1/* 2 * arch/ia64/kernel/ivt.S 3 * 4 * Copyright (C) 1998-2001, 2003, 2005 Hewlett-Packard Co 5 * Stephane Eranian <eranian@hpl.hp.com> 6 * David Mosberger <davidm@hpl.hp.com> 7 * Copyright (C) 2000, 2002-2003 Intel Co 8 * Asit Mallick <asit.k.mallick@intel.com> 9 * Suresh Siddha <suresh.b.siddha@intel.com> 10 * Kenneth Chen <kenneth.w.chen@intel.com> 11 * Fenghua Yu <fenghua.yu@intel.com> 12 * 13 * 00/08/23 Asit Mallick <asit.k.mallick@intel.com> TLB handling for SMP 14 * 00/12/20 David Mosberger-Tang <davidm@hpl.hp.com> DTLB/ITLB handler now uses virtual PT. 15 */ 16/* 17 * This file defines the interruption vector table used by the CPU. 18 * It does not include one entry per possible cause of interruption. 19 * 20 * The first 20 entries of the table contain 64 bundles each while the 21 * remaining 48 entries contain only 16 bundles each. 22 * 23 * The 64 bundles are used to allow inlining the whole handler for critical 24 * interruptions like TLB misses. 25 * 26 * For each entry, the comment is as follows: 27 * 28 * // 0x1c00 Entry 7 (size 64 bundles) Data Key Miss (12,51) 29 * entry offset ----/ / / / / 30 * entry number ---------/ / / / 31 * size of the entry -------------/ / / 32 * vector name -------------------------------------/ / 33 * interruptions triggering this vector ----------------------/ 34 * 35 * The table is 32KB in size and must be aligned on 32KB boundary. 36 * (The CPU ignores the 15 lower bits of the address) 37 * 38 * Table is based upon EAS2.6 (Oct 1999) 39 */ 40 41 42#include <asm/asmmacro.h> 43#include <asm/break.h> 44#include <asm/ia32.h> 45#include <asm/kregs.h> 46#include <asm/asm-offsets.h> 47#include <asm/pgtable.h> 48#include <asm/processor.h> 49#include <asm/ptrace.h> 50#include <asm/system.h> 51#include <asm/thread_info.h> 52#include <asm/unistd.h> 53#include <asm/errno.h> 54 55#if 1 56# define PSR_DEFAULT_BITS psr.ac 57#else 58# define PSR_DEFAULT_BITS 0 59#endif 60 61#if 0 62 /* 63 * This lets you track the last eight faults that occurred on the CPU. Make sure ar.k2 isn't 64 * needed for something else before enabling this... 65 */ 66# define DBG_FAULT(i) mov r16=ar.k2;; shl r16=r16,8;; add r16=(i),r16;;mov ar.k2=r16 67#else 68# define DBG_FAULT(i) 69#endif 70 71#include "minstate.h" 72 73#define FAULT(n) \ 74 mov r31=pr; \ 75 mov r19=n;; /* prepare to save predicates */ \ 76 br.sptk.many dispatch_to_fault_handler 77 78 .section .text.ivt,"ax" 79 80 .align 32768 // align on 32KB boundary 81 .global ia64_ivt 82ia64_ivt: 83///////////////////////////////////////////////////////////////////////////////////////// 84// 0x0000 Entry 0 (size 64 bundles) VHPT Translation (8,20,47) 85ENTRY(vhpt_miss) 86 DBG_FAULT(0) 87 /* 88 * The VHPT vector is invoked when the TLB entry for the virtual page table 89 * is missing. This happens only as a result of a previous 90 * (the "original") TLB miss, which may either be caused by an instruction 91 * fetch or a data access (or non-access). 92 * 93 * What we do here is normal TLB miss handing for the _original_ miss, 94 * followed by inserting the TLB entry for the virtual page table page 95 * that the VHPT walker was attempting to access. The latter gets 96 * inserted as long as page table entry above pte level have valid 97 * mappings for the faulting address. The TLB entry for the original 98 * miss gets inserted only if the pte entry indicates that the page is 99 * present. 100 * 101 * do_page_fault gets invoked in the following cases: 102 * - the faulting virtual address uses unimplemented address bits 103 * - the faulting virtual address has no valid page table mapping 104 */ 105 mov r16=cr.ifa // get address that caused the TLB miss 106#ifdef CONFIG_HUGETLB_PAGE 107 movl r18=PAGE_SHIFT 108 mov r25=cr.itir 109#endif 110 ;; 111 rsm psr.dt // use physical addressing for data 112 mov r31=pr // save the predicate registers 113 mov r19=IA64_KR(PT_BASE) // get page table base address 114 shl r21=r16,3 // shift bit 60 into sign bit 115 shr.u r17=r16,61 // get the region number into r17 116 ;; 117 shr.u r22=r21,3 118#ifdef CONFIG_HUGETLB_PAGE 119 extr.u r26=r25,2,6 120 ;; 121 cmp.ne p8,p0=r18,r26 122 sub r27=r26,r18 123 ;; 124(p8) dep r25=r18,r25,2,6 125(p8) shr r22=r22,r27 126#endif 127 ;; 128 cmp.eq p6,p7=5,r17 // is IFA pointing into to region 5? 129 shr.u r18=r22,PGDIR_SHIFT // get bottom portion of pgd index bit 130 ;; 131(p7) dep r17=r17,r19,(PAGE_SHIFT-3),3 // put region number bits in place 132 133 srlz.d 134 LOAD_PHYSICAL(p6, r19, swapper_pg_dir) // region 5 is rooted at swapper_pg_dir 135 136 .pred.rel "mutex", p6, p7 137(p6) shr.u r21=r21,PGDIR_SHIFT+PAGE_SHIFT 138(p7) shr.u r21=r21,PGDIR_SHIFT+PAGE_SHIFT-3 139 ;; 140(p6) dep r17=r18,r19,3,(PAGE_SHIFT-3) // r17=pgd_offset for region 5 141(p7) dep r17=r18,r17,3,(PAGE_SHIFT-6) // r17=pgd_offset for region[0-4] 142 cmp.eq p7,p6=0,r21 // unused address bits all zeroes? 143#ifdef CONFIG_PGTABLE_4 144 shr.u r28=r22,PUD_SHIFT // shift pud index into position 145#else 146 shr.u r18=r22,PMD_SHIFT // shift pmd index into position 147#endif 148 ;; 149 ld8 r17=[r17] // get *pgd (may be 0) 150 ;; 151(p7) cmp.eq p6,p7=r17,r0 // was pgd_present(*pgd) == NULL? 152#ifdef CONFIG_PGTABLE_4 153 dep r28=r28,r17,3,(PAGE_SHIFT-3) // r28=pud_offset(pgd,addr) 154 ;; 155 shr.u r18=r22,PMD_SHIFT // shift pmd index into position 156(p7) ld8 r29=[r28] // get *pud (may be 0) 157 ;; 158(p7) cmp.eq.or.andcm p6,p7=r29,r0 // was pud_present(*pud) == NULL? 159 dep r17=r18,r29,3,(PAGE_SHIFT-3) // r17=pmd_offset(pud,addr) 160#else 161 dep r17=r18,r17,3,(PAGE_SHIFT-3) // r17=pmd_offset(pgd,addr) 162#endif 163 ;; 164(p7) ld8 r20=[r17] // get *pmd (may be 0) 165 shr.u r19=r22,PAGE_SHIFT // shift pte index into position 166 ;; 167(p7) cmp.eq.or.andcm p6,p7=r20,r0 // was pmd_present(*pmd) == NULL? 168 dep r21=r19,r20,3,(PAGE_SHIFT-3) // r21=pte_offset(pmd,addr) 169 ;; 170(p7) ld8 r18=[r21] // read *pte 171 mov r19=cr.isr // cr.isr bit 32 tells us if this is an insn miss 172 ;; 173(p7) tbit.z p6,p7=r18,_PAGE_P_BIT // page present bit cleared? 174 mov r22=cr.iha // get the VHPT address that caused the TLB miss 175 ;; // avoid RAW on p7 176(p7) tbit.nz.unc p10,p11=r19,32 // is it an instruction TLB miss? 177 dep r23=0,r20,0,PAGE_SHIFT // clear low bits to get page address 178 ;; 179(p10) itc.i r18 // insert the instruction TLB entry 180(p11) itc.d r18 // insert the data TLB entry 181(p6) br.cond.spnt.many page_fault // handle bad address/page not present (page fault) 182 mov cr.ifa=r22 183 184#ifdef CONFIG_HUGETLB_PAGE 185(p8) mov cr.itir=r25 // change to default page-size for VHPT 186#endif 187 188 /* 189 * Now compute and insert the TLB entry for the virtual page table. We never 190 * execute in a page table page so there is no need to set the exception deferral 191 * bit. 192 */ 193 adds r24=__DIRTY_BITS_NO_ED|_PAGE_PL_0|_PAGE_AR_RW,r23 194 ;; 195(p7) itc.d r24 196 ;; 197#ifdef CONFIG_SMP 198 /* 199 * Tell the assemblers dependency-violation checker that the above "itc" instructions 200 * cannot possibly affect the following loads: 201 */ 202 dv_serialize_data 203 204 /* 205 * Re-check pagetable entry. If they changed, we may have received a ptc.g 206 * between reading the pagetable and the "itc". If so, flush the entry we 207 * inserted and retry. At this point, we have: 208 * 209 * r28 = equivalent of pud_offset(pgd, ifa) 210 * r17 = equivalent of pmd_offset(pud, ifa) 211 * r21 = equivalent of pte_offset(pmd, ifa) 212 * 213 * r29 = *pud 214 * r20 = *pmd 215 * r18 = *pte 216 */ 217 ld8 r25=[r21] // read *pte again 218 ld8 r26=[r17] // read *pmd again 219#ifdef CONFIG_PGTABLE_4 220 ld8 r19=[r28] // read *pud again 221#endif 222 cmp.ne p6,p7=r0,r0 223 ;; 224 cmp.ne.or.andcm p6,p7=r26,r20 // did *pmd change 225#ifdef CONFIG_PGTABLE_4 226 cmp.ne.or.andcm p6,p7=r19,r29 // did *pud change 227#endif 228 mov r27=PAGE_SHIFT<<2 229 ;; 230(p6) ptc.l r22,r27 // purge PTE page translation 231(p7) cmp.ne.or.andcm p6,p7=r25,r18 // did *pte change 232 ;; 233(p6) ptc.l r16,r27 // purge translation 234#endif 235 236 mov pr=r31,-1 // restore predicate registers 237 rfi 238END(vhpt_miss) 239 240 .org ia64_ivt+0x400 241///////////////////////////////////////////////////////////////////////////////////////// 242// 0x0400 Entry 1 (size 64 bundles) ITLB (21) 243ENTRY(itlb_miss) 244 DBG_FAULT(1) 245 /* 246 * The ITLB handler accesses the PTE via the virtually mapped linear 247 * page table. If a nested TLB miss occurs, we switch into physical 248 * mode, walk the page table, and then re-execute the PTE read and 249 * go on normally after that. 250 */ 251 mov r16=cr.ifa // get virtual address 252 mov r29=b0 // save b0 253 mov r31=pr // save predicates 254.itlb_fault: 255 mov r17=cr.iha // get virtual address of PTE 256 movl r30=1f // load nested fault continuation point 257 ;; 2581: ld8 r18=[r17] // read *pte 259 ;; 260 mov b0=r29 261 tbit.z p6,p0=r18,_PAGE_P_BIT // page present bit cleared? 262(p6) br.cond.spnt page_fault 263 ;; 264 itc.i r18 265 ;; 266#ifdef CONFIG_SMP 267 /* 268 * Tell the assemblers dependency-violation checker that the above "itc" instructions 269 * cannot possibly affect the following loads: 270 */ 271 dv_serialize_data 272 273 ld8 r19=[r17] // read *pte again and see if same 274 mov r20=PAGE_SHIFT<<2 // setup page size for purge 275 ;; 276 cmp.ne p7,p0=r18,r19 277 ;; 278(p7) ptc.l r16,r20 279#endif 280 mov pr=r31,-1 281 rfi 282END(itlb_miss) 283 284 .org ia64_ivt+0x0800 285///////////////////////////////////////////////////////////////////////////////////////// 286// 0x0800 Entry 2 (size 64 bundles) DTLB (9,48) 287ENTRY(dtlb_miss) 288 DBG_FAULT(2) 289 /* 290 * The DTLB handler accesses the PTE via the virtually mapped linear 291 * page table. If a nested TLB miss occurs, we switch into physical 292 * mode, walk the page table, and then re-execute the PTE read and 293 * go on normally after that. 294 */ 295 mov r16=cr.ifa // get virtual address 296 mov r29=b0 // save b0 297 mov r31=pr // save predicates 298dtlb_fault: 299 mov r17=cr.iha // get virtual address of PTE 300 movl r30=1f // load nested fault continuation point 301 ;; 3021: ld8 r18=[r17] // read *pte 303 ;; 304 mov b0=r29 305 tbit.z p6,p0=r18,_PAGE_P_BIT // page present bit cleared? 306(p6) br.cond.spnt page_fault 307 ;; 308 itc.d r18 309 ;; 310#ifdef CONFIG_SMP 311 /* 312 * Tell the assemblers dependency-violation checker that the above "itc" instructions 313 * cannot possibly affect the following loads: 314 */ 315 dv_serialize_data 316 317 ld8 r19=[r17] // read *pte again and see if same 318 mov r20=PAGE_SHIFT<<2 // setup page size for purge 319 ;; 320 cmp.ne p7,p0=r18,r19 321 ;; 322(p7) ptc.l r16,r20 323#endif 324 mov pr=r31,-1 325 rfi 326END(dtlb_miss) 327 328 .org ia64_ivt+0x0c00 329///////////////////////////////////////////////////////////////////////////////////////// 330// 0x0c00 Entry 3 (size 64 bundles) Alt ITLB (19) 331ENTRY(alt_itlb_miss) 332 DBG_FAULT(3) 333 mov r16=cr.ifa // get address that caused the TLB miss 334 movl r17=PAGE_KERNEL 335 mov r21=cr.ipsr 336 movl r19=(((1 << IA64_MAX_PHYS_BITS) - 1) & ~0xfff) 337 mov r31=pr 338 ;; 339#ifdef CONFIG_DISABLE_VHPT 340 shr.u r22=r16,61 // get the region number into r21 341 ;; 342 cmp.gt p8,p0=6,r22 // user mode 343 ;; 344(p8) thash r17=r16 345 ;; 346(p8) mov cr.iha=r17 347(p8) mov r29=b0 // save b0 348(p8) br.cond.dptk .itlb_fault 349#endif 350 extr.u r23=r21,IA64_PSR_CPL0_BIT,2 // extract psr.cpl 351 and r19=r19,r16 // clear ed, reserved bits, and PTE control bits 352 shr.u r18=r16,57 // move address bit 61 to bit 4 353 ;; 354 andcm r18=0x10,r18 // bit 4=~address-bit(61) 355 cmp.ne p8,p0=r0,r23 // psr.cpl != 0? 356 or r19=r17,r19 // insert PTE control bits into r19 357 ;; 358 or r19=r19,r18 // set bit 4 (uncached) if the access was to region 6 359(p8) br.cond.spnt page_fault 360 ;; 361 itc.i r19 // insert the TLB entry 362 mov pr=r31,-1 363 rfi 364END(alt_itlb_miss) 365 366 .org ia64_ivt+0x1000 367///////////////////////////////////////////////////////////////////////////////////////// 368// 0x1000 Entry 4 (size 64 bundles) Alt DTLB (7,46) 369ENTRY(alt_dtlb_miss) 370 DBG_FAULT(4) 371 mov r16=cr.ifa // get address that caused the TLB miss 372 movl r17=PAGE_KERNEL 373 mov r20=cr.isr 374 movl r19=(((1 << IA64_MAX_PHYS_BITS) - 1) & ~0xfff) 375 mov r21=cr.ipsr 376 mov r31=pr 377 mov r24=PERCPU_ADDR 378 ;; 379#ifdef CONFIG_DISABLE_VHPT 380 shr.u r22=r16,61 // get the region number into r21 381 ;; 382 cmp.gt p8,p0=6,r22 // access to region 0-5 383 ;; 384(p8) thash r17=r16 385 ;; 386(p8) mov cr.iha=r17 387(p8) mov r29=b0 // save b0 388(p8) br.cond.dptk dtlb_fault 389#endif 390 cmp.ge p10,p11=r16,r24 // access to per_cpu_data? 391 tbit.z p12,p0=r16,61 // access to region 6? 392 mov r25=PERCPU_PAGE_SHIFT << 2 393 mov r26=PERCPU_PAGE_SIZE 394 nop.m 0 395 nop.b 0 396 ;; 397(p10) mov r19=IA64_KR(PER_CPU_DATA) 398(p11) and r19=r19,r16 // clear non-ppn fields 399 extr.u r23=r21,IA64_PSR_CPL0_BIT,2 // extract psr.cpl 400 and r22=IA64_ISR_CODE_MASK,r20 // get the isr.code field 401 tbit.nz p6,p7=r20,IA64_ISR_SP_BIT // is speculation bit on? 402 tbit.nz p9,p0=r20,IA64_ISR_NA_BIT // is non-access bit on? 403 ;; 404(p10) sub r19=r19,r26 405(p10) mov cr.itir=r25 406 cmp.ne p8,p0=r0,r23 407(p9) cmp.eq.or.andcm p6,p7=IA64_ISR_CODE_LFETCH,r22 // check isr.code field 408(p12) dep r17=-1,r17,4,1 // set ma=UC for region 6 addr 409(p8) br.cond.spnt page_fault 410 411 dep r21=-1,r21,IA64_PSR_ED_BIT,1 412 ;; 413 or r19=r19,r17 // insert PTE control bits into r19 414(p6) mov cr.ipsr=r21 415 ;; 416(p7) itc.d r19 // insert the TLB entry 417 mov pr=r31,-1 418 rfi 419END(alt_dtlb_miss) 420 421 .org ia64_ivt+0x1400 422///////////////////////////////////////////////////////////////////////////////////////// 423// 0x1400 Entry 5 (size 64 bundles) Data nested TLB (6,45) 424ENTRY(nested_dtlb_miss) 425 /* 426 * In the absence of kernel bugs, we get here when the virtually mapped linear 427 * page table is accessed non-speculatively (e.g., in the Dirty-bit, Instruction 428 * Access-bit, or Data Access-bit faults). If the DTLB entry for the virtual page 429 * table is missing, a nested TLB miss fault is triggered and control is 430 * transferred to this point. When this happens, we lookup the pte for the 431 * faulting address by walking the page table in physical mode and return to the 432 * continuation point passed in register r30 (or call page_fault if the address is 433 * not mapped). 434 * 435 * Input: r16: faulting address 436 * r29: saved b0 437 * r30: continuation address 438 * r31: saved pr 439 * 440 * Output: r17: physical address of PTE of faulting address 441 * r29: saved b0 442 * r30: continuation address 443 * r31: saved pr 444 * 445 * Clobbered: b0, r18, r19, r21, r22, psr.dt (cleared) 446 */ 447 rsm psr.dt // switch to using physical data addressing 448 mov r19=IA64_KR(PT_BASE) // get the page table base address 449 shl r21=r16,3 // shift bit 60 into sign bit 450 mov r18=cr.itir 451 ;; 452 shr.u r17=r16,61 // get the region number into r17 453 extr.u r18=r18,2,6 // get the faulting page size 454 ;; 455 cmp.eq p6,p7=5,r17 // is faulting address in region 5? 456 add r22=-PAGE_SHIFT,r18 // adjustment for hugetlb address 457 add r18=PGDIR_SHIFT-PAGE_SHIFT,r18 458 ;; 459 shr.u r22=r16,r22 460 shr.u r18=r16,r18 461(p7) dep r17=r17,r19,(PAGE_SHIFT-3),3 // put region number bits in place 462 463 srlz.d 464 LOAD_PHYSICAL(p6, r19, swapper_pg_dir) // region 5 is rooted at swapper_pg_dir 465 466 .pred.rel "mutex", p6, p7 467(p6) shr.u r21=r21,PGDIR_SHIFT+PAGE_SHIFT 468(p7) shr.u r21=r21,PGDIR_SHIFT+PAGE_SHIFT-3 469 ;; 470(p6) dep r17=r18,r19,3,(PAGE_SHIFT-3) // r17=pgd_offset for region 5 471(p7) dep r17=r18,r17,3,(PAGE_SHIFT-6) // r17=pgd_offset for region[0-4] 472 cmp.eq p7,p6=0,r21 // unused address bits all zeroes? 473#ifdef CONFIG_PGTABLE_4 474 shr.u r18=r22,PUD_SHIFT // shift pud index into position 475#else 476 shr.u r18=r22,PMD_SHIFT // shift pmd index into position 477#endif 478 ;; 479 ld8 r17=[r17] // get *pgd (may be 0) 480 ;; 481(p7) cmp.eq p6,p7=r17,r0 // was pgd_present(*pgd) == NULL? 482 dep r17=r18,r17,3,(PAGE_SHIFT-3) // r17=p[u|m]d_offset(pgd,addr) 483 ;; 484#ifdef CONFIG_PGTABLE_4 485(p7) ld8 r17=[r17] // get *pud (may be 0) 486 shr.u r18=r22,PMD_SHIFT // shift pmd index into position 487 ;; 488(p7) cmp.eq.or.andcm p6,p7=r17,r0 // was pud_present(*pud) == NULL? 489 dep r17=r18,r17,3,(PAGE_SHIFT-3) // r17=pmd_offset(pud,addr) 490 ;; 491#endif 492(p7) ld8 r17=[r17] // get *pmd (may be 0) 493 shr.u r19=r22,PAGE_SHIFT // shift pte index into position 494 ;; 495(p7) cmp.eq.or.andcm p6,p7=r17,r0 // was pmd_present(*pmd) == NULL? 496 dep r17=r19,r17,3,(PAGE_SHIFT-3) // r17=pte_offset(pmd,addr); 497(p6) br.cond.spnt page_fault 498 mov b0=r30 499 br.sptk.many b0 // return to continuation point 500END(nested_dtlb_miss) 501 502 .org ia64_ivt+0x1800 503///////////////////////////////////////////////////////////////////////////////////////// 504// 0x1800 Entry 6 (size 64 bundles) Instruction Key Miss (24) 505ENTRY(ikey_miss) 506 DBG_FAULT(6) 507 FAULT(6) 508END(ikey_miss) 509 510 //----------------------------------------------------------------------------------- 511 // call do_page_fault (predicates are in r31, psr.dt may be off, r16 is faulting address) 512ENTRY(page_fault) 513 ssm psr.dt 514 ;; 515 srlz.i 516 ;; 517 SAVE_MIN_WITH_COVER 518 alloc r15=ar.pfs,0,0,3,0 519 mov out0=cr.ifa 520 mov out1=cr.isr 521 adds r3=8,r2 // set up second base pointer 522 ;; 523 ssm psr.ic | PSR_DEFAULT_BITS 524 ;; 525 srlz.i // guarantee that interruption collectin is on 526 ;; 527(p15) ssm psr.i // restore psr.i 528 movl r14=ia64_leave_kernel 529 ;; 530 SAVE_REST 531 mov rp=r14 532 ;; 533 adds out2=16,r12 // out2 = pointer to pt_regs 534 br.call.sptk.many b6=ia64_do_page_fault // ignore return address 535END(page_fault) 536 537 .org ia64_ivt+0x1c00 538///////////////////////////////////////////////////////////////////////////////////////// 539// 0x1c00 Entry 7 (size 64 bundles) Data Key Miss (12,51) 540ENTRY(dkey_miss) 541 DBG_FAULT(7) 542 FAULT(7) 543END(dkey_miss) 544 545 .org ia64_ivt+0x2000 546///////////////////////////////////////////////////////////////////////////////////////// 547// 0x2000 Entry 8 (size 64 bundles) Dirty-bit (54) 548ENTRY(dirty_bit) 549 DBG_FAULT(8) 550 /* 551 * What we do here is to simply turn on the dirty bit in the PTE. We need to 552 * update both the page-table and the TLB entry. To efficiently access the PTE, 553 * we address it through the virtual page table. Most likely, the TLB entry for 554 * the relevant virtual page table page is still present in the TLB so we can 555 * normally do this without additional TLB misses. In case the necessary virtual 556 * page table TLB entry isn't present, we take a nested TLB miss hit where we look 557 * up the physical address of the L3 PTE and then continue at label 1 below. 558 */ 559 mov r16=cr.ifa // get the address that caused the fault 560 movl r30=1f // load continuation point in case of nested fault 561 ;; 562 thash r17=r16 // compute virtual address of L3 PTE 563 mov r29=b0 // save b0 in case of nested fault 564 mov r31=pr // save pr 565#ifdef CONFIG_SMP 566 mov r28=ar.ccv // save ar.ccv 567 ;; 5681: ld8 r18=[r17] 569 ;; // avoid RAW on r18 570 mov ar.ccv=r18 // set compare value for cmpxchg 571 or r25=_PAGE_D|_PAGE_A,r18 // set the dirty and accessed bits 572 tbit.z p7,p6 = r18,_PAGE_P_BIT // Check present bit 573 ;; 574(p6) cmpxchg8.acq r26=[r17],r25,ar.ccv // Only update if page is present 575 mov r24=PAGE_SHIFT<<2 576 ;; 577(p6) cmp.eq p6,p7=r26,r18 // Only compare if page is present 578 ;; 579(p6) itc.d r25 // install updated PTE 580 ;; 581 /* 582 * Tell the assemblers dependency-violation checker that the above "itc" instructions 583 * cannot possibly affect the following loads: 584 */ 585 dv_serialize_data 586 587 ld8 r18=[r17] // read PTE again 588 ;; 589 cmp.eq p6,p7=r18,r25 // is it same as the newly installed 590 ;; 591(p7) ptc.l r16,r24 592 mov b0=r29 // restore b0 593 mov ar.ccv=r28 594#else 595 ;; 5961: ld8 r18=[r17] 597 ;; // avoid RAW on r18 598 or r18=_PAGE_D|_PAGE_A,r18 // set the dirty and accessed bits 599 mov b0=r29 // restore b0 600 ;; 601 st8 [r17]=r18 // store back updated PTE 602 itc.d r18 // install updated PTE 603#endif 604 mov pr=r31,-1 // restore pr 605 rfi 606END(dirty_bit) 607 608 .org ia64_ivt+0x2400 609///////////////////////////////////////////////////////////////////////////////////////// 610// 0x2400 Entry 9 (size 64 bundles) Instruction Access-bit (27) 611ENTRY(iaccess_bit) 612 DBG_FAULT(9) 613 // Like Entry 8, except for instruction access 614 mov r16=cr.ifa // get the address that caused the fault 615 movl r30=1f // load continuation point in case of nested fault 616 mov r31=pr // save predicates 617#ifdef CONFIG_ITANIUM 618 /* 619 * Erratum 10 (IFA may contain incorrect address) has "NoFix" status. 620 */ 621 mov r17=cr.ipsr 622 ;; 623 mov r18=cr.iip 624 tbit.z p6,p0=r17,IA64_PSR_IS_BIT // IA64 instruction set? 625 ;; 626(p6) mov r16=r18 // if so, use cr.iip instead of cr.ifa 627#endif /* CONFIG_ITANIUM */ 628 ;; 629 thash r17=r16 // compute virtual address of L3 PTE 630 mov r29=b0 // save b0 in case of nested fault) 631#ifdef CONFIG_SMP 632 mov r28=ar.ccv // save ar.ccv 633 ;; 6341: ld8 r18=[r17] 635 ;; 636 mov ar.ccv=r18 // set compare value for cmpxchg 637 or r25=_PAGE_A,r18 // set the accessed bit 638 tbit.z p7,p6 = r18,_PAGE_P_BIT // Check present bit 639 ;; 640(p6) cmpxchg8.acq r26=[r17],r25,ar.ccv // Only if page present 641 mov r24=PAGE_SHIFT<<2 642 ;; 643(p6) cmp.eq p6,p7=r26,r18 // Only if page present 644 ;; 645(p6) itc.i r25 // install updated PTE 646 ;; 647 /* 648 * Tell the assemblers dependency-violation checker that the above "itc" instructions 649 * cannot possibly affect the following loads: 650 */ 651 dv_serialize_data 652 653 ld8 r18=[r17] // read PTE again 654 ;; 655 cmp.eq p6,p7=r18,r25 // is it same as the newly installed 656 ;; 657(p7) ptc.l r16,r24 658 mov b0=r29 // restore b0 659 mov ar.ccv=r28 660#else /* !CONFIG_SMP */ 661 ;; 6621: ld8 r18=[r17] 663 ;; 664 or r18=_PAGE_A,r18 // set the accessed bit 665 mov b0=r29 // restore b0 666 ;; 667 st8 [r17]=r18 // store back updated PTE 668 itc.i r18 // install updated PTE 669#endif /* !CONFIG_SMP */ 670 mov pr=r31,-1 671 rfi 672END(iaccess_bit) 673 674 .org ia64_ivt+0x2800 675///////////////////////////////////////////////////////////////////////////////////////// 676// 0x2800 Entry 10 (size 64 bundles) Data Access-bit (15,55) 677ENTRY(daccess_bit) 678 DBG_FAULT(10) 679 // Like Entry 8, except for data access 680 mov r16=cr.ifa // get the address that caused the fault 681 movl r30=1f // load continuation point in case of nested fault 682 ;; 683 thash r17=r16 // compute virtual address of L3 PTE 684 mov r31=pr 685 mov r29=b0 // save b0 in case of nested fault) 686#ifdef CONFIG_SMP 687 mov r28=ar.ccv // save ar.ccv 688 ;; 6891: ld8 r18=[r17] 690 ;; // avoid RAW on r18 691 mov ar.ccv=r18 // set compare value for cmpxchg 692 or r25=_PAGE_A,r18 // set the dirty bit 693 tbit.z p7,p6 = r18,_PAGE_P_BIT // Check present bit 694 ;; 695(p6) cmpxchg8.acq r26=[r17],r25,ar.ccv // Only if page is present 696 mov r24=PAGE_SHIFT<<2 697 ;; 698(p6) cmp.eq p6,p7=r26,r18 // Only if page is present 699 ;; 700(p6) itc.d r25 // install updated PTE 701 /* 702 * Tell the assemblers dependency-violation checker that the above "itc" instructions 703 * cannot possibly affect the following loads: 704 */ 705 dv_serialize_data 706 ;; 707 ld8 r18=[r17] // read PTE again 708 ;; 709 cmp.eq p6,p7=r18,r25 // is it same as the newly installed 710 ;; 711(p7) ptc.l r16,r24 712 mov ar.ccv=r28 713#else 714 ;; 7151: ld8 r18=[r17] 716 ;; // avoid RAW on r18 717 or r18=_PAGE_A,r18 // set the accessed bit 718 ;; 719 st8 [r17]=r18 // store back updated PTE 720 itc.d r18 // install updated PTE 721#endif 722 mov b0=r29 // restore b0 723 mov pr=r31,-1 724 rfi 725END(daccess_bit) 726 727 .org ia64_ivt+0x2c00 728///////////////////////////////////////////////////////////////////////////////////////// 729// 0x2c00 Entry 11 (size 64 bundles) Break instruction (33) 730ENTRY(break_fault) 731 /* 732 * The streamlined system call entry/exit paths only save/restore the initial part 733 * of pt_regs. This implies that the callers of system-calls must adhere to the 734 * normal procedure calling conventions. 735 * 736 * Registers to be saved & restored: 737 * CR registers: cr.ipsr, cr.iip, cr.ifs 738 * AR registers: ar.unat, ar.pfs, ar.rsc, ar.rnat, ar.bspstore, ar.fpsr 739 * others: pr, b0, b6, loadrs, r1, r11, r12, r13, r15 740 * Registers to be restored only: 741 * r8-r11: output value from the system call. 742 * 743 * During system call exit, scratch registers (including r15) are modified/cleared 744 * to prevent leaking bits from kernel to user level. 745 */ 746 DBG_FAULT(11) 747 mov.m r16=IA64_KR(CURRENT) // M2 r16 <- current task (12 cyc) 748 mov r29=cr.ipsr // M2 (12 cyc) 749 mov r31=pr // I0 (2 cyc) 750 751 mov r17=cr.iim // M2 (2 cyc) 752 mov.m r27=ar.rsc // M2 (12 cyc) 753 mov r18=__IA64_BREAK_SYSCALL // A 754 755 mov.m ar.rsc=0 // M2 756 mov.m r21=ar.fpsr // M2 (12 cyc) 757 mov r19=b6 // I0 (2 cyc) 758 ;; 759 mov.m r23=ar.bspstore // M2 (12 cyc) 760 mov.m r24=ar.rnat // M2 (5 cyc) 761 mov.i r26=ar.pfs // I0 (2 cyc) 762 763 invala // M0|1 764 nop.m 0 // M 765 mov r20=r1 // A save r1 766 767 nop.m 0 768 movl r30=sys_call_table // X 769 770 mov r28=cr.iip // M2 (2 cyc) 771 cmp.eq p0,p7=r18,r17 // I0 is this a system call? 772(p7) br.cond.spnt non_syscall // B no -> 773 // 774 // From this point on, we are definitely on the syscall-path 775 // and we can use (non-banked) scratch registers. 776 // 777/////////////////////////////////////////////////////////////////////// 778 mov r1=r16 // A move task-pointer to "addl"-addressable reg 779 mov r2=r16 // A setup r2 for ia64_syscall_setup 780 add r9=TI_FLAGS+IA64_TASK_SIZE,r16 // A r9 = ¤t_thread_info()->flags 781 782 adds r16=IA64_TASK_THREAD_ON_USTACK_OFFSET,r16 783 adds r15=-1024,r15 // A subtract 1024 from syscall number 784 mov r3=NR_syscalls - 1 785 ;; 786 ld1.bias r17=[r16] // M0|1 r17 = current->thread.on_ustack flag 787 ld4 r9=[r9] // M0|1 r9 = current_thread_info()->flags 788 extr.u r8=r29,41,2 // I0 extract ei field from cr.ipsr 789 790 shladd r30=r15,3,r30 // A r30 = sys_call_table + 8*(syscall-1024) 791 addl r22=IA64_RBS_OFFSET,r1 // A compute base of RBS 792 cmp.leu p6,p7=r15,r3 // A syscall number in range? 793 ;; 794 795 lfetch.fault.excl.nt1 [r22] // M0|1 prefetch RBS 796(p6) ld8 r30=[r30] // M0|1 load address of syscall entry point 797 tnat.nz.or p7,p0=r15 // I0 is syscall nr a NaT? 798 799 mov.m ar.bspstore=r22 // M2 switch to kernel RBS 800 cmp.eq p8,p9=2,r8 // A isr.ei==2? 801 ;; 802 803(p8) mov r8=0 // A clear ei to 0 804(p7) movl r30=sys_ni_syscall // X 805 806(p8) adds r28=16,r28 // A switch cr.iip to next bundle 807(p9) adds r8=1,r8 // A increment ei to next slot 808 nop.i 0 809 ;; 810 811 mov.m r25=ar.unat // M2 (5 cyc) 812 dep r29=r8,r29,41,2 // I0 insert new ei into cr.ipsr 813 adds r15=1024,r15 // A restore original syscall number 814 // 815 // If any of the above loads miss in L1D, we'll stall here until 816 // the data arrives. 817 // 818/////////////////////////////////////////////////////////////////////// 819 st1 [r16]=r0 // M2|3 clear current->thread.on_ustack flag 820 mov b6=r30 // I0 setup syscall handler branch reg early 821 cmp.eq pKStk,pUStk=r0,r17 // A were we on kernel stacks already? 822 823 and r9=_TIF_SYSCALL_TRACEAUDIT,r9 // A mask trace or audit 824 mov r18=ar.bsp // M2 (12 cyc) 825(pKStk) br.cond.spnt .break_fixup // B we're already in kernel-mode -- fix up RBS 826 ;; 827.back_from_break_fixup: 828(pUStk) addl r1=IA64_STK_OFFSET-IA64_PT_REGS_SIZE,r1 // A compute base of memory stack 829 cmp.eq p14,p0=r9,r0 // A are syscalls being traced/audited? 830 br.call.sptk.many b7=ia64_syscall_setup // B 8311: 832 mov ar.rsc=0x3 // M2 set eager mode, pl 0, LE, loadrs=0 833 nop 0 834 bsw.1 // B (6 cyc) regs are saved, switch to bank 1 835 ;; 836 837 ssm psr.ic | PSR_DEFAULT_BITS // M2 now it's safe to re-enable intr.-collection 838 movl r3=ia64_ret_from_syscall // X 839 ;; 840 841 srlz.i // M0 ensure interruption collection is on 842 mov rp=r3 // I0 set the real return addr 843(p10) br.cond.spnt.many ia64_ret_from_syscall // B return if bad call-frame or r15 is a NaT 844 845(p15) ssm psr.i // M2 restore psr.i 846(p14) br.call.sptk.many b6=b6 // B invoke syscall-handker (ignore return addr) 847 br.cond.spnt.many ia64_trace_syscall // B do syscall-tracing thingamagic 848 // NOT REACHED 849/////////////////////////////////////////////////////////////////////// 850 // On entry, we optimistically assumed that we're coming from user-space. 851 // For the rare cases where a system-call is done from within the kernel, 852 // we fix things up at this point: 853.break_fixup: 854 add r1=-IA64_PT_REGS_SIZE,sp // A allocate space for pt_regs structure 855 mov ar.rnat=r24 // M2 restore kernel's AR.RNAT 856 ;; 857 mov ar.bspstore=r23 // M2 restore kernel's AR.BSPSTORE 858 br.cond.sptk .back_from_break_fixup 859END(break_fault) 860 861 .org ia64_ivt+0x3000 862///////////////////////////////////////////////////////////////////////////////////////// 863// 0x3000 Entry 12 (size 64 bundles) External Interrupt (4) 864ENTRY(interrupt) 865 DBG_FAULT(12) 866 mov r31=pr // prepare to save predicates 867 ;; 868 SAVE_MIN_WITH_COVER // uses r31; defines r2 and r3 869 ssm psr.ic | PSR_DEFAULT_BITS 870 ;; 871 adds r3=8,r2 // set up second base pointer for SAVE_REST 872 srlz.i // ensure everybody knows psr.ic is back on 873 ;; 874 SAVE_REST 875 ;; 876 MCA_RECOVER_RANGE(interrupt) 877 alloc r14=ar.pfs,0,0,2,0 // must be first in an insn group 878 mov out0=cr.ivr // pass cr.ivr as first arg 879 add out1=16,sp // pass pointer to pt_regs as second arg 880 ;; 881 srlz.d // make sure we see the effect of cr.ivr 882 movl r14=ia64_leave_kernel 883 ;; 884 mov rp=r14 885 br.call.sptk.many b6=ia64_handle_irq 886END(interrupt) 887 888 .org ia64_ivt+0x3400 889///////////////////////////////////////////////////////////////////////////////////////// 890// 0x3400 Entry 13 (size 64 bundles) Reserved 891 DBG_FAULT(13) 892 FAULT(13) 893 894 .org ia64_ivt+0x3800 895///////////////////////////////////////////////////////////////////////////////////////// 896// 0x3800 Entry 14 (size 64 bundles) Reserved 897 DBG_FAULT(14) 898 FAULT(14) 899 900 /* 901 * There is no particular reason for this code to be here, other than that 902 * there happens to be space here that would go unused otherwise. If this 903 * fault ever gets "unreserved", simply moved the following code to a more 904 * suitable spot... 905 * 906 * ia64_syscall_setup() is a separate subroutine so that it can 907 * allocate stacked registers so it can safely demine any 908 * potential NaT values from the input registers. 909 * 910 * On entry: 911 * - executing on bank 0 or bank 1 register set (doesn't matter) 912 * - r1: stack pointer 913 * - r2: current task pointer 914 * - r3: preserved 915 * - r11: original contents (saved ar.pfs to be saved) 916 * - r12: original contents (sp to be saved) 917 * - r13: original contents (tp to be saved) 918 * - r15: original contents (syscall # to be saved) 919 * - r18: saved bsp (after switching to kernel stack) 920 * - r19: saved b6 921 * - r20: saved r1 (gp) 922 * - r21: saved ar.fpsr 923 * - r22: kernel's register backing store base (krbs_base) 924 * - r23: saved ar.bspstore 925 * - r24: saved ar.rnat 926 * - r25: saved ar.unat 927 * - r26: saved ar.pfs 928 * - r27: saved ar.rsc 929 * - r28: saved cr.iip 930 * - r29: saved cr.ipsr 931 * - r31: saved pr 932 * - b0: original contents (to be saved) 933 * On exit: 934 * - p10: TRUE if syscall is invoked with more than 8 out 935 * registers or r15's Nat is true 936 * - r1: kernel's gp 937 * - r3: preserved (same as on entry) 938 * - r8: -EINVAL if p10 is true 939 * - r12: points to kernel stack 940 * - r13: points to current task 941 * - r14: preserved (same as on entry) 942 * - p13: preserved 943 * - p15: TRUE if interrupts need to be re-enabled 944 * - ar.fpsr: set to kernel settings 945 * - b6: preserved (same as on entry) 946 */ 947GLOBAL_ENTRY(ia64_syscall_setup) 948#if PT(B6) != 0 949# error This code assumes that b6 is the first field in pt_regs. 950#endif 951 st8 [r1]=r19 // save b6 952 add r16=PT(CR_IPSR),r1 // initialize first base pointer 953 add r17=PT(R11),r1 // initialize second base pointer 954 ;; 955 alloc r19=ar.pfs,8,0,0,0 // ensure in0-in7 are writable 956 st8 [r16]=r29,PT(AR_PFS)-PT(CR_IPSR) // save cr.ipsr 957 tnat.nz p8,p0=in0 958 959 st8.spill [r17]=r11,PT(CR_IIP)-PT(R11) // save r11 960 tnat.nz p9,p0=in1 961(pKStk) mov r18=r0 // make sure r18 isn't NaT 962 ;; 963 964 st8 [r16]=r26,PT(CR_IFS)-PT(AR_PFS) // save ar.pfs 965 st8 [r17]=r28,PT(AR_UNAT)-PT(CR_IIP) // save cr.iip 966 mov r28=b0 // save b0 (2 cyc) 967 ;; 968 969 st8 [r17]=r25,PT(AR_RSC)-PT(AR_UNAT) // save ar.unat 970 dep r19=0,r19,38,26 // clear all bits but 0..37 [I0] 971(p8) mov in0=-1 972 ;; 973 974 st8 [r16]=r19,PT(AR_RNAT)-PT(CR_IFS) // store ar.pfs.pfm in cr.ifs 975 extr.u r11=r19,7,7 // I0 // get sol of ar.pfs 976 and r8=0x7f,r19 // A // get sof of ar.pfs 977 978 st8 [r17]=r27,PT(AR_BSPSTORE)-PT(AR_RSC)// save ar.rsc 979 tbit.nz p15,p0=r29,IA64_PSR_I_BIT // I0 980(p9) mov in1=-1 981 ;; 982 983(pUStk) sub r18=r18,r22 // r18=RSE.ndirty*8 984 tnat.nz p10,p0=in2 985 add r11=8,r11 986 ;; 987(pKStk) adds r16=PT(PR)-PT(AR_RNAT),r16 // skip over ar_rnat field 988(pKStk) adds r17=PT(B0)-PT(AR_BSPSTORE),r17 // skip over ar_bspstore field 989 tnat.nz p11,p0=in3 990 ;; 991(p10) mov in2=-1 992 tnat.nz p12,p0=in4 // [I0] 993(p11) mov in3=-1 994 ;; 995(pUStk) st8 [r16]=r24,PT(PR)-PT(AR_RNAT) // save ar.rnat 996(pUStk) st8 [r17]=r23,PT(B0)-PT(AR_BSPSTORE) // save ar.bspstore 997 shl r18=r18,16 // compute ar.rsc to be used for "loadrs" 998 ;; 999 st8 [r16]=r31,PT(LOADRS)-PT(PR) // save predicates 1000 st8 [r17]=r28,PT(R1)-PT(B0) // save b0 1001 tnat.nz p13,p0=in5 // [I0] 1002 ;; 1003 st8 [r16]=r18,PT(R12)-PT(LOADRS) // save ar.rsc value for "loadrs" 1004 st8.spill [r17]=r20,PT(R13)-PT(R1) // save original r1 1005(p12) mov in4=-1 1006 ;; 1007 1008.mem.offset 0,0; st8.spill [r16]=r12,PT(AR_FPSR)-PT(R12) // save r12 1009.mem.offset 8,0; st8.spill [r17]=r13,PT(R15)-PT(R13) // save r13 1010(p13) mov in5=-1 1011 ;; 1012 st8 [r16]=r21,PT(R8)-PT(AR_FPSR) // save ar.fpsr 1013 tnat.nz p13,p0=in6 1014 cmp.lt p10,p9=r11,r8 // frame size can't be more than local+8 1015 ;; 1016 mov r8=1 1017(p9) tnat.nz p10,p0=r15 1018 adds r12=-16,r1 // switch to kernel memory stack (with 16 bytes of scratch) 1019 1020 st8.spill [r17]=r15 // save r15 1021 tnat.nz p8,p0=in7 1022 nop.i 0 1023 1024 mov r13=r2 // establish `current' 1025 movl r1=__gp // establish kernel global pointer 1026 ;; 1027 st8 [r16]=r8 // ensure pt_regs.r8 != 0 (see handle_syscall_error) 1028(p13) mov in6=-1 1029(p8) mov in7=-1 1030 1031 cmp.eq pSys,pNonSys=r0,r0 // set pSys=1, pNonSys=0 1032 movl r17=FPSR_DEFAULT 1033 ;; 1034 mov.m ar.fpsr=r17 // set ar.fpsr to kernel default value 1035(p10) mov r8=-EINVAL 1036 br.ret.sptk.many b7 1037END(ia64_syscall_setup) 1038 1039 .org ia64_ivt+0x3c00 1040///////////////////////////////////////////////////////////////////////////////////////// 1041// 0x3c00 Entry 15 (size 64 bundles) Reserved 1042 DBG_FAULT(15) 1043 FAULT(15) 1044 1045 /* 1046 * Squatting in this space ... 1047 * 1048 * This special case dispatcher for illegal operation faults allows preserved 1049 * registers to be modified through a callback function (asm only) that is handed 1050 * back from the fault handler in r8. Up to three arguments can be passed to the 1051 * callback function by returning an aggregate with the callback as its first 1052 * element, followed by the arguments. 1053 */ 1054ENTRY(dispatch_illegal_op_fault) 1055 .prologue 1056 .body 1057 SAVE_MIN_WITH_COVER 1058 ssm psr.ic | PSR_DEFAULT_BITS 1059 ;; 1060 srlz.i // guarantee that interruption collection is on 1061 ;; 1062(p15) ssm psr.i // restore psr.i 1063 adds r3=8,r2 // set up second base pointer for SAVE_REST 1064 ;; 1065 alloc r14=ar.pfs,0,0,1,0 // must be first in insn group 1066 mov out0=ar.ec 1067 ;; 1068 SAVE_REST 1069 PT_REGS_UNWIND_INFO(0) 1070 ;; 1071 br.call.sptk.many rp=ia64_illegal_op_fault 1072.ret0: ;; 1073 alloc r14=ar.pfs,0,0,3,0 // must be first in insn group 1074 mov out0=r9 1075 mov out1=r10 1076 mov out2=r11 1077 movl r15=ia64_leave_kernel 1078 ;; 1079 mov rp=r15 1080 mov b6=r8 1081 ;; 1082 cmp.ne p6,p0=0,r8 1083(p6) br.call.dpnt.many b6=b6 // call returns to ia64_leave_kernel 1084 br.sptk.many ia64_leave_kernel 1085END(dispatch_illegal_op_fault) 1086 1087 .org ia64_ivt+0x4000 1088///////////////////////////////////////////////////////////////////////////////////////// 1089// 0x4000 Entry 16 (size 64 bundles) Reserved 1090 DBG_FAULT(16) 1091 FAULT(16) 1092 1093 .org ia64_ivt+0x4400 1094///////////////////////////////////////////////////////////////////////////////////////// 1095// 0x4400 Entry 17 (size 64 bundles) Reserved 1096 DBG_FAULT(17) 1097 FAULT(17) 1098 1099ENTRY(non_syscall) 1100 mov ar.rsc=r27 // restore ar.rsc before SAVE_MIN_WITH_COVER 1101 ;; 1102 SAVE_MIN_WITH_COVER 1103 1104 // There is no particular reason for this code to be here, other than that 1105 // there happens to be space here that would go unused otherwise. If this 1106 // fault ever gets "unreserved", simply moved the following code to a more 1107 // suitable spot... 1108 1109 alloc r14=ar.pfs,0,0,2,0 1110 mov out0=cr.iim 1111 add out1=16,sp 1112 adds r3=8,r2 // set up second base pointer for SAVE_REST 1113 1114 ssm psr.ic | PSR_DEFAULT_BITS 1115 ;; 1116 srlz.i // guarantee that interruption collection is on 1117 ;; 1118(p15) ssm psr.i // restore psr.i 1119 movl r15=ia64_leave_kernel 1120 ;; 1121 SAVE_REST 1122 mov rp=r15 1123 ;; 1124 br.call.sptk.many b6=ia64_bad_break // avoid WAW on CFM and ignore return addr 1125END(non_syscall) 1126 1127 .org ia64_ivt+0x4800 1128///////////////////////////////////////////////////////////////////////////////////////// 1129// 0x4800 Entry 18 (size 64 bundles) Reserved 1130 DBG_FAULT(18) 1131 FAULT(18) 1132 1133 /* 1134 * There is no particular reason for this code to be here, other than that 1135 * there happens to be space here that would go unused otherwise. If this 1136 * fault ever gets "unreserved", simply moved the following code to a more 1137 * suitable spot... 1138 */ 1139 1140ENTRY(dispatch_unaligned_handler) 1141 SAVE_MIN_WITH_COVER 1142 ;; 1143 alloc r14=ar.pfs,0,0,2,0 // now it's safe (must be first in insn group!) 1144 mov out0=cr.ifa 1145 adds out1=16,sp 1146 1147 ssm psr.ic | PSR_DEFAULT_BITS 1148 ;; 1149 srlz.i // guarantee that interruption collection is on 1150 ;; 1151(p15) ssm psr.i // restore psr.i 1152 adds r3=8,r2 // set up second base pointer 1153 ;; 1154 SAVE_REST 1155 movl r14=ia64_leave_kernel 1156 ;; 1157 mov rp=r14 1158 br.sptk.many ia64_prepare_handle_unaligned 1159END(dispatch_unaligned_handler) 1160 1161 .org ia64_ivt+0x4c00 1162///////////////////////////////////////////////////////////////////////////////////////// 1163// 0x4c00 Entry 19 (size 64 bundles) Reserved 1164 DBG_FAULT(19) 1165 FAULT(19) 1166 1167 /* 1168 * There is no particular reason for this code to be here, other than that 1169 * there happens to be space here that would go unused otherwise. If this 1170 * fault ever gets "unreserved", simply moved the following code to a more 1171 * suitable spot... 1172 */ 1173 1174ENTRY(dispatch_to_fault_handler) 1175 /* 1176 * Input: 1177 * psr.ic: off 1178 * r19: fault vector number (e.g., 24 for General Exception) 1179 * r31: contains saved predicates (pr) 1180 */ 1181 SAVE_MIN_WITH_COVER_R19 1182 alloc r14=ar.pfs,0,0,5,0 1183 mov out0=r15 1184 mov out1=cr.isr 1185 mov out2=cr.ifa 1186 mov out3=cr.iim 1187 mov out4=cr.itir 1188 ;; 1189 ssm psr.ic | PSR_DEFAULT_BITS 1190 ;; 1191 srlz.i // guarantee that interruption collection is on 1192 ;; 1193(p15) ssm psr.i // restore psr.i 1194 adds r3=8,r2 // set up second base pointer for SAVE_REST 1195 ;; 1196 SAVE_REST 1197 movl r14=ia64_leave_kernel 1198 ;; 1199 mov rp=r14 1200 br.call.sptk.many b6=ia64_fault 1201END(dispatch_to_fault_handler) 1202 1203// 1204// --- End of long entries, Beginning of short entries 1205// 1206 1207 .org ia64_ivt+0x5000 1208///////////////////////////////////////////////////////////////////////////////////////// 1209// 0x5000 Entry 20 (size 16 bundles) Page Not Present (10,22,49) 1210ENTRY(page_not_present) 1211 DBG_FAULT(20) 1212 mov r16=cr.ifa 1213 rsm psr.dt 1214 /* 1215 * The Linux page fault handler doesn't expect non-present pages to be in 1216 * the TLB. Flush the existing entry now, so we meet that expectation. 1217 */ 1218 mov r17=PAGE_SHIFT<<2 1219 ;; 1220 ptc.l r16,r17 1221 ;; 1222 mov r31=pr 1223 srlz.d 1224 br.sptk.many page_fault 1225END(page_not_present) 1226 1227 .org ia64_ivt+0x5100 1228///////////////////////////////////////////////////////////////////////////////////////// 1229// 0x5100 Entry 21 (size 16 bundles) Key Permission (13,25,52) 1230ENTRY(key_permission) 1231 DBG_FAULT(21) 1232 mov r16=cr.ifa 1233 rsm psr.dt 1234 mov r31=pr 1235 ;; 1236 srlz.d 1237 br.sptk.many page_fault 1238END(key_permission) 1239 1240 .org ia64_ivt+0x5200 1241///////////////////////////////////////////////////////////////////////////////////////// 1242// 0x5200 Entry 22 (size 16 bundles) Instruction Access Rights (26) 1243ENTRY(iaccess_rights) 1244 DBG_FAULT(22) 1245 mov r16=cr.ifa 1246 rsm psr.dt 1247 mov r31=pr 1248 ;; 1249 srlz.d 1250 br.sptk.many page_fault 1251END(iaccess_rights) 1252 1253 .org ia64_ivt+0x5300 1254///////////////////////////////////////////////////////////////////////////////////////// 1255// 0x5300 Entry 23 (size 16 bundles) Data Access Rights (14,53) 1256ENTRY(daccess_rights) 1257 DBG_FAULT(23) 1258 mov r16=cr.ifa 1259 rsm psr.dt 1260 mov r31=pr 1261 ;; 1262 srlz.d 1263 br.sptk.many page_fault 1264END(daccess_rights) 1265 1266 .org ia64_ivt+0x5400 1267///////////////////////////////////////////////////////////////////////////////////////// 1268// 0x5400 Entry 24 (size 16 bundles) General Exception (5,32,34,36,38,39) 1269ENTRY(general_exception) 1270 DBG_FAULT(24) 1271 mov r16=cr.isr 1272 mov r31=pr 1273 ;; 1274 cmp4.eq p6,p0=0,r16 1275(p6) br.sptk.many dispatch_illegal_op_fault 1276 ;; 1277 mov r19=24 // fault number 1278 br.sptk.many dispatch_to_fault_handler 1279END(general_exception) 1280 1281 .org ia64_ivt+0x5500 1282///////////////////////////////////////////////////////////////////////////////////////// 1283// 0x5500 Entry 25 (size 16 bundles) Disabled FP-Register (35) 1284ENTRY(disabled_fp_reg) 1285 DBG_FAULT(25) 1286 rsm psr.dfh // ensure we can access fph 1287 ;; 1288 srlz.d 1289 mov r31=pr 1290 mov r19=25 1291 br.sptk.many dispatch_to_fault_handler 1292END(disabled_fp_reg) 1293 1294 .org ia64_ivt+0x5600 1295///////////////////////////////////////////////////////////////////////////////////////// 1296// 0x5600 Entry 26 (size 16 bundles) Nat Consumption (11,23,37,50) 1297ENTRY(nat_consumption) 1298 DBG_FAULT(26) 1299 1300 mov r16=cr.ipsr 1301 mov r17=cr.isr 1302 mov r31=pr // save PR 1303 ;; 1304 and r18=0xf,r17 // r18 = cr.ipsr.code{3:0} 1305 tbit.z p6,p0=r17,IA64_ISR_NA_BIT 1306 ;; 1307 cmp.ne.or p6,p0=IA64_ISR_CODE_LFETCH,r18 1308 dep r16=-1,r16,IA64_PSR_ED_BIT,1 1309(p6) br.cond.spnt 1f // branch if (cr.ispr.na == 0 || cr.ipsr.code{3:0} != LFETCH) 1310 ;; 1311 mov cr.ipsr=r16 // set cr.ipsr.na 1312 mov pr=r31,-1 1313 ;; 1314 rfi 1315 13161: mov pr=r31,-1 1317 ;; 1318 FAULT(26) 1319END(nat_consumption) 1320 1321 .org ia64_ivt+0x5700 1322///////////////////////////////////////////////////////////////////////////////////////// 1323// 0x5700 Entry 27 (size 16 bundles) Speculation (40) 1324ENTRY(speculation_vector) 1325 DBG_FAULT(27) 1326 /* 1327 * A [f]chk.[as] instruction needs to take the branch to the recovery code but 1328 * this part of the architecture is not implemented in hardware on some CPUs, such 1329 * as Itanium. Thus, in general we need to emulate the behavior. IIM contains 1330 * the relative target (not yet sign extended). So after sign extending it we 1331 * simply add it to IIP. We also need to reset the EI field of the IPSR to zero, 1332 * i.e., the slot to restart into. 1333 * 1334 * cr.imm contains zero_ext(imm21) 1335 */ 1336 mov r18=cr.iim 1337 ;; 1338 mov r17=cr.iip 1339 shl r18=r18,43 // put sign bit in position (43=64-21) 1340 ;; 1341 1342 mov r16=cr.ipsr 1343 shr r18=r18,39 // sign extend (39=43-4) 1344 ;; 1345 1346 add r17=r17,r18 // now add the offset 1347 ;; 1348 mov cr.iip=r17 1349 dep r16=0,r16,41,2 // clear EI 1350 ;; 1351 1352 mov cr.ipsr=r16 1353 ;; 1354 1355 rfi // and go back 1356END(speculation_vector) 1357 1358 .org ia64_ivt+0x5800 1359///////////////////////////////////////////////////////////////////////////////////////// 1360// 0x5800 Entry 28 (size 16 bundles) Reserved 1361 DBG_FAULT(28) 1362 FAULT(28) 1363 1364 .org ia64_ivt+0x5900 1365///////////////////////////////////////////////////////////////////////////////////////// 1366// 0x5900 Entry 29 (size 16 bundles) Debug (16,28,56) 1367ENTRY(debug_vector) 1368 DBG_FAULT(29) 1369 FAULT(29) 1370END(debug_vector) 1371 1372 .org ia64_ivt+0x5a00 1373///////////////////////////////////////////////////////////////////////////////////////// 1374// 0x5a00 Entry 30 (size 16 bundles) Unaligned Reference (57) 1375ENTRY(unaligned_access) 1376 DBG_FAULT(30) 1377 mov r31=pr // prepare to save predicates 1378 ;; 1379 br.sptk.many dispatch_unaligned_handler 1380END(unaligned_access) 1381 1382 .org ia64_ivt+0x5b00 1383///////////////////////////////////////////////////////////////////////////////////////// 1384// 0x5b00 Entry 31 (size 16 bundles) Unsupported Data Reference (57) 1385ENTRY(unsupported_data_reference) 1386 DBG_FAULT(31) 1387 FAULT(31) 1388END(unsupported_data_reference) 1389 1390 .org ia64_ivt+0x5c00 1391///////////////////////////////////////////////////////////////////////////////////////// 1392// 0x5c00 Entry 32 (size 16 bundles) Floating-Point Fault (64) 1393ENTRY(floating_point_fault) 1394 DBG_FAULT(32) 1395 FAULT(32) 1396END(floating_point_fault) 1397 1398 .org ia64_ivt+0x5d00 1399///////////////////////////////////////////////////////////////////////////////////////// 1400// 0x5d00 Entry 33 (size 16 bundles) Floating Point Trap (66) 1401ENTRY(floating_point_trap) 1402 DBG_FAULT(33) 1403 FAULT(33) 1404END(floating_point_trap) 1405 1406 .org ia64_ivt+0x5e00 1407///////////////////////////////////////////////////////////////////////////////////////// 1408// 0x5e00 Entry 34 (size 16 bundles) Lower Privilege Transfer Trap (66) 1409ENTRY(lower_privilege_trap) 1410 DBG_FAULT(34) 1411 FAULT(34) 1412END(lower_privilege_trap) 1413 1414 .org ia64_ivt+0x5f00 1415///////////////////////////////////////////////////////////////////////////////////////// 1416// 0x5f00 Entry 35 (size 16 bundles) Taken Branch Trap (68) 1417ENTRY(taken_branch_trap) 1418 DBG_FAULT(35) 1419 FAULT(35) 1420END(taken_branch_trap) 1421 1422 .org ia64_ivt+0x6000 1423///////////////////////////////////////////////////////////////////////////////////////// 1424// 0x6000 Entry 36 (size 16 bundles) Single Step Trap (69) 1425ENTRY(single_step_trap) 1426 DBG_FAULT(36) 1427 FAULT(36) 1428END(single_step_trap) 1429 1430 .org ia64_ivt+0x6100 1431///////////////////////////////////////////////////////////////////////////////////////// 1432// 0x6100 Entry 37 (size 16 bundles) Reserved 1433 DBG_FAULT(37) 1434 FAULT(37) 1435 1436 .org ia64_ivt+0x6200 1437///////////////////////////////////////////////////////////////////////////////////////// 1438// 0x6200 Entry 38 (size 16 bundles) Reserved 1439 DBG_FAULT(38) 1440 FAULT(38) 1441 1442 .org ia64_ivt+0x6300 1443///////////////////////////////////////////////////////////////////////////////////////// 1444// 0x6300 Entry 39 (size 16 bundles) Reserved 1445 DBG_FAULT(39) 1446 FAULT(39) 1447 1448 .org ia64_ivt+0x6400 1449///////////////////////////////////////////////////////////////////////////////////////// 1450// 0x6400 Entry 40 (size 16 bundles) Reserved 1451 DBG_FAULT(40) 1452 FAULT(40) 1453 1454 .org ia64_ivt+0x6500 1455///////////////////////////////////////////////////////////////////////////////////////// 1456// 0x6500 Entry 41 (size 16 bundles) Reserved 1457 DBG_FAULT(41) 1458 FAULT(41) 1459 1460 .org ia64_ivt+0x6600 1461///////////////////////////////////////////////////////////////////////////////////////// 1462// 0x6600 Entry 42 (size 16 bundles) Reserved 1463 DBG_FAULT(42) 1464 FAULT(42) 1465 1466 .org ia64_ivt+0x6700 1467///////////////////////////////////////////////////////////////////////////////////////// 1468// 0x6700 Entry 43 (size 16 bundles) Reserved 1469 DBG_FAULT(43) 1470 FAULT(43) 1471 1472 .org ia64_ivt+0x6800 1473///////////////////////////////////////////////////////////////////////////////////////// 1474// 0x6800 Entry 44 (size 16 bundles) Reserved 1475 DBG_FAULT(44) 1476 FAULT(44) 1477 1478 .org ia64_ivt+0x6900 1479///////////////////////////////////////////////////////////////////////////////////////// 1480// 0x6900 Entry 45 (size 16 bundles) IA-32 Exeception (17,18,29,41,42,43,44,58,60,61,62,72,73,75,76,77) 1481ENTRY(ia32_exception) 1482 DBG_FAULT(45) 1483 FAULT(45) 1484END(ia32_exception) 1485 1486 .org ia64_ivt+0x6a00 1487///////////////////////////////////////////////////////////////////////////////////////// 1488// 0x6a00 Entry 46 (size 16 bundles) IA-32 Intercept (30,31,59,70,71) 1489ENTRY(ia32_intercept) 1490 DBG_FAULT(46) 1491#ifdef CONFIG_IA32_SUPPORT 1492 mov r31=pr 1493 mov r16=cr.isr 1494 ;; 1495 extr.u r17=r16,16,8 // get ISR.code 1496 mov r18=ar.eflag 1497 mov r19=cr.iim // old eflag value 1498 ;; 1499 cmp.ne p6,p0=2,r17 1500(p6) br.cond.spnt 1f // not a system flag fault 1501 xor r16=r18,r19 1502 ;; 1503 extr.u r17=r16,18,1 // get the eflags.ac bit 1504 ;; 1505 cmp.eq p6,p0=0,r17 1506(p6) br.cond.spnt 1f // eflags.ac bit didn't change 1507 ;; 1508 mov pr=r31,-1 // restore predicate registers 1509 rfi 1510 15111: 1512#endif // CONFIG_IA32_SUPPORT 1513 FAULT(46) 1514END(ia32_intercept) 1515 1516 .org ia64_ivt+0x6b00 1517///////////////////////////////////////////////////////////////////////////////////////// 1518// 0x6b00 Entry 47 (size 16 bundles) IA-32 Interrupt (74) 1519ENTRY(ia32_interrupt) 1520 DBG_FAULT(47) 1521#ifdef CONFIG_IA32_SUPPORT 1522 mov r31=pr 1523 br.sptk.many dispatch_to_ia32_handler 1524#else 1525 FAULT(47) 1526#endif 1527END(ia32_interrupt) 1528 1529 .org ia64_ivt+0x6c00 1530///////////////////////////////////////////////////////////////////////////////////////// 1531// 0x6c00 Entry 48 (size 16 bundles) Reserved 1532 DBG_FAULT(48) 1533 FAULT(48) 1534 1535 .org ia64_ivt+0x6d00 1536///////////////////////////////////////////////////////////////////////////////////////// 1537// 0x6d00 Entry 49 (size 16 bundles) Reserved 1538 DBG_FAULT(49) 1539 FAULT(49) 1540 1541 .org ia64_ivt+0x6e00 1542///////////////////////////////////////////////////////////////////////////////////////// 1543// 0x6e00 Entry 50 (size 16 bundles) Reserved 1544 DBG_FAULT(50) 1545 FAULT(50) 1546 1547 .org ia64_ivt+0x6f00 1548///////////////////////////////////////////////////////////////////////////////////////// 1549// 0x6f00 Entry 51 (size 16 bundles) Reserved 1550 DBG_FAULT(51) 1551 FAULT(51) 1552 1553 .org ia64_ivt+0x7000 1554///////////////////////////////////////////////////////////////////////////////////////// 1555// 0x7000 Entry 52 (size 16 bundles) Reserved 1556 DBG_FAULT(52) 1557 FAULT(52) 1558 1559 .org ia64_ivt+0x7100 1560///////////////////////////////////////////////////////////////////////////////////////// 1561// 0x7100 Entry 53 (size 16 bundles) Reserved 1562 DBG_FAULT(53) 1563 FAULT(53) 1564 1565 .org ia64_ivt+0x7200 1566///////////////////////////////////////////////////////////////////////////////////////// 1567// 0x7200 Entry 54 (size 16 bundles) Reserved 1568 DBG_FAULT(54) 1569 FAULT(54) 1570 1571 .org ia64_ivt+0x7300 1572///////////////////////////////////////////////////////////////////////////////////////// 1573// 0x7300 Entry 55 (size 16 bundles) Reserved 1574 DBG_FAULT(55) 1575 FAULT(55) 1576 1577 .org ia64_ivt+0x7400 1578///////////////////////////////////////////////////////////////////////////////////////// 1579// 0x7400 Entry 56 (size 16 bundles) Reserved 1580 DBG_FAULT(56) 1581 FAULT(56) 1582 1583 .org ia64_ivt+0x7500 1584///////////////////////////////////////////////////////////////////////////////////////// 1585// 0x7500 Entry 57 (size 16 bundles) Reserved 1586 DBG_FAULT(57) 1587 FAULT(57) 1588 1589 .org ia64_ivt+0x7600 1590///////////////////////////////////////////////////////////////////////////////////////// 1591// 0x7600 Entry 58 (size 16 bundles) Reserved 1592 DBG_FAULT(58) 1593 FAULT(58) 1594 1595 .org ia64_ivt+0x7700 1596///////////////////////////////////////////////////////////////////////////////////////// 1597// 0x7700 Entry 59 (size 16 bundles) Reserved 1598 DBG_FAULT(59) 1599 FAULT(59) 1600 1601 .org ia64_ivt+0x7800 1602///////////////////////////////////////////////////////////////////////////////////////// 1603// 0x7800 Entry 60 (size 16 bundles) Reserved 1604 DBG_FAULT(60) 1605 FAULT(60) 1606 1607 .org ia64_ivt+0x7900 1608///////////////////////////////////////////////////////////////////////////////////////// 1609// 0x7900 Entry 61 (size 16 bundles) Reserved 1610 DBG_FAULT(61) 1611 FAULT(61) 1612 1613 .org ia64_ivt+0x7a00 1614///////////////////////////////////////////////////////////////////////////////////////// 1615// 0x7a00 Entry 62 (size 16 bundles) Reserved 1616 DBG_FAULT(62) 1617 FAULT(62) 1618 1619 .org ia64_ivt+0x7b00 1620///////////////////////////////////////////////////////////////////////////////////////// 1621// 0x7b00 Entry 63 (size 16 bundles) Reserved 1622 DBG_FAULT(63) 1623 FAULT(63) 1624 1625 .org ia64_ivt+0x7c00 1626///////////////////////////////////////////////////////////////////////////////////////// 1627// 0x7c00 Entry 64 (size 16 bundles) Reserved 1628 DBG_FAULT(64) 1629 FAULT(64) 1630 1631 .org ia64_ivt+0x7d00 1632///////////////////////////////////////////////////////////////////////////////////////// 1633// 0x7d00 Entry 65 (size 16 bundles) Reserved 1634 DBG_FAULT(65) 1635 FAULT(65) 1636 1637 .org ia64_ivt+0x7e00 1638///////////////////////////////////////////////////////////////////////////////////////// 1639// 0x7e00 Entry 66 (size 16 bundles) Reserved 1640 DBG_FAULT(66) 1641 FAULT(66) 1642 1643 .org ia64_ivt+0x7f00 1644///////////////////////////////////////////////////////////////////////////////////////// 1645// 0x7f00 Entry 67 (size 16 bundles) Reserved 1646 DBG_FAULT(67) 1647 FAULT(67) 1648 1649#ifdef CONFIG_IA32_SUPPORT 1650 1651 /* 1652 * There is no particular reason for this code to be here, other than that 1653 * there happens to be space here that would go unused otherwise. If this 1654 * fault ever gets "unreserved", simply moved the following code to a more 1655 * suitable spot... 1656 */ 1657 1658 // IA32 interrupt entry point 1659 1660ENTRY(dispatch_to_ia32_handler) 1661 SAVE_MIN 1662 ;; 1663 mov r14=cr.isr 1664 ssm psr.ic | PSR_DEFAULT_BITS 1665 ;; 1666 srlz.i // guarantee that interruption collection is on 1667 ;; 1668(p15) ssm psr.i 1669 adds r3=8,r2 // Base pointer for SAVE_REST 1670 ;; 1671 SAVE_REST 1672 ;; 1673 mov r15=0x80 1674 shr r14=r14,16 // Get interrupt number 1675 ;; 1676 cmp.ne p6,p0=r14,r15 1677(p6) br.call.dpnt.many b6=non_ia32_syscall 1678 1679 adds r14=IA64_PT_REGS_R8_OFFSET + 16,sp // 16 byte hole per SW conventions 1680 adds r15=IA64_PT_REGS_R1_OFFSET + 16,sp 1681 ;; 1682 cmp.eq pSys,pNonSys=r0,r0 // set pSys=1, pNonSys=0 1683 ld8 r8=[r14] // get r8 1684 ;; 1685 st8 [r15]=r8 // save original EAX in r1 (IA32 procs don't use the GP) 1686 ;; 1687 alloc r15=ar.pfs,0,0,6,0 // must first in an insn group 1688 ;; 1689 ld4 r8=[r14],8 // r8 == eax (syscall number) 1690 mov r15=IA32_NR_syscalls 1691 ;; 1692 cmp.ltu.unc p6,p7=r8,r15 1693 ld4 out1=[r14],8 // r9 == ecx 1694 ;; 1695 ld4 out2=[r14],8 // r10 == edx 1696 ;; 1697 ld4 out0=[r14] // r11 == ebx 1698 adds r14=(IA64_PT_REGS_R13_OFFSET) + 16,sp 1699 ;; 1700 ld4 out5=[r14],PT(R14)-PT(R13) // r13 == ebp 1701 ;; 1702 ld4 out3=[r14],PT(R15)-PT(R14) // r14 == esi 1703 adds r2=TI_FLAGS+IA64_TASK_SIZE,r13 1704 ;; 1705 ld4 out4=[r14] // r15 == edi 1706 movl r16=ia32_syscall_table 1707 ;; 1708(p6) shladd r16=r8,3,r16 // force ni_syscall if not valid syscall number 1709 ld4 r2=[r2] // r2 = current_thread_info()->flags 1710 ;; 1711 ld8 r16=[r16] 1712 and r2=_TIF_SYSCALL_TRACEAUDIT,r2 // mask trace or audit 1713 ;; 1714 mov b6=r16 1715 movl r15=ia32_ret_from_syscall 1716 cmp.eq p8,p0=r2,r0 1717 ;; 1718 mov rp=r15 1719(p8) br.call.sptk.many b6=b6 1720 br.cond.sptk ia32_trace_syscall 1721 1722non_ia32_syscall: 1723 alloc r15=ar.pfs,0,0,2,0 1724 mov out0=r14 // interrupt # 1725 add out1=16,sp // pointer to pt_regs 1726 ;; // avoid WAW on CFM 1727 br.call.sptk.many rp=ia32_bad_interrupt 1728.ret1: movl r15=ia64_leave_kernel 1729 ;; 1730 mov rp=r15 1731 br.ret.sptk.many rp 1732END(dispatch_to_ia32_handler) 1733 1734#endif /* CONFIG_IA32_SUPPORT */ 1735