1 /* 2 * This file is subject to the terms and conditions of the GNU General Public 3 * License. See the file "COPYING" in the main directory of this archive 4 * for more details. 5 * 6 * Synthesize TLB refill handlers at runtime. 7 * 8 * Copyright (C) 2004, 2005, 2006, 2008 Thiemo Seufer 9 * Copyright (C) 2005, 2007, 2008, 2009 Maciej W. Rozycki 10 * Copyright (C) 2006 Ralf Baechle (ralf@linux-mips.org) 11 * Copyright (C) 2008, 2009 Cavium Networks, Inc. 12 * Copyright (C) 2011 MIPS Technologies, Inc. 13 * 14 * ... and the days got worse and worse and now you see 15 * I've gone completly out of my mind. 16 * 17 * They're coming to take me a away haha 18 * they're coming to take me a away hoho hihi haha 19 * to the funny farm where code is beautiful all the time ... 20 * 21 * (Condolences to Napoleon XIV) 22 */ 23 24 #include <linux/bug.h> 25 #include <linux/kernel.h> 26 #include <linux/types.h> 27 #include <linux/smp.h> 28 #include <linux/string.h> 29 #include <linux/init.h> 30 #include <linux/cache.h> 31 32 #include <asm/cacheflush.h> 33 #include <asm/pgtable.h> 34 #include <asm/war.h> 35 #include <asm/uasm.h> 36 #include <asm/setup.h> 37 38 /* 39 * TLB load/store/modify handlers. 40 * 41 * Only the fastpath gets synthesized at runtime, the slowpath for 42 * do_page_fault remains normal asm. 43 */ 44 extern void tlb_do_page_fault_0(void); 45 extern void tlb_do_page_fault_1(void); 46 47 struct work_registers { 48 int r1; 49 int r2; 50 int r3; 51 }; 52 53 struct tlb_reg_save { 54 unsigned long a; 55 unsigned long b; 56 } ____cacheline_aligned_in_smp; 57 58 static struct tlb_reg_save handler_reg_save[NR_CPUS]; 59 60 static inline int r45k_bvahwbug(void) 61 { 62 /* XXX: We should probe for the presence of this bug, but we don't. */ 63 return 0; 64 } 65 66 static inline int r4k_250MHZhwbug(void) 67 { 68 /* XXX: We should probe for the presence of this bug, but we don't. */ 69 return 0; 70 } 71 72 static inline int __maybe_unused bcm1250_m3_war(void) 73 { 74 return BCM1250_M3_WAR; 75 } 76 77 static inline int __maybe_unused r10000_llsc_war(void) 78 { 79 return R10000_LLSC_WAR; 80 } 81 82 static int use_bbit_insns(void) 83 { 84 switch (current_cpu_type()) { 85 case CPU_CAVIUM_OCTEON: 86 case CPU_CAVIUM_OCTEON_PLUS: 87 case CPU_CAVIUM_OCTEON2: 88 case CPU_CAVIUM_OCTEON3: 89 return 1; 90 default: 91 return 0; 92 } 93 } 94 95 static int use_lwx_insns(void) 96 { 97 switch (current_cpu_type()) { 98 case CPU_CAVIUM_OCTEON2: 99 case CPU_CAVIUM_OCTEON3: 100 return 1; 101 default: 102 return 0; 103 } 104 } 105 #if defined(CONFIG_CAVIUM_OCTEON_CVMSEG_SIZE) && \ 106 CONFIG_CAVIUM_OCTEON_CVMSEG_SIZE > 0 107 static bool scratchpad_available(void) 108 { 109 return true; 110 } 111 static int scratchpad_offset(int i) 112 { 113 /* 114 * CVMSEG starts at address -32768 and extends for 115 * CAVIUM_OCTEON_CVMSEG_SIZE 128 byte cache lines. 116 */ 117 i += 1; /* Kernel use starts at the top and works down. */ 118 return CONFIG_CAVIUM_OCTEON_CVMSEG_SIZE * 128 - (8 * i) - 32768; 119 } 120 #else 121 static bool scratchpad_available(void) 122 { 123 return false; 124 } 125 static int scratchpad_offset(int i) 126 { 127 BUG(); 128 /* Really unreachable, but evidently some GCC want this. */ 129 return 0; 130 } 131 #endif 132 /* 133 * Found by experiment: At least some revisions of the 4kc throw under 134 * some circumstances a machine check exception, triggered by invalid 135 * values in the index register. Delaying the tlbp instruction until 136 * after the next branch, plus adding an additional nop in front of 137 * tlbwi/tlbwr avoids the invalid index register values. Nobody knows 138 * why; it's not an issue caused by the core RTL. 139 * 140 */ 141 static int m4kc_tlbp_war(void) 142 { 143 return (current_cpu_data.processor_id & 0xffff00) == 144 (PRID_COMP_MIPS | PRID_IMP_4KC); 145 } 146 147 /* Handle labels (which must be positive integers). */ 148 enum label_id { 149 label_second_part = 1, 150 label_leave, 151 label_vmalloc, 152 label_vmalloc_done, 153 label_tlbw_hazard_0, 154 label_split = label_tlbw_hazard_0 + 8, 155 label_tlbl_goaround1, 156 label_tlbl_goaround2, 157 label_nopage_tlbl, 158 label_nopage_tlbs, 159 label_nopage_tlbm, 160 label_smp_pgtable_change, 161 label_r3000_write_probe_fail, 162 label_large_segbits_fault, 163 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 164 label_tlb_huge_update, 165 #endif 166 }; 167 168 UASM_L_LA(_second_part) 169 UASM_L_LA(_leave) 170 UASM_L_LA(_vmalloc) 171 UASM_L_LA(_vmalloc_done) 172 /* _tlbw_hazard_x is handled differently. */ 173 UASM_L_LA(_split) 174 UASM_L_LA(_tlbl_goaround1) 175 UASM_L_LA(_tlbl_goaround2) 176 UASM_L_LA(_nopage_tlbl) 177 UASM_L_LA(_nopage_tlbs) 178 UASM_L_LA(_nopage_tlbm) 179 UASM_L_LA(_smp_pgtable_change) 180 UASM_L_LA(_r3000_write_probe_fail) 181 UASM_L_LA(_large_segbits_fault) 182 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 183 UASM_L_LA(_tlb_huge_update) 184 #endif 185 186 static int hazard_instance; 187 188 static void uasm_bgezl_hazard(u32 **p, struct uasm_reloc **r, int instance) 189 { 190 switch (instance) { 191 case 0 ... 7: 192 uasm_il_bgezl(p, r, 0, label_tlbw_hazard_0 + instance); 193 return; 194 default: 195 BUG(); 196 } 197 } 198 199 static void uasm_bgezl_label(struct uasm_label **l, u32 **p, int instance) 200 { 201 switch (instance) { 202 case 0 ... 7: 203 uasm_build_label(l, *p, label_tlbw_hazard_0 + instance); 204 break; 205 default: 206 BUG(); 207 } 208 } 209 210 /* 211 * pgtable bits are assigned dynamically depending on processor feature 212 * and statically based on kernel configuration. This spits out the actual 213 * values the kernel is using. Required to make sense from disassembled 214 * TLB exception handlers. 215 */ 216 static void output_pgtable_bits_defines(void) 217 { 218 #define pr_define(fmt, ...) \ 219 pr_debug("#define " fmt, ##__VA_ARGS__) 220 221 pr_debug("#include <asm/asm.h>\n"); 222 pr_debug("#include <asm/regdef.h>\n"); 223 pr_debug("\n"); 224 225 pr_define("_PAGE_PRESENT_SHIFT %d\n", _PAGE_PRESENT_SHIFT); 226 pr_define("_PAGE_READ_SHIFT %d\n", _PAGE_READ_SHIFT); 227 pr_define("_PAGE_WRITE_SHIFT %d\n", _PAGE_WRITE_SHIFT); 228 pr_define("_PAGE_ACCESSED_SHIFT %d\n", _PAGE_ACCESSED_SHIFT); 229 pr_define("_PAGE_MODIFIED_SHIFT %d\n", _PAGE_MODIFIED_SHIFT); 230 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 231 pr_define("_PAGE_HUGE_SHIFT %d\n", _PAGE_HUGE_SHIFT); 232 pr_define("_PAGE_SPLITTING_SHIFT %d\n", _PAGE_SPLITTING_SHIFT); 233 #endif 234 if (cpu_has_rixi) { 235 #ifdef _PAGE_NO_EXEC_SHIFT 236 pr_define("_PAGE_NO_EXEC_SHIFT %d\n", _PAGE_NO_EXEC_SHIFT); 237 #endif 238 #ifdef _PAGE_NO_READ_SHIFT 239 pr_define("_PAGE_NO_READ_SHIFT %d\n", _PAGE_NO_READ_SHIFT); 240 #endif 241 } 242 pr_define("_PAGE_GLOBAL_SHIFT %d\n", _PAGE_GLOBAL_SHIFT); 243 pr_define("_PAGE_VALID_SHIFT %d\n", _PAGE_VALID_SHIFT); 244 pr_define("_PAGE_DIRTY_SHIFT %d\n", _PAGE_DIRTY_SHIFT); 245 pr_define("_PFN_SHIFT %d\n", _PFN_SHIFT); 246 pr_debug("\n"); 247 } 248 249 static inline void dump_handler(const char *symbol, const u32 *handler, int count) 250 { 251 int i; 252 253 pr_debug("LEAF(%s)\n", symbol); 254 255 pr_debug("\t.set push\n"); 256 pr_debug("\t.set noreorder\n"); 257 258 for (i = 0; i < count; i++) 259 pr_debug("\t.word\t0x%08x\t\t# %p\n", handler[i], &handler[i]); 260 261 pr_debug("\t.set\tpop\n"); 262 263 pr_debug("\tEND(%s)\n", symbol); 264 } 265 266 /* The only general purpose registers allowed in TLB handlers. */ 267 #define K0 26 268 #define K1 27 269 270 /* Some CP0 registers */ 271 #define C0_INDEX 0, 0 272 #define C0_ENTRYLO0 2, 0 273 #define C0_TCBIND 2, 2 274 #define C0_ENTRYLO1 3, 0 275 #define C0_CONTEXT 4, 0 276 #define C0_PAGEMASK 5, 0 277 #define C0_BADVADDR 8, 0 278 #define C0_ENTRYHI 10, 0 279 #define C0_EPC 14, 0 280 #define C0_XCONTEXT 20, 0 281 282 #ifdef CONFIG_64BIT 283 # define GET_CONTEXT(buf, reg) UASM_i_MFC0(buf, reg, C0_XCONTEXT) 284 #else 285 # define GET_CONTEXT(buf, reg) UASM_i_MFC0(buf, reg, C0_CONTEXT) 286 #endif 287 288 /* The worst case length of the handler is around 18 instructions for 289 * R3000-style TLBs and up to 63 instructions for R4000-style TLBs. 290 * Maximum space available is 32 instructions for R3000 and 64 291 * instructions for R4000. 292 * 293 * We deliberately chose a buffer size of 128, so we won't scribble 294 * over anything important on overflow before we panic. 295 */ 296 static u32 tlb_handler[128]; 297 298 /* simply assume worst case size for labels and relocs */ 299 static struct uasm_label labels[128]; 300 static struct uasm_reloc relocs[128]; 301 302 static int check_for_high_segbits; 303 304 static unsigned int kscratch_used_mask; 305 306 static inline int __maybe_unused c0_kscratch(void) 307 { 308 switch (current_cpu_type()) { 309 case CPU_XLP: 310 case CPU_XLR: 311 return 22; 312 default: 313 return 31; 314 } 315 } 316 317 static int allocate_kscratch(void) 318 { 319 int r; 320 unsigned int a = cpu_data[0].kscratch_mask & ~kscratch_used_mask; 321 322 r = ffs(a); 323 324 if (r == 0) 325 return -1; 326 327 r--; /* make it zero based */ 328 329 kscratch_used_mask |= (1 << r); 330 331 return r; 332 } 333 334 static int scratch_reg; 335 static int pgd_reg; 336 enum vmalloc64_mode {not_refill, refill_scratch, refill_noscratch}; 337 338 static struct work_registers build_get_work_registers(u32 **p) 339 { 340 struct work_registers r; 341 342 int smp_processor_id_reg; 343 int smp_processor_id_sel; 344 int smp_processor_id_shift; 345 346 if (scratch_reg >= 0) { 347 /* Save in CPU local C0_KScratch? */ 348 UASM_i_MTC0(p, 1, c0_kscratch(), scratch_reg); 349 r.r1 = K0; 350 r.r2 = K1; 351 r.r3 = 1; 352 return r; 353 } 354 355 if (num_possible_cpus() > 1) { 356 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 357 smp_processor_id_shift = 51; 358 smp_processor_id_reg = 20; /* XContext */ 359 smp_processor_id_sel = 0; 360 #else 361 # ifdef CONFIG_32BIT 362 smp_processor_id_shift = 25; 363 smp_processor_id_reg = 4; /* Context */ 364 smp_processor_id_sel = 0; 365 # endif 366 # ifdef CONFIG_64BIT 367 smp_processor_id_shift = 26; 368 smp_processor_id_reg = 4; /* Context */ 369 smp_processor_id_sel = 0; 370 # endif 371 #endif 372 /* Get smp_processor_id */ 373 UASM_i_MFC0(p, K0, smp_processor_id_reg, smp_processor_id_sel); 374 UASM_i_SRL_SAFE(p, K0, K0, smp_processor_id_shift); 375 376 /* handler_reg_save index in K0 */ 377 UASM_i_SLL(p, K0, K0, ilog2(sizeof(struct tlb_reg_save))); 378 379 UASM_i_LA(p, K1, (long)&handler_reg_save); 380 UASM_i_ADDU(p, K0, K0, K1); 381 } else { 382 UASM_i_LA(p, K0, (long)&handler_reg_save); 383 } 384 /* K0 now points to save area, save $1 and $2 */ 385 UASM_i_SW(p, 1, offsetof(struct tlb_reg_save, a), K0); 386 UASM_i_SW(p, 2, offsetof(struct tlb_reg_save, b), K0); 387 388 r.r1 = K1; 389 r.r2 = 1; 390 r.r3 = 2; 391 return r; 392 } 393 394 static void build_restore_work_registers(u32 **p) 395 { 396 if (scratch_reg >= 0) { 397 UASM_i_MFC0(p, 1, c0_kscratch(), scratch_reg); 398 return; 399 } 400 /* K0 already points to save area, restore $1 and $2 */ 401 UASM_i_LW(p, 1, offsetof(struct tlb_reg_save, a), K0); 402 UASM_i_LW(p, 2, offsetof(struct tlb_reg_save, b), K0); 403 } 404 405 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT 406 407 /* 408 * CONFIG_MIPS_PGD_C0_CONTEXT implies 64 bit and lack of pgd_current, 409 * we cannot do r3000 under these circumstances. 410 * 411 * Declare pgd_current here instead of including mmu_context.h to avoid type 412 * conflicts for tlbmiss_handler_setup_pgd 413 */ 414 extern unsigned long pgd_current[]; 415 416 /* 417 * The R3000 TLB handler is simple. 418 */ 419 static void build_r3000_tlb_refill_handler(void) 420 { 421 long pgdc = (long)pgd_current; 422 u32 *p; 423 424 memset(tlb_handler, 0, sizeof(tlb_handler)); 425 p = tlb_handler; 426 427 uasm_i_mfc0(&p, K0, C0_BADVADDR); 428 uasm_i_lui(&p, K1, uasm_rel_hi(pgdc)); /* cp0 delay */ 429 uasm_i_lw(&p, K1, uasm_rel_lo(pgdc), K1); 430 uasm_i_srl(&p, K0, K0, 22); /* load delay */ 431 uasm_i_sll(&p, K0, K0, 2); 432 uasm_i_addu(&p, K1, K1, K0); 433 uasm_i_mfc0(&p, K0, C0_CONTEXT); 434 uasm_i_lw(&p, K1, 0, K1); /* cp0 delay */ 435 uasm_i_andi(&p, K0, K0, 0xffc); /* load delay */ 436 uasm_i_addu(&p, K1, K1, K0); 437 uasm_i_lw(&p, K0, 0, K1); 438 uasm_i_nop(&p); /* load delay */ 439 uasm_i_mtc0(&p, K0, C0_ENTRYLO0); 440 uasm_i_mfc0(&p, K1, C0_EPC); /* cp0 delay */ 441 uasm_i_tlbwr(&p); /* cp0 delay */ 442 uasm_i_jr(&p, K1); 443 uasm_i_rfe(&p); /* branch delay */ 444 445 if (p > tlb_handler + 32) 446 panic("TLB refill handler space exceeded"); 447 448 pr_debug("Wrote TLB refill handler (%u instructions).\n", 449 (unsigned int)(p - tlb_handler)); 450 451 memcpy((void *)ebase, tlb_handler, 0x80); 452 453 dump_handler("r3000_tlb_refill", (u32 *)ebase, 32); 454 } 455 #endif /* CONFIG_MIPS_PGD_C0_CONTEXT */ 456 457 /* 458 * The R4000 TLB handler is much more complicated. We have two 459 * consecutive handler areas with 32 instructions space each. 460 * Since they aren't used at the same time, we can overflow in the 461 * other one.To keep things simple, we first assume linear space, 462 * then we relocate it to the final handler layout as needed. 463 */ 464 static u32 final_handler[64]; 465 466 /* 467 * Hazards 468 * 469 * From the IDT errata for the QED RM5230 (Nevada), processor revision 1.0: 470 * 2. A timing hazard exists for the TLBP instruction. 471 * 472 * stalling_instruction 473 * TLBP 474 * 475 * The JTLB is being read for the TLBP throughout the stall generated by the 476 * previous instruction. This is not really correct as the stalling instruction 477 * can modify the address used to access the JTLB. The failure symptom is that 478 * the TLBP instruction will use an address created for the stalling instruction 479 * and not the address held in C0_ENHI and thus report the wrong results. 480 * 481 * The software work-around is to not allow the instruction preceding the TLBP 482 * to stall - make it an NOP or some other instruction guaranteed not to stall. 483 * 484 * Errata 2 will not be fixed. This errata is also on the R5000. 485 * 486 * As if we MIPS hackers wouldn't know how to nop pipelines happy ... 487 */ 488 static void __maybe_unused build_tlb_probe_entry(u32 **p) 489 { 490 switch (current_cpu_type()) { 491 /* Found by experiment: R4600 v2.0/R4700 needs this, too. */ 492 case CPU_R4600: 493 case CPU_R4700: 494 case CPU_R5000: 495 case CPU_NEVADA: 496 uasm_i_nop(p); 497 uasm_i_tlbp(p); 498 break; 499 500 default: 501 uasm_i_tlbp(p); 502 break; 503 } 504 } 505 506 /* 507 * Write random or indexed TLB entry, and care about the hazards from 508 * the preceding mtc0 and for the following eret. 509 */ 510 enum tlb_write_entry { tlb_random, tlb_indexed }; 511 512 static void build_tlb_write_entry(u32 **p, struct uasm_label **l, 513 struct uasm_reloc **r, 514 enum tlb_write_entry wmode) 515 { 516 void(*tlbw)(u32 **) = NULL; 517 518 switch (wmode) { 519 case tlb_random: tlbw = uasm_i_tlbwr; break; 520 case tlb_indexed: tlbw = uasm_i_tlbwi; break; 521 } 522 523 if (cpu_has_mips_r2) { 524 /* 525 * The architecture spec says an ehb is required here, 526 * but a number of cores do not have the hazard and 527 * using an ehb causes an expensive pipeline stall. 528 */ 529 switch (current_cpu_type()) { 530 case CPU_M14KC: 531 case CPU_74K: 532 break; 533 534 default: 535 uasm_i_ehb(p); 536 break; 537 } 538 tlbw(p); 539 return; 540 } 541 542 switch (current_cpu_type()) { 543 case CPU_R4000PC: 544 case CPU_R4000SC: 545 case CPU_R4000MC: 546 case CPU_R4400PC: 547 case CPU_R4400SC: 548 case CPU_R4400MC: 549 /* 550 * This branch uses up a mtc0 hazard nop slot and saves 551 * two nops after the tlbw instruction. 552 */ 553 uasm_bgezl_hazard(p, r, hazard_instance); 554 tlbw(p); 555 uasm_bgezl_label(l, p, hazard_instance); 556 hazard_instance++; 557 uasm_i_nop(p); 558 break; 559 560 case CPU_R4600: 561 case CPU_R4700: 562 uasm_i_nop(p); 563 tlbw(p); 564 uasm_i_nop(p); 565 break; 566 567 case CPU_R5000: 568 case CPU_NEVADA: 569 uasm_i_nop(p); /* QED specifies 2 nops hazard */ 570 uasm_i_nop(p); /* QED specifies 2 nops hazard */ 571 tlbw(p); 572 break; 573 574 case CPU_R4300: 575 case CPU_5KC: 576 case CPU_TX49XX: 577 case CPU_PR4450: 578 case CPU_XLR: 579 uasm_i_nop(p); 580 tlbw(p); 581 break; 582 583 case CPU_R10000: 584 case CPU_R12000: 585 case CPU_R14000: 586 case CPU_4KC: 587 case CPU_4KEC: 588 case CPU_M14KC: 589 case CPU_M14KEC: 590 case CPU_SB1: 591 case CPU_SB1A: 592 case CPU_4KSC: 593 case CPU_20KC: 594 case CPU_25KF: 595 case CPU_BMIPS32: 596 case CPU_BMIPS3300: 597 case CPU_BMIPS4350: 598 case CPU_BMIPS4380: 599 case CPU_BMIPS5000: 600 case CPU_LOONGSON2: 601 case CPU_R5500: 602 if (m4kc_tlbp_war()) 603 uasm_i_nop(p); 604 case CPU_ALCHEMY: 605 tlbw(p); 606 break; 607 608 case CPU_RM7000: 609 uasm_i_nop(p); 610 uasm_i_nop(p); 611 uasm_i_nop(p); 612 uasm_i_nop(p); 613 tlbw(p); 614 break; 615 616 case CPU_VR4111: 617 case CPU_VR4121: 618 case CPU_VR4122: 619 case CPU_VR4181: 620 case CPU_VR4181A: 621 uasm_i_nop(p); 622 uasm_i_nop(p); 623 tlbw(p); 624 uasm_i_nop(p); 625 uasm_i_nop(p); 626 break; 627 628 case CPU_VR4131: 629 case CPU_VR4133: 630 case CPU_R5432: 631 uasm_i_nop(p); 632 uasm_i_nop(p); 633 tlbw(p); 634 break; 635 636 case CPU_JZRISC: 637 tlbw(p); 638 uasm_i_nop(p); 639 break; 640 641 default: 642 panic("No TLB refill handler yet (CPU type: %d)", 643 current_cpu_data.cputype); 644 break; 645 } 646 } 647 648 static __maybe_unused void build_convert_pte_to_entrylo(u32 **p, 649 unsigned int reg) 650 { 651 if (cpu_has_rixi) { 652 UASM_i_ROTR(p, reg, reg, ilog2(_PAGE_GLOBAL)); 653 } else { 654 #ifdef CONFIG_64BIT_PHYS_ADDR 655 uasm_i_dsrl_safe(p, reg, reg, ilog2(_PAGE_GLOBAL)); 656 #else 657 UASM_i_SRL(p, reg, reg, ilog2(_PAGE_GLOBAL)); 658 #endif 659 } 660 } 661 662 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 663 664 static void build_restore_pagemask(u32 **p, struct uasm_reloc **r, 665 unsigned int tmp, enum label_id lid, 666 int restore_scratch) 667 { 668 if (restore_scratch) { 669 /* Reset default page size */ 670 if (PM_DEFAULT_MASK >> 16) { 671 uasm_i_lui(p, tmp, PM_DEFAULT_MASK >> 16); 672 uasm_i_ori(p, tmp, tmp, PM_DEFAULT_MASK & 0xffff); 673 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 674 uasm_il_b(p, r, lid); 675 } else if (PM_DEFAULT_MASK) { 676 uasm_i_ori(p, tmp, 0, PM_DEFAULT_MASK); 677 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 678 uasm_il_b(p, r, lid); 679 } else { 680 uasm_i_mtc0(p, 0, C0_PAGEMASK); 681 uasm_il_b(p, r, lid); 682 } 683 if (scratch_reg >= 0) 684 UASM_i_MFC0(p, 1, c0_kscratch(), scratch_reg); 685 else 686 UASM_i_LW(p, 1, scratchpad_offset(0), 0); 687 } else { 688 /* Reset default page size */ 689 if (PM_DEFAULT_MASK >> 16) { 690 uasm_i_lui(p, tmp, PM_DEFAULT_MASK >> 16); 691 uasm_i_ori(p, tmp, tmp, PM_DEFAULT_MASK & 0xffff); 692 uasm_il_b(p, r, lid); 693 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 694 } else if (PM_DEFAULT_MASK) { 695 uasm_i_ori(p, tmp, 0, PM_DEFAULT_MASK); 696 uasm_il_b(p, r, lid); 697 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 698 } else { 699 uasm_il_b(p, r, lid); 700 uasm_i_mtc0(p, 0, C0_PAGEMASK); 701 } 702 } 703 } 704 705 static void build_huge_tlb_write_entry(u32 **p, struct uasm_label **l, 706 struct uasm_reloc **r, 707 unsigned int tmp, 708 enum tlb_write_entry wmode, 709 int restore_scratch) 710 { 711 /* Set huge page tlb entry size */ 712 uasm_i_lui(p, tmp, PM_HUGE_MASK >> 16); 713 uasm_i_ori(p, tmp, tmp, PM_HUGE_MASK & 0xffff); 714 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 715 716 build_tlb_write_entry(p, l, r, wmode); 717 718 build_restore_pagemask(p, r, tmp, label_leave, restore_scratch); 719 } 720 721 /* 722 * Check if Huge PTE is present, if so then jump to LABEL. 723 */ 724 static void 725 build_is_huge_pte(u32 **p, struct uasm_reloc **r, unsigned int tmp, 726 unsigned int pmd, int lid) 727 { 728 UASM_i_LW(p, tmp, 0, pmd); 729 if (use_bbit_insns()) { 730 uasm_il_bbit1(p, r, tmp, ilog2(_PAGE_HUGE), lid); 731 } else { 732 uasm_i_andi(p, tmp, tmp, _PAGE_HUGE); 733 uasm_il_bnez(p, r, tmp, lid); 734 } 735 } 736 737 static void build_huge_update_entries(u32 **p, unsigned int pte, 738 unsigned int tmp) 739 { 740 int small_sequence; 741 742 /* 743 * A huge PTE describes an area the size of the 744 * configured huge page size. This is twice the 745 * of the large TLB entry size we intend to use. 746 * A TLB entry half the size of the configured 747 * huge page size is configured into entrylo0 748 * and entrylo1 to cover the contiguous huge PTE 749 * address space. 750 */ 751 small_sequence = (HPAGE_SIZE >> 7) < 0x10000; 752 753 /* We can clobber tmp. It isn't used after this.*/ 754 if (!small_sequence) 755 uasm_i_lui(p, tmp, HPAGE_SIZE >> (7 + 16)); 756 757 build_convert_pte_to_entrylo(p, pte); 758 UASM_i_MTC0(p, pte, C0_ENTRYLO0); /* load it */ 759 /* convert to entrylo1 */ 760 if (small_sequence) 761 UASM_i_ADDIU(p, pte, pte, HPAGE_SIZE >> 7); 762 else 763 UASM_i_ADDU(p, pte, pte, tmp); 764 765 UASM_i_MTC0(p, pte, C0_ENTRYLO1); /* load it */ 766 } 767 768 static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r, 769 struct uasm_label **l, 770 unsigned int pte, 771 unsigned int ptr) 772 { 773 #ifdef CONFIG_SMP 774 UASM_i_SC(p, pte, 0, ptr); 775 uasm_il_beqz(p, r, pte, label_tlb_huge_update); 776 UASM_i_LW(p, pte, 0, ptr); /* Needed because SC killed our PTE */ 777 #else 778 UASM_i_SW(p, pte, 0, ptr); 779 #endif 780 build_huge_update_entries(p, pte, ptr); 781 build_huge_tlb_write_entry(p, l, r, pte, tlb_indexed, 0); 782 } 783 #endif /* CONFIG_MIPS_HUGE_TLB_SUPPORT */ 784 785 #ifdef CONFIG_64BIT 786 /* 787 * TMP and PTR are scratch. 788 * TMP will be clobbered, PTR will hold the pmd entry. 789 */ 790 static void 791 build_get_pmde64(u32 **p, struct uasm_label **l, struct uasm_reloc **r, 792 unsigned int tmp, unsigned int ptr) 793 { 794 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT 795 long pgdc = (long)pgd_current; 796 #endif 797 /* 798 * The vmalloc handling is not in the hotpath. 799 */ 800 uasm_i_dmfc0(p, tmp, C0_BADVADDR); 801 802 if (check_for_high_segbits) { 803 /* 804 * The kernel currently implicitely assumes that the 805 * MIPS SEGBITS parameter for the processor is 806 * (PGDIR_SHIFT+PGDIR_BITS) or less, and will never 807 * allocate virtual addresses outside the maximum 808 * range for SEGBITS = (PGDIR_SHIFT+PGDIR_BITS). But 809 * that doesn't prevent user code from accessing the 810 * higher xuseg addresses. Here, we make sure that 811 * everything but the lower xuseg addresses goes down 812 * the module_alloc/vmalloc path. 813 */ 814 uasm_i_dsrl_safe(p, ptr, tmp, PGDIR_SHIFT + PGD_ORDER + PAGE_SHIFT - 3); 815 uasm_il_bnez(p, r, ptr, label_vmalloc); 816 } else { 817 uasm_il_bltz(p, r, tmp, label_vmalloc); 818 } 819 /* No uasm_i_nop needed here, since the next insn doesn't touch TMP. */ 820 821 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 822 if (pgd_reg != -1) { 823 /* pgd is in pgd_reg */ 824 UASM_i_MFC0(p, ptr, c0_kscratch(), pgd_reg); 825 } else { 826 /* 827 * &pgd << 11 stored in CONTEXT [23..63]. 828 */ 829 UASM_i_MFC0(p, ptr, C0_CONTEXT); 830 831 /* Clear lower 23 bits of context. */ 832 uasm_i_dins(p, ptr, 0, 0, 23); 833 834 /* 1 0 1 0 1 << 6 xkphys cached */ 835 uasm_i_ori(p, ptr, ptr, 0x540); 836 uasm_i_drotr(p, ptr, ptr, 11); 837 } 838 #elif defined(CONFIG_SMP) 839 # ifdef CONFIG_MIPS_MT_SMTC 840 /* 841 * SMTC uses TCBind value as "CPU" index 842 */ 843 uasm_i_mfc0(p, ptr, C0_TCBIND); 844 uasm_i_dsrl_safe(p, ptr, ptr, 19); 845 # else 846 /* 847 * 64 bit SMP running in XKPHYS has smp_processor_id() << 3 848 * stored in CONTEXT. 849 */ 850 uasm_i_dmfc0(p, ptr, C0_CONTEXT); 851 uasm_i_dsrl_safe(p, ptr, ptr, 23); 852 # endif 853 UASM_i_LA_mostly(p, tmp, pgdc); 854 uasm_i_daddu(p, ptr, ptr, tmp); 855 uasm_i_dmfc0(p, tmp, C0_BADVADDR); 856 uasm_i_ld(p, ptr, uasm_rel_lo(pgdc), ptr); 857 #else 858 UASM_i_LA_mostly(p, ptr, pgdc); 859 uasm_i_ld(p, ptr, uasm_rel_lo(pgdc), ptr); 860 #endif 861 862 uasm_l_vmalloc_done(l, *p); 863 864 /* get pgd offset in bytes */ 865 uasm_i_dsrl_safe(p, tmp, tmp, PGDIR_SHIFT - 3); 866 867 uasm_i_andi(p, tmp, tmp, (PTRS_PER_PGD - 1)<<3); 868 uasm_i_daddu(p, ptr, ptr, tmp); /* add in pgd offset */ 869 #ifndef __PAGETABLE_PMD_FOLDED 870 uasm_i_dmfc0(p, tmp, C0_BADVADDR); /* get faulting address */ 871 uasm_i_ld(p, ptr, 0, ptr); /* get pmd pointer */ 872 uasm_i_dsrl_safe(p, tmp, tmp, PMD_SHIFT-3); /* get pmd offset in bytes */ 873 uasm_i_andi(p, tmp, tmp, (PTRS_PER_PMD - 1)<<3); 874 uasm_i_daddu(p, ptr, ptr, tmp); /* add in pmd offset */ 875 #endif 876 } 877 878 /* 879 * BVADDR is the faulting address, PTR is scratch. 880 * PTR will hold the pgd for vmalloc. 881 */ 882 static void 883 build_get_pgd_vmalloc64(u32 **p, struct uasm_label **l, struct uasm_reloc **r, 884 unsigned int bvaddr, unsigned int ptr, 885 enum vmalloc64_mode mode) 886 { 887 long swpd = (long)swapper_pg_dir; 888 int single_insn_swpd; 889 int did_vmalloc_branch = 0; 890 891 single_insn_swpd = uasm_in_compat_space_p(swpd) && !uasm_rel_lo(swpd); 892 893 uasm_l_vmalloc(l, *p); 894 895 if (mode != not_refill && check_for_high_segbits) { 896 if (single_insn_swpd) { 897 uasm_il_bltz(p, r, bvaddr, label_vmalloc_done); 898 uasm_i_lui(p, ptr, uasm_rel_hi(swpd)); 899 did_vmalloc_branch = 1; 900 /* fall through */ 901 } else { 902 uasm_il_bgez(p, r, bvaddr, label_large_segbits_fault); 903 } 904 } 905 if (!did_vmalloc_branch) { 906 if (uasm_in_compat_space_p(swpd) && !uasm_rel_lo(swpd)) { 907 uasm_il_b(p, r, label_vmalloc_done); 908 uasm_i_lui(p, ptr, uasm_rel_hi(swpd)); 909 } else { 910 UASM_i_LA_mostly(p, ptr, swpd); 911 uasm_il_b(p, r, label_vmalloc_done); 912 if (uasm_in_compat_space_p(swpd)) 913 uasm_i_addiu(p, ptr, ptr, uasm_rel_lo(swpd)); 914 else 915 uasm_i_daddiu(p, ptr, ptr, uasm_rel_lo(swpd)); 916 } 917 } 918 if (mode != not_refill && check_for_high_segbits) { 919 uasm_l_large_segbits_fault(l, *p); 920 /* 921 * We get here if we are an xsseg address, or if we are 922 * an xuseg address above (PGDIR_SHIFT+PGDIR_BITS) boundary. 923 * 924 * Ignoring xsseg (assume disabled so would generate 925 * (address errors?), the only remaining possibility 926 * is the upper xuseg addresses. On processors with 927 * TLB_SEGBITS <= PGDIR_SHIFT+PGDIR_BITS, these 928 * addresses would have taken an address error. We try 929 * to mimic that here by taking a load/istream page 930 * fault. 931 */ 932 UASM_i_LA(p, ptr, (unsigned long)tlb_do_page_fault_0); 933 uasm_i_jr(p, ptr); 934 935 if (mode == refill_scratch) { 936 if (scratch_reg >= 0) 937 UASM_i_MFC0(p, 1, c0_kscratch(), scratch_reg); 938 else 939 UASM_i_LW(p, 1, scratchpad_offset(0), 0); 940 } else { 941 uasm_i_nop(p); 942 } 943 } 944 } 945 946 #else /* !CONFIG_64BIT */ 947 948 /* 949 * TMP and PTR are scratch. 950 * TMP will be clobbered, PTR will hold the pgd entry. 951 */ 952 static void __maybe_unused 953 build_get_pgde32(u32 **p, unsigned int tmp, unsigned int ptr) 954 { 955 long pgdc = (long)pgd_current; 956 957 /* 32 bit SMP has smp_processor_id() stored in CONTEXT. */ 958 #ifdef CONFIG_SMP 959 #ifdef CONFIG_MIPS_MT_SMTC 960 /* 961 * SMTC uses TCBind value as "CPU" index 962 */ 963 uasm_i_mfc0(p, ptr, C0_TCBIND); 964 UASM_i_LA_mostly(p, tmp, pgdc); 965 uasm_i_srl(p, ptr, ptr, 19); 966 #else 967 /* 968 * smp_processor_id() << 2 is stored in CONTEXT. 969 */ 970 uasm_i_mfc0(p, ptr, C0_CONTEXT); 971 UASM_i_LA_mostly(p, tmp, pgdc); 972 uasm_i_srl(p, ptr, ptr, 23); 973 #endif 974 uasm_i_addu(p, ptr, tmp, ptr); 975 #else 976 UASM_i_LA_mostly(p, ptr, pgdc); 977 #endif 978 uasm_i_mfc0(p, tmp, C0_BADVADDR); /* get faulting address */ 979 uasm_i_lw(p, ptr, uasm_rel_lo(pgdc), ptr); 980 uasm_i_srl(p, tmp, tmp, PGDIR_SHIFT); /* get pgd only bits */ 981 uasm_i_sll(p, tmp, tmp, PGD_T_LOG2); 982 uasm_i_addu(p, ptr, ptr, tmp); /* add in pgd offset */ 983 } 984 985 #endif /* !CONFIG_64BIT */ 986 987 static void build_adjust_context(u32 **p, unsigned int ctx) 988 { 989 unsigned int shift = 4 - (PTE_T_LOG2 + 1) + PAGE_SHIFT - 12; 990 unsigned int mask = (PTRS_PER_PTE / 2 - 1) << (PTE_T_LOG2 + 1); 991 992 switch (current_cpu_type()) { 993 case CPU_VR41XX: 994 case CPU_VR4111: 995 case CPU_VR4121: 996 case CPU_VR4122: 997 case CPU_VR4131: 998 case CPU_VR4181: 999 case CPU_VR4181A: 1000 case CPU_VR4133: 1001 shift += 2; 1002 break; 1003 1004 default: 1005 break; 1006 } 1007 1008 if (shift) 1009 UASM_i_SRL(p, ctx, ctx, shift); 1010 uasm_i_andi(p, ctx, ctx, mask); 1011 } 1012 1013 static void build_get_ptep(u32 **p, unsigned int tmp, unsigned int ptr) 1014 { 1015 /* 1016 * Bug workaround for the Nevada. It seems as if under certain 1017 * circumstances the move from cp0_context might produce a 1018 * bogus result when the mfc0 instruction and its consumer are 1019 * in a different cacheline or a load instruction, probably any 1020 * memory reference, is between them. 1021 */ 1022 switch (current_cpu_type()) { 1023 case CPU_NEVADA: 1024 UASM_i_LW(p, ptr, 0, ptr); 1025 GET_CONTEXT(p, tmp); /* get context reg */ 1026 break; 1027 1028 default: 1029 GET_CONTEXT(p, tmp); /* get context reg */ 1030 UASM_i_LW(p, ptr, 0, ptr); 1031 break; 1032 } 1033 1034 build_adjust_context(p, tmp); 1035 UASM_i_ADDU(p, ptr, ptr, tmp); /* add in offset */ 1036 } 1037 1038 static void build_update_entries(u32 **p, unsigned int tmp, unsigned int ptep) 1039 { 1040 /* 1041 * 64bit address support (36bit on a 32bit CPU) in a 32bit 1042 * Kernel is a special case. Only a few CPUs use it. 1043 */ 1044 #ifdef CONFIG_64BIT_PHYS_ADDR 1045 if (cpu_has_64bits) { 1046 uasm_i_ld(p, tmp, 0, ptep); /* get even pte */ 1047 uasm_i_ld(p, ptep, sizeof(pte_t), ptep); /* get odd pte */ 1048 if (cpu_has_rixi) { 1049 UASM_i_ROTR(p, tmp, tmp, ilog2(_PAGE_GLOBAL)); 1050 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1051 UASM_i_ROTR(p, ptep, ptep, ilog2(_PAGE_GLOBAL)); 1052 } else { 1053 uasm_i_dsrl_safe(p, tmp, tmp, ilog2(_PAGE_GLOBAL)); /* convert to entrylo0 */ 1054 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1055 uasm_i_dsrl_safe(p, ptep, ptep, ilog2(_PAGE_GLOBAL)); /* convert to entrylo1 */ 1056 } 1057 UASM_i_MTC0(p, ptep, C0_ENTRYLO1); /* load it */ 1058 } else { 1059 int pte_off_even = sizeof(pte_t) / 2; 1060 int pte_off_odd = pte_off_even + sizeof(pte_t); 1061 1062 /* The pte entries are pre-shifted */ 1063 uasm_i_lw(p, tmp, pte_off_even, ptep); /* get even pte */ 1064 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1065 uasm_i_lw(p, ptep, pte_off_odd, ptep); /* get odd pte */ 1066 UASM_i_MTC0(p, ptep, C0_ENTRYLO1); /* load it */ 1067 } 1068 #else 1069 UASM_i_LW(p, tmp, 0, ptep); /* get even pte */ 1070 UASM_i_LW(p, ptep, sizeof(pte_t), ptep); /* get odd pte */ 1071 if (r45k_bvahwbug()) 1072 build_tlb_probe_entry(p); 1073 if (cpu_has_rixi) { 1074 UASM_i_ROTR(p, tmp, tmp, ilog2(_PAGE_GLOBAL)); 1075 if (r4k_250MHZhwbug()) 1076 UASM_i_MTC0(p, 0, C0_ENTRYLO0); 1077 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1078 UASM_i_ROTR(p, ptep, ptep, ilog2(_PAGE_GLOBAL)); 1079 } else { 1080 UASM_i_SRL(p, tmp, tmp, ilog2(_PAGE_GLOBAL)); /* convert to entrylo0 */ 1081 if (r4k_250MHZhwbug()) 1082 UASM_i_MTC0(p, 0, C0_ENTRYLO0); 1083 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1084 UASM_i_SRL(p, ptep, ptep, ilog2(_PAGE_GLOBAL)); /* convert to entrylo1 */ 1085 if (r45k_bvahwbug()) 1086 uasm_i_mfc0(p, tmp, C0_INDEX); 1087 } 1088 if (r4k_250MHZhwbug()) 1089 UASM_i_MTC0(p, 0, C0_ENTRYLO1); 1090 UASM_i_MTC0(p, ptep, C0_ENTRYLO1); /* load it */ 1091 #endif 1092 } 1093 1094 struct mips_huge_tlb_info { 1095 int huge_pte; 1096 int restore_scratch; 1097 }; 1098 1099 static struct mips_huge_tlb_info 1100 build_fast_tlb_refill_handler (u32 **p, struct uasm_label **l, 1101 struct uasm_reloc **r, unsigned int tmp, 1102 unsigned int ptr, int c0_scratch_reg) 1103 { 1104 struct mips_huge_tlb_info rv; 1105 unsigned int even, odd; 1106 int vmalloc_branch_delay_filled = 0; 1107 const int scratch = 1; /* Our extra working register */ 1108 1109 rv.huge_pte = scratch; 1110 rv.restore_scratch = 0; 1111 1112 if (check_for_high_segbits) { 1113 UASM_i_MFC0(p, tmp, C0_BADVADDR); 1114 1115 if (pgd_reg != -1) 1116 UASM_i_MFC0(p, ptr, c0_kscratch(), pgd_reg); 1117 else 1118 UASM_i_MFC0(p, ptr, C0_CONTEXT); 1119 1120 if (c0_scratch_reg >= 0) 1121 UASM_i_MTC0(p, scratch, c0_kscratch(), c0_scratch_reg); 1122 else 1123 UASM_i_SW(p, scratch, scratchpad_offset(0), 0); 1124 1125 uasm_i_dsrl_safe(p, scratch, tmp, 1126 PGDIR_SHIFT + PGD_ORDER + PAGE_SHIFT - 3); 1127 uasm_il_bnez(p, r, scratch, label_vmalloc); 1128 1129 if (pgd_reg == -1) { 1130 vmalloc_branch_delay_filled = 1; 1131 /* Clear lower 23 bits of context. */ 1132 uasm_i_dins(p, ptr, 0, 0, 23); 1133 } 1134 } else { 1135 if (pgd_reg != -1) 1136 UASM_i_MFC0(p, ptr, c0_kscratch(), pgd_reg); 1137 else 1138 UASM_i_MFC0(p, ptr, C0_CONTEXT); 1139 1140 UASM_i_MFC0(p, tmp, C0_BADVADDR); 1141 1142 if (c0_scratch_reg >= 0) 1143 UASM_i_MTC0(p, scratch, c0_kscratch(), c0_scratch_reg); 1144 else 1145 UASM_i_SW(p, scratch, scratchpad_offset(0), 0); 1146 1147 if (pgd_reg == -1) 1148 /* Clear lower 23 bits of context. */ 1149 uasm_i_dins(p, ptr, 0, 0, 23); 1150 1151 uasm_il_bltz(p, r, tmp, label_vmalloc); 1152 } 1153 1154 if (pgd_reg == -1) { 1155 vmalloc_branch_delay_filled = 1; 1156 /* 1 0 1 0 1 << 6 xkphys cached */ 1157 uasm_i_ori(p, ptr, ptr, 0x540); 1158 uasm_i_drotr(p, ptr, ptr, 11); 1159 } 1160 1161 #ifdef __PAGETABLE_PMD_FOLDED 1162 #define LOC_PTEP scratch 1163 #else 1164 #define LOC_PTEP ptr 1165 #endif 1166 1167 if (!vmalloc_branch_delay_filled) 1168 /* get pgd offset in bytes */ 1169 uasm_i_dsrl_safe(p, scratch, tmp, PGDIR_SHIFT - 3); 1170 1171 uasm_l_vmalloc_done(l, *p); 1172 1173 /* 1174 * tmp ptr 1175 * fall-through case = badvaddr *pgd_current 1176 * vmalloc case = badvaddr swapper_pg_dir 1177 */ 1178 1179 if (vmalloc_branch_delay_filled) 1180 /* get pgd offset in bytes */ 1181 uasm_i_dsrl_safe(p, scratch, tmp, PGDIR_SHIFT - 3); 1182 1183 #ifdef __PAGETABLE_PMD_FOLDED 1184 GET_CONTEXT(p, tmp); /* get context reg */ 1185 #endif 1186 uasm_i_andi(p, scratch, scratch, (PTRS_PER_PGD - 1) << 3); 1187 1188 if (use_lwx_insns()) { 1189 UASM_i_LWX(p, LOC_PTEP, scratch, ptr); 1190 } else { 1191 uasm_i_daddu(p, ptr, ptr, scratch); /* add in pgd offset */ 1192 uasm_i_ld(p, LOC_PTEP, 0, ptr); /* get pmd pointer */ 1193 } 1194 1195 #ifndef __PAGETABLE_PMD_FOLDED 1196 /* get pmd offset in bytes */ 1197 uasm_i_dsrl_safe(p, scratch, tmp, PMD_SHIFT - 3); 1198 uasm_i_andi(p, scratch, scratch, (PTRS_PER_PMD - 1) << 3); 1199 GET_CONTEXT(p, tmp); /* get context reg */ 1200 1201 if (use_lwx_insns()) { 1202 UASM_i_LWX(p, scratch, scratch, ptr); 1203 } else { 1204 uasm_i_daddu(p, ptr, ptr, scratch); /* add in pmd offset */ 1205 UASM_i_LW(p, scratch, 0, ptr); 1206 } 1207 #endif 1208 /* Adjust the context during the load latency. */ 1209 build_adjust_context(p, tmp); 1210 1211 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1212 uasm_il_bbit1(p, r, scratch, ilog2(_PAGE_HUGE), label_tlb_huge_update); 1213 /* 1214 * The in the LWX case we don't want to do the load in the 1215 * delay slot. It cannot issue in the same cycle and may be 1216 * speculative and unneeded. 1217 */ 1218 if (use_lwx_insns()) 1219 uasm_i_nop(p); 1220 #endif /* CONFIG_MIPS_HUGE_TLB_SUPPORT */ 1221 1222 1223 /* build_update_entries */ 1224 if (use_lwx_insns()) { 1225 even = ptr; 1226 odd = tmp; 1227 UASM_i_LWX(p, even, scratch, tmp); 1228 UASM_i_ADDIU(p, tmp, tmp, sizeof(pte_t)); 1229 UASM_i_LWX(p, odd, scratch, tmp); 1230 } else { 1231 UASM_i_ADDU(p, ptr, scratch, tmp); /* add in offset */ 1232 even = tmp; 1233 odd = ptr; 1234 UASM_i_LW(p, even, 0, ptr); /* get even pte */ 1235 UASM_i_LW(p, odd, sizeof(pte_t), ptr); /* get odd pte */ 1236 } 1237 if (cpu_has_rixi) { 1238 uasm_i_drotr(p, even, even, ilog2(_PAGE_GLOBAL)); 1239 UASM_i_MTC0(p, even, C0_ENTRYLO0); /* load it */ 1240 uasm_i_drotr(p, odd, odd, ilog2(_PAGE_GLOBAL)); 1241 } else { 1242 uasm_i_dsrl_safe(p, even, even, ilog2(_PAGE_GLOBAL)); 1243 UASM_i_MTC0(p, even, C0_ENTRYLO0); /* load it */ 1244 uasm_i_dsrl_safe(p, odd, odd, ilog2(_PAGE_GLOBAL)); 1245 } 1246 UASM_i_MTC0(p, odd, C0_ENTRYLO1); /* load it */ 1247 1248 if (c0_scratch_reg >= 0) { 1249 UASM_i_MFC0(p, scratch, c0_kscratch(), c0_scratch_reg); 1250 build_tlb_write_entry(p, l, r, tlb_random); 1251 uasm_l_leave(l, *p); 1252 rv.restore_scratch = 1; 1253 } else if (PAGE_SHIFT == 14 || PAGE_SHIFT == 13) { 1254 build_tlb_write_entry(p, l, r, tlb_random); 1255 uasm_l_leave(l, *p); 1256 UASM_i_LW(p, scratch, scratchpad_offset(0), 0); 1257 } else { 1258 UASM_i_LW(p, scratch, scratchpad_offset(0), 0); 1259 build_tlb_write_entry(p, l, r, tlb_random); 1260 uasm_l_leave(l, *p); 1261 rv.restore_scratch = 1; 1262 } 1263 1264 uasm_i_eret(p); /* return from trap */ 1265 1266 return rv; 1267 } 1268 1269 /* 1270 * For a 64-bit kernel, we are using the 64-bit XTLB refill exception 1271 * because EXL == 0. If we wrap, we can also use the 32 instruction 1272 * slots before the XTLB refill exception handler which belong to the 1273 * unused TLB refill exception. 1274 */ 1275 #define MIPS64_REFILL_INSNS 32 1276 1277 static void build_r4000_tlb_refill_handler(void) 1278 { 1279 u32 *p = tlb_handler; 1280 struct uasm_label *l = labels; 1281 struct uasm_reloc *r = relocs; 1282 u32 *f; 1283 unsigned int final_len; 1284 struct mips_huge_tlb_info htlb_info __maybe_unused; 1285 enum vmalloc64_mode vmalloc_mode __maybe_unused; 1286 1287 memset(tlb_handler, 0, sizeof(tlb_handler)); 1288 memset(labels, 0, sizeof(labels)); 1289 memset(relocs, 0, sizeof(relocs)); 1290 memset(final_handler, 0, sizeof(final_handler)); 1291 1292 if ((scratch_reg >= 0 || scratchpad_available()) && use_bbit_insns()) { 1293 htlb_info = build_fast_tlb_refill_handler(&p, &l, &r, K0, K1, 1294 scratch_reg); 1295 vmalloc_mode = refill_scratch; 1296 } else { 1297 htlb_info.huge_pte = K0; 1298 htlb_info.restore_scratch = 0; 1299 vmalloc_mode = refill_noscratch; 1300 /* 1301 * create the plain linear handler 1302 */ 1303 if (bcm1250_m3_war()) { 1304 unsigned int segbits = 44; 1305 1306 uasm_i_dmfc0(&p, K0, C0_BADVADDR); 1307 uasm_i_dmfc0(&p, K1, C0_ENTRYHI); 1308 uasm_i_xor(&p, K0, K0, K1); 1309 uasm_i_dsrl_safe(&p, K1, K0, 62); 1310 uasm_i_dsrl_safe(&p, K0, K0, 12 + 1); 1311 uasm_i_dsll_safe(&p, K0, K0, 64 + 12 + 1 - segbits); 1312 uasm_i_or(&p, K0, K0, K1); 1313 uasm_il_bnez(&p, &r, K0, label_leave); 1314 /* No need for uasm_i_nop */ 1315 } 1316 1317 #ifdef CONFIG_64BIT 1318 build_get_pmde64(&p, &l, &r, K0, K1); /* get pmd in K1 */ 1319 #else 1320 build_get_pgde32(&p, K0, K1); /* get pgd in K1 */ 1321 #endif 1322 1323 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1324 build_is_huge_pte(&p, &r, K0, K1, label_tlb_huge_update); 1325 #endif 1326 1327 build_get_ptep(&p, K0, K1); 1328 build_update_entries(&p, K0, K1); 1329 build_tlb_write_entry(&p, &l, &r, tlb_random); 1330 uasm_l_leave(&l, p); 1331 uasm_i_eret(&p); /* return from trap */ 1332 } 1333 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1334 uasm_l_tlb_huge_update(&l, p); 1335 build_huge_update_entries(&p, htlb_info.huge_pte, K1); 1336 build_huge_tlb_write_entry(&p, &l, &r, K0, tlb_random, 1337 htlb_info.restore_scratch); 1338 #endif 1339 1340 #ifdef CONFIG_64BIT 1341 build_get_pgd_vmalloc64(&p, &l, &r, K0, K1, vmalloc_mode); 1342 #endif 1343 1344 /* 1345 * Overflow check: For the 64bit handler, we need at least one 1346 * free instruction slot for the wrap-around branch. In worst 1347 * case, if the intended insertion point is a delay slot, we 1348 * need three, with the second nop'ed and the third being 1349 * unused. 1350 */ 1351 /* Loongson2 ebase is different than r4k, we have more space */ 1352 #if defined(CONFIG_32BIT) || defined(CONFIG_CPU_LOONGSON2) 1353 if ((p - tlb_handler) > 64) 1354 panic("TLB refill handler space exceeded"); 1355 #else 1356 if (((p - tlb_handler) > (MIPS64_REFILL_INSNS * 2) - 1) 1357 || (((p - tlb_handler) > (MIPS64_REFILL_INSNS * 2) - 3) 1358 && uasm_insn_has_bdelay(relocs, 1359 tlb_handler + MIPS64_REFILL_INSNS - 3))) 1360 panic("TLB refill handler space exceeded"); 1361 #endif 1362 1363 /* 1364 * Now fold the handler in the TLB refill handler space. 1365 */ 1366 #if defined(CONFIG_32BIT) || defined(CONFIG_CPU_LOONGSON2) 1367 f = final_handler; 1368 /* Simplest case, just copy the handler. */ 1369 uasm_copy_handler(relocs, labels, tlb_handler, p, f); 1370 final_len = p - tlb_handler; 1371 #else /* CONFIG_64BIT */ 1372 f = final_handler + MIPS64_REFILL_INSNS; 1373 if ((p - tlb_handler) <= MIPS64_REFILL_INSNS) { 1374 /* Just copy the handler. */ 1375 uasm_copy_handler(relocs, labels, tlb_handler, p, f); 1376 final_len = p - tlb_handler; 1377 } else { 1378 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1379 const enum label_id ls = label_tlb_huge_update; 1380 #else 1381 const enum label_id ls = label_vmalloc; 1382 #endif 1383 u32 *split; 1384 int ov = 0; 1385 int i; 1386 1387 for (i = 0; i < ARRAY_SIZE(labels) && labels[i].lab != ls; i++) 1388 ; 1389 BUG_ON(i == ARRAY_SIZE(labels)); 1390 split = labels[i].addr; 1391 1392 /* 1393 * See if we have overflown one way or the other. 1394 */ 1395 if (split > tlb_handler + MIPS64_REFILL_INSNS || 1396 split < p - MIPS64_REFILL_INSNS) 1397 ov = 1; 1398 1399 if (ov) { 1400 /* 1401 * Split two instructions before the end. One 1402 * for the branch and one for the instruction 1403 * in the delay slot. 1404 */ 1405 split = tlb_handler + MIPS64_REFILL_INSNS - 2; 1406 1407 /* 1408 * If the branch would fall in a delay slot, 1409 * we must back up an additional instruction 1410 * so that it is no longer in a delay slot. 1411 */ 1412 if (uasm_insn_has_bdelay(relocs, split - 1)) 1413 split--; 1414 } 1415 /* Copy first part of the handler. */ 1416 uasm_copy_handler(relocs, labels, tlb_handler, split, f); 1417 f += split - tlb_handler; 1418 1419 if (ov) { 1420 /* Insert branch. */ 1421 uasm_l_split(&l, final_handler); 1422 uasm_il_b(&f, &r, label_split); 1423 if (uasm_insn_has_bdelay(relocs, split)) 1424 uasm_i_nop(&f); 1425 else { 1426 uasm_copy_handler(relocs, labels, 1427 split, split + 1, f); 1428 uasm_move_labels(labels, f, f + 1, -1); 1429 f++; 1430 split++; 1431 } 1432 } 1433 1434 /* Copy the rest of the handler. */ 1435 uasm_copy_handler(relocs, labels, split, p, final_handler); 1436 final_len = (f - (final_handler + MIPS64_REFILL_INSNS)) + 1437 (p - split); 1438 } 1439 #endif /* CONFIG_64BIT */ 1440 1441 uasm_resolve_relocs(relocs, labels); 1442 pr_debug("Wrote TLB refill handler (%u instructions).\n", 1443 final_len); 1444 1445 memcpy((void *)ebase, final_handler, 0x100); 1446 1447 dump_handler("r4000_tlb_refill", (u32 *)ebase, 64); 1448 } 1449 1450 extern u32 handle_tlbl[], handle_tlbl_end[]; 1451 extern u32 handle_tlbs[], handle_tlbs_end[]; 1452 extern u32 handle_tlbm[], handle_tlbm_end[]; 1453 1454 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 1455 extern u32 tlbmiss_handler_setup_pgd[], tlbmiss_handler_setup_pgd_end[]; 1456 1457 static void build_r4000_setup_pgd(void) 1458 { 1459 const int a0 = 4; 1460 const int a1 = 5; 1461 u32 *p = tlbmiss_handler_setup_pgd; 1462 const int tlbmiss_handler_setup_pgd_size = 1463 tlbmiss_handler_setup_pgd_end - tlbmiss_handler_setup_pgd; 1464 struct uasm_label *l = labels; 1465 struct uasm_reloc *r = relocs; 1466 1467 memset(tlbmiss_handler_setup_pgd, 0, tlbmiss_handler_setup_pgd_size * 1468 sizeof(tlbmiss_handler_setup_pgd[0])); 1469 memset(labels, 0, sizeof(labels)); 1470 memset(relocs, 0, sizeof(relocs)); 1471 1472 pgd_reg = allocate_kscratch(); 1473 1474 if (pgd_reg == -1) { 1475 /* PGD << 11 in c0_Context */ 1476 /* 1477 * If it is a ckseg0 address, convert to a physical 1478 * address. Shifting right by 29 and adding 4 will 1479 * result in zero for these addresses. 1480 * 1481 */ 1482 UASM_i_SRA(&p, a1, a0, 29); 1483 UASM_i_ADDIU(&p, a1, a1, 4); 1484 uasm_il_bnez(&p, &r, a1, label_tlbl_goaround1); 1485 uasm_i_nop(&p); 1486 uasm_i_dinsm(&p, a0, 0, 29, 64 - 29); 1487 uasm_l_tlbl_goaround1(&l, p); 1488 UASM_i_SLL(&p, a0, a0, 11); 1489 uasm_i_jr(&p, 31); 1490 UASM_i_MTC0(&p, a0, C0_CONTEXT); 1491 } else { 1492 /* PGD in c0_KScratch */ 1493 uasm_i_jr(&p, 31); 1494 UASM_i_MTC0(&p, a0, c0_kscratch(), pgd_reg); 1495 } 1496 if (p >= tlbmiss_handler_setup_pgd_end) 1497 panic("tlbmiss_handler_setup_pgd space exceeded"); 1498 1499 uasm_resolve_relocs(relocs, labels); 1500 pr_debug("Wrote tlbmiss_handler_setup_pgd (%u instructions).\n", 1501 (unsigned int)(p - tlbmiss_handler_setup_pgd)); 1502 1503 dump_handler("tlbmiss_handler", tlbmiss_handler_setup_pgd, 1504 tlbmiss_handler_setup_pgd_size); 1505 } 1506 #endif 1507 1508 static void 1509 iPTE_LW(u32 **p, unsigned int pte, unsigned int ptr) 1510 { 1511 #ifdef CONFIG_SMP 1512 # ifdef CONFIG_64BIT_PHYS_ADDR 1513 if (cpu_has_64bits) 1514 uasm_i_lld(p, pte, 0, ptr); 1515 else 1516 # endif 1517 UASM_i_LL(p, pte, 0, ptr); 1518 #else 1519 # ifdef CONFIG_64BIT_PHYS_ADDR 1520 if (cpu_has_64bits) 1521 uasm_i_ld(p, pte, 0, ptr); 1522 else 1523 # endif 1524 UASM_i_LW(p, pte, 0, ptr); 1525 #endif 1526 } 1527 1528 static void 1529 iPTE_SW(u32 **p, struct uasm_reloc **r, unsigned int pte, unsigned int ptr, 1530 unsigned int mode) 1531 { 1532 #ifdef CONFIG_64BIT_PHYS_ADDR 1533 unsigned int hwmode = mode & (_PAGE_VALID | _PAGE_DIRTY); 1534 #endif 1535 1536 uasm_i_ori(p, pte, pte, mode); 1537 #ifdef CONFIG_SMP 1538 # ifdef CONFIG_64BIT_PHYS_ADDR 1539 if (cpu_has_64bits) 1540 uasm_i_scd(p, pte, 0, ptr); 1541 else 1542 # endif 1543 UASM_i_SC(p, pte, 0, ptr); 1544 1545 if (r10000_llsc_war()) 1546 uasm_il_beqzl(p, r, pte, label_smp_pgtable_change); 1547 else 1548 uasm_il_beqz(p, r, pte, label_smp_pgtable_change); 1549 1550 # ifdef CONFIG_64BIT_PHYS_ADDR 1551 if (!cpu_has_64bits) { 1552 /* no uasm_i_nop needed */ 1553 uasm_i_ll(p, pte, sizeof(pte_t) / 2, ptr); 1554 uasm_i_ori(p, pte, pte, hwmode); 1555 uasm_i_sc(p, pte, sizeof(pte_t) / 2, ptr); 1556 uasm_il_beqz(p, r, pte, label_smp_pgtable_change); 1557 /* no uasm_i_nop needed */ 1558 uasm_i_lw(p, pte, 0, ptr); 1559 } else 1560 uasm_i_nop(p); 1561 # else 1562 uasm_i_nop(p); 1563 # endif 1564 #else 1565 # ifdef CONFIG_64BIT_PHYS_ADDR 1566 if (cpu_has_64bits) 1567 uasm_i_sd(p, pte, 0, ptr); 1568 else 1569 # endif 1570 UASM_i_SW(p, pte, 0, ptr); 1571 1572 # ifdef CONFIG_64BIT_PHYS_ADDR 1573 if (!cpu_has_64bits) { 1574 uasm_i_lw(p, pte, sizeof(pte_t) / 2, ptr); 1575 uasm_i_ori(p, pte, pte, hwmode); 1576 uasm_i_sw(p, pte, sizeof(pte_t) / 2, ptr); 1577 uasm_i_lw(p, pte, 0, ptr); 1578 } 1579 # endif 1580 #endif 1581 } 1582 1583 /* 1584 * Check if PTE is present, if not then jump to LABEL. PTR points to 1585 * the page table where this PTE is located, PTE will be re-loaded 1586 * with it's original value. 1587 */ 1588 static void 1589 build_pte_present(u32 **p, struct uasm_reloc **r, 1590 int pte, int ptr, int scratch, enum label_id lid) 1591 { 1592 int t = scratch >= 0 ? scratch : pte; 1593 1594 if (cpu_has_rixi) { 1595 if (use_bbit_insns()) { 1596 uasm_il_bbit0(p, r, pte, ilog2(_PAGE_PRESENT), lid); 1597 uasm_i_nop(p); 1598 } else { 1599 uasm_i_andi(p, t, pte, _PAGE_PRESENT); 1600 uasm_il_beqz(p, r, t, lid); 1601 if (pte == t) 1602 /* You lose the SMP race :-(*/ 1603 iPTE_LW(p, pte, ptr); 1604 } 1605 } else { 1606 uasm_i_andi(p, t, pte, _PAGE_PRESENT | _PAGE_READ); 1607 uasm_i_xori(p, t, t, _PAGE_PRESENT | _PAGE_READ); 1608 uasm_il_bnez(p, r, t, lid); 1609 if (pte == t) 1610 /* You lose the SMP race :-(*/ 1611 iPTE_LW(p, pte, ptr); 1612 } 1613 } 1614 1615 /* Make PTE valid, store result in PTR. */ 1616 static void 1617 build_make_valid(u32 **p, struct uasm_reloc **r, unsigned int pte, 1618 unsigned int ptr) 1619 { 1620 unsigned int mode = _PAGE_VALID | _PAGE_ACCESSED; 1621 1622 iPTE_SW(p, r, pte, ptr, mode); 1623 } 1624 1625 /* 1626 * Check if PTE can be written to, if not branch to LABEL. Regardless 1627 * restore PTE with value from PTR when done. 1628 */ 1629 static void 1630 build_pte_writable(u32 **p, struct uasm_reloc **r, 1631 unsigned int pte, unsigned int ptr, int scratch, 1632 enum label_id lid) 1633 { 1634 int t = scratch >= 0 ? scratch : pte; 1635 1636 uasm_i_andi(p, t, pte, _PAGE_PRESENT | _PAGE_WRITE); 1637 uasm_i_xori(p, t, t, _PAGE_PRESENT | _PAGE_WRITE); 1638 uasm_il_bnez(p, r, t, lid); 1639 if (pte == t) 1640 /* You lose the SMP race :-(*/ 1641 iPTE_LW(p, pte, ptr); 1642 else 1643 uasm_i_nop(p); 1644 } 1645 1646 /* Make PTE writable, update software status bits as well, then store 1647 * at PTR. 1648 */ 1649 static void 1650 build_make_write(u32 **p, struct uasm_reloc **r, unsigned int pte, 1651 unsigned int ptr) 1652 { 1653 unsigned int mode = (_PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID 1654 | _PAGE_DIRTY); 1655 1656 iPTE_SW(p, r, pte, ptr, mode); 1657 } 1658 1659 /* 1660 * Check if PTE can be modified, if not branch to LABEL. Regardless 1661 * restore PTE with value from PTR when done. 1662 */ 1663 static void 1664 build_pte_modifiable(u32 **p, struct uasm_reloc **r, 1665 unsigned int pte, unsigned int ptr, int scratch, 1666 enum label_id lid) 1667 { 1668 if (use_bbit_insns()) { 1669 uasm_il_bbit0(p, r, pte, ilog2(_PAGE_WRITE), lid); 1670 uasm_i_nop(p); 1671 } else { 1672 int t = scratch >= 0 ? scratch : pte; 1673 uasm_i_andi(p, t, pte, _PAGE_WRITE); 1674 uasm_il_beqz(p, r, t, lid); 1675 if (pte == t) 1676 /* You lose the SMP race :-(*/ 1677 iPTE_LW(p, pte, ptr); 1678 } 1679 } 1680 1681 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT 1682 1683 1684 /* 1685 * R3000 style TLB load/store/modify handlers. 1686 */ 1687 1688 /* 1689 * This places the pte into ENTRYLO0 and writes it with tlbwi. 1690 * Then it returns. 1691 */ 1692 static void 1693 build_r3000_pte_reload_tlbwi(u32 **p, unsigned int pte, unsigned int tmp) 1694 { 1695 uasm_i_mtc0(p, pte, C0_ENTRYLO0); /* cp0 delay */ 1696 uasm_i_mfc0(p, tmp, C0_EPC); /* cp0 delay */ 1697 uasm_i_tlbwi(p); 1698 uasm_i_jr(p, tmp); 1699 uasm_i_rfe(p); /* branch delay */ 1700 } 1701 1702 /* 1703 * This places the pte into ENTRYLO0 and writes it with tlbwi 1704 * or tlbwr as appropriate. This is because the index register 1705 * may have the probe fail bit set as a result of a trap on a 1706 * kseg2 access, i.e. without refill. Then it returns. 1707 */ 1708 static void 1709 build_r3000_tlb_reload_write(u32 **p, struct uasm_label **l, 1710 struct uasm_reloc **r, unsigned int pte, 1711 unsigned int tmp) 1712 { 1713 uasm_i_mfc0(p, tmp, C0_INDEX); 1714 uasm_i_mtc0(p, pte, C0_ENTRYLO0); /* cp0 delay */ 1715 uasm_il_bltz(p, r, tmp, label_r3000_write_probe_fail); /* cp0 delay */ 1716 uasm_i_mfc0(p, tmp, C0_EPC); /* branch delay */ 1717 uasm_i_tlbwi(p); /* cp0 delay */ 1718 uasm_i_jr(p, tmp); 1719 uasm_i_rfe(p); /* branch delay */ 1720 uasm_l_r3000_write_probe_fail(l, *p); 1721 uasm_i_tlbwr(p); /* cp0 delay */ 1722 uasm_i_jr(p, tmp); 1723 uasm_i_rfe(p); /* branch delay */ 1724 } 1725 1726 static void 1727 build_r3000_tlbchange_handler_head(u32 **p, unsigned int pte, 1728 unsigned int ptr) 1729 { 1730 long pgdc = (long)pgd_current; 1731 1732 uasm_i_mfc0(p, pte, C0_BADVADDR); 1733 uasm_i_lui(p, ptr, uasm_rel_hi(pgdc)); /* cp0 delay */ 1734 uasm_i_lw(p, ptr, uasm_rel_lo(pgdc), ptr); 1735 uasm_i_srl(p, pte, pte, 22); /* load delay */ 1736 uasm_i_sll(p, pte, pte, 2); 1737 uasm_i_addu(p, ptr, ptr, pte); 1738 uasm_i_mfc0(p, pte, C0_CONTEXT); 1739 uasm_i_lw(p, ptr, 0, ptr); /* cp0 delay */ 1740 uasm_i_andi(p, pte, pte, 0xffc); /* load delay */ 1741 uasm_i_addu(p, ptr, ptr, pte); 1742 uasm_i_lw(p, pte, 0, ptr); 1743 uasm_i_tlbp(p); /* load delay */ 1744 } 1745 1746 static void build_r3000_tlb_load_handler(void) 1747 { 1748 u32 *p = handle_tlbl; 1749 const int handle_tlbl_size = handle_tlbl_end - handle_tlbl; 1750 struct uasm_label *l = labels; 1751 struct uasm_reloc *r = relocs; 1752 1753 memset(handle_tlbl, 0, handle_tlbl_size * sizeof(handle_tlbl[0])); 1754 memset(labels, 0, sizeof(labels)); 1755 memset(relocs, 0, sizeof(relocs)); 1756 1757 build_r3000_tlbchange_handler_head(&p, K0, K1); 1758 build_pte_present(&p, &r, K0, K1, -1, label_nopage_tlbl); 1759 uasm_i_nop(&p); /* load delay */ 1760 build_make_valid(&p, &r, K0, K1); 1761 build_r3000_tlb_reload_write(&p, &l, &r, K0, K1); 1762 1763 uasm_l_nopage_tlbl(&l, p); 1764 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_0 & 0x0fffffff); 1765 uasm_i_nop(&p); 1766 1767 if (p >= handle_tlbl_end) 1768 panic("TLB load handler fastpath space exceeded"); 1769 1770 uasm_resolve_relocs(relocs, labels); 1771 pr_debug("Wrote TLB load handler fastpath (%u instructions).\n", 1772 (unsigned int)(p - handle_tlbl)); 1773 1774 dump_handler("r3000_tlb_load", handle_tlbl, handle_tlbl_size); 1775 } 1776 1777 static void build_r3000_tlb_store_handler(void) 1778 { 1779 u32 *p = handle_tlbs; 1780 const int handle_tlbs_size = handle_tlbs_end - handle_tlbs; 1781 struct uasm_label *l = labels; 1782 struct uasm_reloc *r = relocs; 1783 1784 memset(handle_tlbs, 0, handle_tlbs_size * sizeof(handle_tlbs[0])); 1785 memset(labels, 0, sizeof(labels)); 1786 memset(relocs, 0, sizeof(relocs)); 1787 1788 build_r3000_tlbchange_handler_head(&p, K0, K1); 1789 build_pte_writable(&p, &r, K0, K1, -1, label_nopage_tlbs); 1790 uasm_i_nop(&p); /* load delay */ 1791 build_make_write(&p, &r, K0, K1); 1792 build_r3000_tlb_reload_write(&p, &l, &r, K0, K1); 1793 1794 uasm_l_nopage_tlbs(&l, p); 1795 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff); 1796 uasm_i_nop(&p); 1797 1798 if (p >= handle_tlbs_end) 1799 panic("TLB store handler fastpath space exceeded"); 1800 1801 uasm_resolve_relocs(relocs, labels); 1802 pr_debug("Wrote TLB store handler fastpath (%u instructions).\n", 1803 (unsigned int)(p - handle_tlbs)); 1804 1805 dump_handler("r3000_tlb_store", handle_tlbs, handle_tlbs_size); 1806 } 1807 1808 static void build_r3000_tlb_modify_handler(void) 1809 { 1810 u32 *p = handle_tlbm; 1811 const int handle_tlbm_size = handle_tlbm_end - handle_tlbm; 1812 struct uasm_label *l = labels; 1813 struct uasm_reloc *r = relocs; 1814 1815 memset(handle_tlbm, 0, handle_tlbm_size * sizeof(handle_tlbm[0])); 1816 memset(labels, 0, sizeof(labels)); 1817 memset(relocs, 0, sizeof(relocs)); 1818 1819 build_r3000_tlbchange_handler_head(&p, K0, K1); 1820 build_pte_modifiable(&p, &r, K0, K1, -1, label_nopage_tlbm); 1821 uasm_i_nop(&p); /* load delay */ 1822 build_make_write(&p, &r, K0, K1); 1823 build_r3000_pte_reload_tlbwi(&p, K0, K1); 1824 1825 uasm_l_nopage_tlbm(&l, p); 1826 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff); 1827 uasm_i_nop(&p); 1828 1829 if (p >= handle_tlbm_end) 1830 panic("TLB modify handler fastpath space exceeded"); 1831 1832 uasm_resolve_relocs(relocs, labels); 1833 pr_debug("Wrote TLB modify handler fastpath (%u instructions).\n", 1834 (unsigned int)(p - handle_tlbm)); 1835 1836 dump_handler("r3000_tlb_modify", handle_tlbm, handle_tlbm_size); 1837 } 1838 #endif /* CONFIG_MIPS_PGD_C0_CONTEXT */ 1839 1840 /* 1841 * R4000 style TLB load/store/modify handlers. 1842 */ 1843 static struct work_registers 1844 build_r4000_tlbchange_handler_head(u32 **p, struct uasm_label **l, 1845 struct uasm_reloc **r) 1846 { 1847 struct work_registers wr = build_get_work_registers(p); 1848 1849 #ifdef CONFIG_64BIT 1850 build_get_pmde64(p, l, r, wr.r1, wr.r2); /* get pmd in ptr */ 1851 #else 1852 build_get_pgde32(p, wr.r1, wr.r2); /* get pgd in ptr */ 1853 #endif 1854 1855 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1856 /* 1857 * For huge tlb entries, pmd doesn't contain an address but 1858 * instead contains the tlb pte. Check the PAGE_HUGE bit and 1859 * see if we need to jump to huge tlb processing. 1860 */ 1861 build_is_huge_pte(p, r, wr.r1, wr.r2, label_tlb_huge_update); 1862 #endif 1863 1864 UASM_i_MFC0(p, wr.r1, C0_BADVADDR); 1865 UASM_i_LW(p, wr.r2, 0, wr.r2); 1866 UASM_i_SRL(p, wr.r1, wr.r1, PAGE_SHIFT + PTE_ORDER - PTE_T_LOG2); 1867 uasm_i_andi(p, wr.r1, wr.r1, (PTRS_PER_PTE - 1) << PTE_T_LOG2); 1868 UASM_i_ADDU(p, wr.r2, wr.r2, wr.r1); 1869 1870 #ifdef CONFIG_SMP 1871 uasm_l_smp_pgtable_change(l, *p); 1872 #endif 1873 iPTE_LW(p, wr.r1, wr.r2); /* get even pte */ 1874 if (!m4kc_tlbp_war()) 1875 build_tlb_probe_entry(p); 1876 return wr; 1877 } 1878 1879 static void 1880 build_r4000_tlbchange_handler_tail(u32 **p, struct uasm_label **l, 1881 struct uasm_reloc **r, unsigned int tmp, 1882 unsigned int ptr) 1883 { 1884 uasm_i_ori(p, ptr, ptr, sizeof(pte_t)); 1885 uasm_i_xori(p, ptr, ptr, sizeof(pte_t)); 1886 build_update_entries(p, tmp, ptr); 1887 build_tlb_write_entry(p, l, r, tlb_indexed); 1888 uasm_l_leave(l, *p); 1889 build_restore_work_registers(p); 1890 uasm_i_eret(p); /* return from trap */ 1891 1892 #ifdef CONFIG_64BIT 1893 build_get_pgd_vmalloc64(p, l, r, tmp, ptr, not_refill); 1894 #endif 1895 } 1896 1897 static void build_r4000_tlb_load_handler(void) 1898 { 1899 u32 *p = handle_tlbl; 1900 const int handle_tlbl_size = handle_tlbl_end - handle_tlbl; 1901 struct uasm_label *l = labels; 1902 struct uasm_reloc *r = relocs; 1903 struct work_registers wr; 1904 1905 memset(handle_tlbl, 0, handle_tlbl_size * sizeof(handle_tlbl[0])); 1906 memset(labels, 0, sizeof(labels)); 1907 memset(relocs, 0, sizeof(relocs)); 1908 1909 if (bcm1250_m3_war()) { 1910 unsigned int segbits = 44; 1911 1912 uasm_i_dmfc0(&p, K0, C0_BADVADDR); 1913 uasm_i_dmfc0(&p, K1, C0_ENTRYHI); 1914 uasm_i_xor(&p, K0, K0, K1); 1915 uasm_i_dsrl_safe(&p, K1, K0, 62); 1916 uasm_i_dsrl_safe(&p, K0, K0, 12 + 1); 1917 uasm_i_dsll_safe(&p, K0, K0, 64 + 12 + 1 - segbits); 1918 uasm_i_or(&p, K0, K0, K1); 1919 uasm_il_bnez(&p, &r, K0, label_leave); 1920 /* No need for uasm_i_nop */ 1921 } 1922 1923 wr = build_r4000_tlbchange_handler_head(&p, &l, &r); 1924 build_pte_present(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbl); 1925 if (m4kc_tlbp_war()) 1926 build_tlb_probe_entry(&p); 1927 1928 if (cpu_has_rixi) { 1929 /* 1930 * If the page is not _PAGE_VALID, RI or XI could not 1931 * have triggered it. Skip the expensive test.. 1932 */ 1933 if (use_bbit_insns()) { 1934 uasm_il_bbit0(&p, &r, wr.r1, ilog2(_PAGE_VALID), 1935 label_tlbl_goaround1); 1936 } else { 1937 uasm_i_andi(&p, wr.r3, wr.r1, _PAGE_VALID); 1938 uasm_il_beqz(&p, &r, wr.r3, label_tlbl_goaround1); 1939 } 1940 uasm_i_nop(&p); 1941 1942 uasm_i_tlbr(&p); 1943 1944 switch (current_cpu_type()) { 1945 default: 1946 if (cpu_has_mips_r2) { 1947 uasm_i_ehb(&p); 1948 1949 case CPU_CAVIUM_OCTEON: 1950 case CPU_CAVIUM_OCTEON_PLUS: 1951 case CPU_CAVIUM_OCTEON2: 1952 break; 1953 } 1954 } 1955 1956 /* Examine entrylo 0 or 1 based on ptr. */ 1957 if (use_bbit_insns()) { 1958 uasm_i_bbit0(&p, wr.r2, ilog2(sizeof(pte_t)), 8); 1959 } else { 1960 uasm_i_andi(&p, wr.r3, wr.r2, sizeof(pte_t)); 1961 uasm_i_beqz(&p, wr.r3, 8); 1962 } 1963 /* load it in the delay slot*/ 1964 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO0); 1965 /* load it if ptr is odd */ 1966 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO1); 1967 /* 1968 * If the entryLo (now in wr.r3) is valid (bit 1), RI or 1969 * XI must have triggered it. 1970 */ 1971 if (use_bbit_insns()) { 1972 uasm_il_bbit1(&p, &r, wr.r3, 1, label_nopage_tlbl); 1973 uasm_i_nop(&p); 1974 uasm_l_tlbl_goaround1(&l, p); 1975 } else { 1976 uasm_i_andi(&p, wr.r3, wr.r3, 2); 1977 uasm_il_bnez(&p, &r, wr.r3, label_nopage_tlbl); 1978 uasm_i_nop(&p); 1979 } 1980 uasm_l_tlbl_goaround1(&l, p); 1981 } 1982 build_make_valid(&p, &r, wr.r1, wr.r2); 1983 build_r4000_tlbchange_handler_tail(&p, &l, &r, wr.r1, wr.r2); 1984 1985 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1986 /* 1987 * This is the entry point when build_r4000_tlbchange_handler_head 1988 * spots a huge page. 1989 */ 1990 uasm_l_tlb_huge_update(&l, p); 1991 iPTE_LW(&p, wr.r1, wr.r2); 1992 build_pte_present(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbl); 1993 build_tlb_probe_entry(&p); 1994 1995 if (cpu_has_rixi) { 1996 /* 1997 * If the page is not _PAGE_VALID, RI or XI could not 1998 * have triggered it. Skip the expensive test.. 1999 */ 2000 if (use_bbit_insns()) { 2001 uasm_il_bbit0(&p, &r, wr.r1, ilog2(_PAGE_VALID), 2002 label_tlbl_goaround2); 2003 } else { 2004 uasm_i_andi(&p, wr.r3, wr.r1, _PAGE_VALID); 2005 uasm_il_beqz(&p, &r, wr.r3, label_tlbl_goaround2); 2006 } 2007 uasm_i_nop(&p); 2008 2009 uasm_i_tlbr(&p); 2010 2011 switch (current_cpu_type()) { 2012 default: 2013 if (cpu_has_mips_r2) { 2014 uasm_i_ehb(&p); 2015 2016 case CPU_CAVIUM_OCTEON: 2017 case CPU_CAVIUM_OCTEON_PLUS: 2018 case CPU_CAVIUM_OCTEON2: 2019 break; 2020 } 2021 } 2022 2023 /* Examine entrylo 0 or 1 based on ptr. */ 2024 if (use_bbit_insns()) { 2025 uasm_i_bbit0(&p, wr.r2, ilog2(sizeof(pte_t)), 8); 2026 } else { 2027 uasm_i_andi(&p, wr.r3, wr.r2, sizeof(pte_t)); 2028 uasm_i_beqz(&p, wr.r3, 8); 2029 } 2030 /* load it in the delay slot*/ 2031 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO0); 2032 /* load it if ptr is odd */ 2033 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO1); 2034 /* 2035 * If the entryLo (now in wr.r3) is valid (bit 1), RI or 2036 * XI must have triggered it. 2037 */ 2038 if (use_bbit_insns()) { 2039 uasm_il_bbit0(&p, &r, wr.r3, 1, label_tlbl_goaround2); 2040 } else { 2041 uasm_i_andi(&p, wr.r3, wr.r3, 2); 2042 uasm_il_beqz(&p, &r, wr.r3, label_tlbl_goaround2); 2043 } 2044 if (PM_DEFAULT_MASK == 0) 2045 uasm_i_nop(&p); 2046 /* 2047 * We clobbered C0_PAGEMASK, restore it. On the other branch 2048 * it is restored in build_huge_tlb_write_entry. 2049 */ 2050 build_restore_pagemask(&p, &r, wr.r3, label_nopage_tlbl, 0); 2051 2052 uasm_l_tlbl_goaround2(&l, p); 2053 } 2054 uasm_i_ori(&p, wr.r1, wr.r1, (_PAGE_ACCESSED | _PAGE_VALID)); 2055 build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2); 2056 #endif 2057 2058 uasm_l_nopage_tlbl(&l, p); 2059 build_restore_work_registers(&p); 2060 #ifdef CONFIG_CPU_MICROMIPS 2061 if ((unsigned long)tlb_do_page_fault_0 & 1) { 2062 uasm_i_lui(&p, K0, uasm_rel_hi((long)tlb_do_page_fault_0)); 2063 uasm_i_addiu(&p, K0, K0, uasm_rel_lo((long)tlb_do_page_fault_0)); 2064 uasm_i_jr(&p, K0); 2065 } else 2066 #endif 2067 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_0 & 0x0fffffff); 2068 uasm_i_nop(&p); 2069 2070 if (p >= handle_tlbl_end) 2071 panic("TLB load handler fastpath space exceeded"); 2072 2073 uasm_resolve_relocs(relocs, labels); 2074 pr_debug("Wrote TLB load handler fastpath (%u instructions).\n", 2075 (unsigned int)(p - handle_tlbl)); 2076 2077 dump_handler("r4000_tlb_load", handle_tlbl, handle_tlbl_size); 2078 } 2079 2080 static void build_r4000_tlb_store_handler(void) 2081 { 2082 u32 *p = handle_tlbs; 2083 const int handle_tlbs_size = handle_tlbs_end - handle_tlbs; 2084 struct uasm_label *l = labels; 2085 struct uasm_reloc *r = relocs; 2086 struct work_registers wr; 2087 2088 memset(handle_tlbs, 0, handle_tlbs_size * sizeof(handle_tlbs[0])); 2089 memset(labels, 0, sizeof(labels)); 2090 memset(relocs, 0, sizeof(relocs)); 2091 2092 wr = build_r4000_tlbchange_handler_head(&p, &l, &r); 2093 build_pte_writable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbs); 2094 if (m4kc_tlbp_war()) 2095 build_tlb_probe_entry(&p); 2096 build_make_write(&p, &r, wr.r1, wr.r2); 2097 build_r4000_tlbchange_handler_tail(&p, &l, &r, wr.r1, wr.r2); 2098 2099 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 2100 /* 2101 * This is the entry point when 2102 * build_r4000_tlbchange_handler_head spots a huge page. 2103 */ 2104 uasm_l_tlb_huge_update(&l, p); 2105 iPTE_LW(&p, wr.r1, wr.r2); 2106 build_pte_writable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbs); 2107 build_tlb_probe_entry(&p); 2108 uasm_i_ori(&p, wr.r1, wr.r1, 2109 _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY); 2110 build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2); 2111 #endif 2112 2113 uasm_l_nopage_tlbs(&l, p); 2114 build_restore_work_registers(&p); 2115 #ifdef CONFIG_CPU_MICROMIPS 2116 if ((unsigned long)tlb_do_page_fault_1 & 1) { 2117 uasm_i_lui(&p, K0, uasm_rel_hi((long)tlb_do_page_fault_1)); 2118 uasm_i_addiu(&p, K0, K0, uasm_rel_lo((long)tlb_do_page_fault_1)); 2119 uasm_i_jr(&p, K0); 2120 } else 2121 #endif 2122 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff); 2123 uasm_i_nop(&p); 2124 2125 if (p >= handle_tlbs_end) 2126 panic("TLB store handler fastpath space exceeded"); 2127 2128 uasm_resolve_relocs(relocs, labels); 2129 pr_debug("Wrote TLB store handler fastpath (%u instructions).\n", 2130 (unsigned int)(p - handle_tlbs)); 2131 2132 dump_handler("r4000_tlb_store", handle_tlbs, handle_tlbs_size); 2133 } 2134 2135 static void build_r4000_tlb_modify_handler(void) 2136 { 2137 u32 *p = handle_tlbm; 2138 const int handle_tlbm_size = handle_tlbm_end - handle_tlbm; 2139 struct uasm_label *l = labels; 2140 struct uasm_reloc *r = relocs; 2141 struct work_registers wr; 2142 2143 memset(handle_tlbm, 0, handle_tlbm_size * sizeof(handle_tlbm[0])); 2144 memset(labels, 0, sizeof(labels)); 2145 memset(relocs, 0, sizeof(relocs)); 2146 2147 wr = build_r4000_tlbchange_handler_head(&p, &l, &r); 2148 build_pte_modifiable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbm); 2149 if (m4kc_tlbp_war()) 2150 build_tlb_probe_entry(&p); 2151 /* Present and writable bits set, set accessed and dirty bits. */ 2152 build_make_write(&p, &r, wr.r1, wr.r2); 2153 build_r4000_tlbchange_handler_tail(&p, &l, &r, wr.r1, wr.r2); 2154 2155 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 2156 /* 2157 * This is the entry point when 2158 * build_r4000_tlbchange_handler_head spots a huge page. 2159 */ 2160 uasm_l_tlb_huge_update(&l, p); 2161 iPTE_LW(&p, wr.r1, wr.r2); 2162 build_pte_modifiable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbm); 2163 build_tlb_probe_entry(&p); 2164 uasm_i_ori(&p, wr.r1, wr.r1, 2165 _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY); 2166 build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2); 2167 #endif 2168 2169 uasm_l_nopage_tlbm(&l, p); 2170 build_restore_work_registers(&p); 2171 #ifdef CONFIG_CPU_MICROMIPS 2172 if ((unsigned long)tlb_do_page_fault_1 & 1) { 2173 uasm_i_lui(&p, K0, uasm_rel_hi((long)tlb_do_page_fault_1)); 2174 uasm_i_addiu(&p, K0, K0, uasm_rel_lo((long)tlb_do_page_fault_1)); 2175 uasm_i_jr(&p, K0); 2176 } else 2177 #endif 2178 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff); 2179 uasm_i_nop(&p); 2180 2181 if (p >= handle_tlbm_end) 2182 panic("TLB modify handler fastpath space exceeded"); 2183 2184 uasm_resolve_relocs(relocs, labels); 2185 pr_debug("Wrote TLB modify handler fastpath (%u instructions).\n", 2186 (unsigned int)(p - handle_tlbm)); 2187 2188 dump_handler("r4000_tlb_modify", handle_tlbm, handle_tlbm_size); 2189 } 2190 2191 static void flush_tlb_handlers(void) 2192 { 2193 local_flush_icache_range((unsigned long)handle_tlbl, 2194 (unsigned long)handle_tlbl_end); 2195 local_flush_icache_range((unsigned long)handle_tlbs, 2196 (unsigned long)handle_tlbs_end); 2197 local_flush_icache_range((unsigned long)handle_tlbm, 2198 (unsigned long)handle_tlbm_end); 2199 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 2200 local_flush_icache_range((unsigned long)tlbmiss_handler_setup_pgd, 2201 (unsigned long)tlbmiss_handler_setup_pgd_end); 2202 #endif 2203 } 2204 2205 void build_tlb_refill_handler(void) 2206 { 2207 /* 2208 * The refill handler is generated per-CPU, multi-node systems 2209 * may have local storage for it. The other handlers are only 2210 * needed once. 2211 */ 2212 static int run_once = 0; 2213 2214 output_pgtable_bits_defines(); 2215 2216 #ifdef CONFIG_64BIT 2217 check_for_high_segbits = current_cpu_data.vmbits > (PGDIR_SHIFT + PGD_ORDER + PAGE_SHIFT - 3); 2218 #endif 2219 2220 switch (current_cpu_type()) { 2221 case CPU_R2000: 2222 case CPU_R3000: 2223 case CPU_R3000A: 2224 case CPU_R3081E: 2225 case CPU_TX3912: 2226 case CPU_TX3922: 2227 case CPU_TX3927: 2228 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT 2229 if (cpu_has_local_ebase) 2230 build_r3000_tlb_refill_handler(); 2231 if (!run_once) { 2232 if (!cpu_has_local_ebase) 2233 build_r3000_tlb_refill_handler(); 2234 build_r3000_tlb_load_handler(); 2235 build_r3000_tlb_store_handler(); 2236 build_r3000_tlb_modify_handler(); 2237 flush_tlb_handlers(); 2238 run_once++; 2239 } 2240 #else 2241 panic("No R3000 TLB refill handler"); 2242 #endif 2243 break; 2244 2245 case CPU_R6000: 2246 case CPU_R6000A: 2247 panic("No R6000 TLB refill handler yet"); 2248 break; 2249 2250 case CPU_R8000: 2251 panic("No R8000 TLB refill handler yet"); 2252 break; 2253 2254 default: 2255 if (!run_once) { 2256 scratch_reg = allocate_kscratch(); 2257 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 2258 build_r4000_setup_pgd(); 2259 #endif 2260 build_r4000_tlb_load_handler(); 2261 build_r4000_tlb_store_handler(); 2262 build_r4000_tlb_modify_handler(); 2263 if (!cpu_has_local_ebase) 2264 build_r4000_tlb_refill_handler(); 2265 flush_tlb_handlers(); 2266 run_once++; 2267 } 2268 if (cpu_has_local_ebase) 2269 build_r4000_tlb_refill_handler(); 2270 } 2271 } 2272