONE scratch AUX reg "ARC_REG_SCRATCH_DATA0" 197; 198; For Non-SMP, the scratch AUX reg is repurposed to cache task PGD, so a 199; "global" is used to free-up FIRST core reg to be able to code the rest of 200; exception prologue (IRQ auto-disabled on Exceptions, so it's IRQ-safe). 201; Since the Fast Path TLB Miss handler is coded with 4 regs, the remaining 3 202; need to be saved as well by extending the "global" to be 4 words. Hence 203; ".size ex_saved_reg1, 16" 204; [All of this dance is to avoid stack switching for each TLB Miss, since we 205; only need to save only a handful of regs, as opposed to complete reg file] 206; 207; For ARC700 SMP, the "global" obviously can't be used for free up the FIRST 208; core reg as it will not be SMP safe. 209; Thus scratch AUX reg is used (and no longer used to cache task PGD). 210; To save the rest of 3 regs - per cpu, the global is made "per-cpu". 211; Epilogue thus has to locate the "per-cpu" storage for regs. 212; To avoid cache line bouncing the per-cpu global is aligned/sized per 213; L1_CACHE_SHIFT, despite fundamentally needing to be 12 bytes only. Hence 214; ".size ex_saved_reg1, (CONFIG_NR_CPUS << L1_CACHE_SHIFT)" 215 216; As simple as that.... 217 218.macro TLBMISS_FREEUP_REGS 219#ifdef CONFIG_SMP 220 sr r0, [ARC_REG_SCRATCH_DATA0] ; freeup r0 to code with 221 GET_CPU_ID r0 ; get to per cpu scratch mem, 222 lsl r0, r0, L1_CACHE_SHIFT ; cache line wide per cpu 223 add r0, @ex_saved_reg1, r0 224#else 225 st r0, [@ex_saved_reg1] 226 mov_s r0, @ex_saved_reg1 227#endif 228 st_s r1, [r0, 4] 229 st_s r2, [r0, 8] 230 st_s r3, [r0, 12] 231 232 ; VERIFY if the ASID in MMU-PID Reg is same as 233 ; one in Linux data structures 234 235 DBG_ASID_MISMATCH 236.endm 237 238;----------------------------------------------------------------- 239.macro TLBMISS_RESTORE_REGS 240#ifdef CONFIG_SMP 241 GET_CPU_ID r0 ; get to per cpu scratch mem 242 lsl r0, r0, L1_CACHE_SHIFT ; each is cache line wide 243 add r0, @ex_saved_reg1, r0 244 ld_s r3, [r0,12] 245 ld_s r2, [r0, 8] 246 ld_s r1, [r0, 4] 247 lr r0, [ARC_REG_SCRATCH_DATA0] 248#else 249 mov_s r0, @ex_saved_reg1 250 ld_s r3, [r0,12] 251 ld_s r2, [r0, 8] 252 ld_s r1, [r0, 4] 253 ld_s r0, [r0] 254#endif 255.endm 256 257ARCFP_CODE ;Fast Path Code, candidate for ICCM 258 259;----------------------------------------------------------------------------- 260; I-TLB Miss Exception Handler 261;----------------------------------------------------------------------------- 262 263ARC_ENTRY EV_TLBMissI 264 265 TLBMISS_FREEUP_REGS 266 267#ifdef CONFIG_ARC_DBG_TLB_MISS_COUNT 268 ld r0, [@numitlb] 269 add r0, r0, 1 270 st r0, [@numitlb] 271#endif 272 273 ;---------------------------------------------------------------- 274 ; Get the PTE corresponding to V-addr accessed 275 LOAD_FAULT_PTE 276 277 ;---------------------------------------------------------------- 278 ; VERIFY_PTE: Check if PTE permissions approp for executing code 279 cmp_s r2, VMALLOC_START 280 mov.lo r2, (_PAGE_PRESENT | _PAGE_READ | _PAGE_EXECUTE) 281 mov.hs r2, (_PAGE_PRESENT | _PAGE_K_READ | _PAGE_K_EXECUTE) 282 283 and r3, r0, r2 ; Mask out NON Flag bits from PTE 284 xor.f r3, r3, r2 ; check ( ( pte & flags_test ) == flags_test ) 285 bnz do_slow_path_pf 286 287 ; Let Linux VM know that the page was accessed 288 or r0, r0, (_PAGE_PRESENT | _PAGE_ACCESSED) ; set Accessed Bit 289 st_s r0, [r1] ; Write back PTE 290 291 CONV_PTE_TO_TLB 292 COMMIT_ENTRY_TO_MMU 293 TLBMISS_RESTORE_REGS 294 rtie 295 296ARC_EXIT EV_TLBMissI 297 298;----------------------------------------------------------------------------- 299; D-TLB Miss Exception Handler 300;----------------------------------------------------------------------------- 301 302ARC_ENTRY EV_TLBMissD 303 304 TLBMISS_FREEUP_REGS 305 306#ifdef CONFIG_ARC_DBG_TLB_MISS_COUNT 307 ld r0, [@numdtlb] 308 add r0, r0, 1 309 st r0, [@numdtlb] 310#endif 311 312 ;---------------------------------------------------------------- 313 ; Get the PTE corresponding to V-addr accessed 314 ; If PTE exists, it will setup, r0 = PTE, r1 = Ptr to PTE 315 LOAD_FAULT_PTE 316 317 ;---------------------------------------------------------------- 318 ; VERIFY_PTE: Chk if PTE permissions approp for data access (R/W/R+W) 319 320 mov_s r2, 0 321 lr r3, [ecr] 322 btst_s r3, ECR_C_BIT_DTLB_LD_MISS ; Read Access 323 or.nz r2, r2, _PAGE_READ ; chk for Read flag in PTE 324 btst_s r3, ECR_C_BIT_DTLB_ST_MISS ; Write Access 325 or.nz r2, r2, _PAGE_WRITE ; chk for Write flag in PTE 326 ; Above laddering takes care of XCHG access 327 ; which is both Read and Write 328 329 ; If kernel mode access, ; make _PAGE_xx flags as _PAGE_K_xx 330 ; For copy_(to|from)_user, despite exception taken in kernel mode, 331 ; this code is not hit, because EFA would still be the user mode 332 ; address (EFA < 0x6000_0000). 333 ; This code is for legit kernel mode faults, vmalloc specifically 334 ; (EFA: 0x7000_0000 to 0x7FFF_FFFF) 335 336 lr r3, [efa] 337 cmp r3, VMALLOC_START - 1 ; If kernel mode access 338 asl.hi r2, r2, 3 ; make _PAGE_xx flags as _PAGE_K_xx 339 or r2, r2, _PAGE_PRESENT ; Common flag for K/U mode 340 341 ; By now, r2 setup with all the Flags we need to check in PTE 342 and r3, r0, r2 ; Mask out NON Flag bits from PTE 343 brne.d r3, r2, do_slow_path_pf ; is ((pte & flags_test) == flags_test) 344 345 ;---------------------------------------------------------------- 346 ; UPDATE_PTE: Let Linux VM know that page was accessed/dirty 347 lr r3, [ecr] 348 or r0, r0, (_PAGE_PRESENT | _PAGE_ACCESSED) ; Accessed bit always 349 btst_s r3, ECR_C_BIT_DTLB_ST_MISS ; See if it was a Write Access ? 350 or.nz r0, r0, _PAGE_MODIFIED ; if Write, set Dirty bit as well 351 st_s r0, [r1] ; Write back PTE 352 353 CONV_PTE_TO_TLB 354 355#if (CONFIG_ARC_MMU_VER == 1) 356 ; MMU with 2 way set assoc J-TLB, needs some help in pathetic case of 357 ; memcpy where 3 parties contend for 2 ways, ensuing a livelock. 358 ; But only for old MMU or one with Metal Fix 359 TLB_WRITE_HEURISTICS 360#endif 361 362 COMMIT_ENTRY_TO_MMU 363 TLBMISS_RESTORE_REGS 364 rtie 365 366;-------- Common routine to call Linux Page Fault Handler ----------- 367do_slow_path_pf: 368 369 ; Restore the 4-scratch regs saved by fast path miss handler 370 TLBMISS_RESTORE_REGS 371 372 ; Slow path TLB Miss handled as a regular ARC Exception 373 ; (stack switching / save the complete reg-file). 374 ; That requires freeing up r9 375 EXCPN_PROLOG_FREEUP_REG r9 376 377 lr r9, [erstatus] 378 379 SWITCH_TO_KERNEL_STK 380 SAVE_ALL_SYS 381 382 ; ------- setup args for Linux Page fault Hanlder --------- 383 mov_s r0, sp 384 lr r2, [efa] 385 lr r3, [ecr] 386 387 ; Both st and ex imply WRITE access of some sort, hence do_page_fault( ) 388 ; invoked with write=1 for DTLB-st/ex Miss and write=0 for ITLB miss or 389 ; DTLB-ld Miss 390 ; DTLB Miss Cause code is ld = 0x01 , st = 0x02, ex = 0x03 391 ; Following code uses that fact that st/ex have one bit in common 392 393 btst_s r3, ECR_C_BIT_DTLB_ST_MISS 394 mov.z r1, 0 395 mov.nz r1, 1 396 397 ; We don't want exceptions to be disabled while the fault is handled. 398 ; Now that we have saved the context we return from exception hence 399 ; exceptions get re-enable 400 401 FAKE_RET_FROM_EXCPN r9 402 403 bl do_page_fault 404 b ret_from_exception 405 406ARC_EXIT EV_TLBMissD 407 408ARC_ENTRY EV_TLBMissB ; Bogus entry to measure sz of DTLBMiss hdlr 409