1 /* 2 * This file is subject to the terms and conditions of the GNU General Public 3 * License. See the file "COPYING" in the main directory of this archive 4 * for more details. 5 * 6 * Synthesize TLB refill handlers at runtime. 7 * 8 * Copyright (C) 2004, 2005, 2006, 2008 Thiemo Seufer 9 * Copyright (C) 2005, 2007, 2008, 2009 Maciej W. Rozycki 10 * Copyright (C) 2006 Ralf Baechle (ralf@linux-mips.org) 11 * Copyright (C) 2008, 2009 Cavium Networks, Inc. 12 * Copyright (C) 2011 MIPS Technologies, Inc. 13 * 14 * ... and the days got worse and worse and now you see 15 * I've gone completly out of my mind. 16 * 17 * They're coming to take me a away haha 18 * they're coming to take me a away hoho hihi haha 19 * to the funny farm where code is beautiful all the time ... 20 * 21 * (Condolences to Napoleon XIV) 22 */ 23 24 #include <linux/bug.h> 25 #include <linux/kernel.h> 26 #include <linux/types.h> 27 #include <linux/smp.h> 28 #include <linux/string.h> 29 #include <linux/init.h> 30 #include <linux/cache.h> 31 32 #include <asm/cacheflush.h> 33 #include <asm/pgtable.h> 34 #include <asm/war.h> 35 #include <asm/uasm.h> 36 #include <asm/setup.h> 37 38 /* 39 * TLB load/store/modify handlers. 40 * 41 * Only the fastpath gets synthesized at runtime, the slowpath for 42 * do_page_fault remains normal asm. 43 */ 44 extern void tlb_do_page_fault_0(void); 45 extern void tlb_do_page_fault_1(void); 46 47 struct work_registers { 48 int r1; 49 int r2; 50 int r3; 51 }; 52 53 struct tlb_reg_save { 54 unsigned long a; 55 unsigned long b; 56 } ____cacheline_aligned_in_smp; 57 58 static struct tlb_reg_save handler_reg_save[NR_CPUS]; 59 60 static inline int r45k_bvahwbug(void) 61 { 62 /* XXX: We should probe for the presence of this bug, but we don't. */ 63 return 0; 64 } 65 66 static inline int r4k_250MHZhwbug(void) 67 { 68 /* XXX: We should probe for the presence of this bug, but we don't. */ 69 return 0; 70 } 71 72 static inline int __maybe_unused bcm1250_m3_war(void) 73 { 74 return BCM1250_M3_WAR; 75 } 76 77 static inline int __maybe_unused r10000_llsc_war(void) 78 { 79 return R10000_LLSC_WAR; 80 } 81 82 static int use_bbit_insns(void) 83 { 84 switch (current_cpu_type()) { 85 case CPU_CAVIUM_OCTEON: 86 case CPU_CAVIUM_OCTEON_PLUS: 87 case CPU_CAVIUM_OCTEON2: 88 return 1; 89 default: 90 return 0; 91 } 92 } 93 94 static int use_lwx_insns(void) 95 { 96 switch (current_cpu_type()) { 97 case CPU_CAVIUM_OCTEON2: 98 return 1; 99 default: 100 return 0; 101 } 102 } 103 #if defined(CONFIG_CAVIUM_OCTEON_CVMSEG_SIZE) && \ 104 CONFIG_CAVIUM_OCTEON_CVMSEG_SIZE > 0 105 static bool scratchpad_available(void) 106 { 107 return true; 108 } 109 static int scratchpad_offset(int i) 110 { 111 /* 112 * CVMSEG starts at address -32768 and extends for 113 * CAVIUM_OCTEON_CVMSEG_SIZE 128 byte cache lines. 114 */ 115 i += 1; /* Kernel use starts at the top and works down. */ 116 return CONFIG_CAVIUM_OCTEON_CVMSEG_SIZE * 128 - (8 * i) - 32768; 117 } 118 #else 119 static bool scratchpad_available(void) 120 { 121 return false; 122 } 123 static int scratchpad_offset(int i) 124 { 125 BUG(); 126 /* Really unreachable, but evidently some GCC want this. */ 127 return 0; 128 } 129 #endif 130 /* 131 * Found by experiment: At least some revisions of the 4kc throw under 132 * some circumstances a machine check exception, triggered by invalid 133 * values in the index register. Delaying the tlbp instruction until 134 * after the next branch, plus adding an additional nop in front of 135 * tlbwi/tlbwr avoids the invalid index register values. Nobody knows 136 * why; it's not an issue caused by the core RTL. 137 * 138 */ 139 static int __cpuinit m4kc_tlbp_war(void) 140 { 141 return (current_cpu_data.processor_id & 0xffff00) == 142 (PRID_COMP_MIPS | PRID_IMP_4KC); 143 } 144 145 /* Handle labels (which must be positive integers). */ 146 enum label_id { 147 label_second_part = 1, 148 label_leave, 149 label_vmalloc, 150 label_vmalloc_done, 151 label_tlbw_hazard_0, 152 label_split = label_tlbw_hazard_0 + 8, 153 label_tlbl_goaround1, 154 label_tlbl_goaround2, 155 label_nopage_tlbl, 156 label_nopage_tlbs, 157 label_nopage_tlbm, 158 label_smp_pgtable_change, 159 label_r3000_write_probe_fail, 160 label_large_segbits_fault, 161 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 162 label_tlb_huge_update, 163 #endif 164 }; 165 166 UASM_L_LA(_second_part) 167 UASM_L_LA(_leave) 168 UASM_L_LA(_vmalloc) 169 UASM_L_LA(_vmalloc_done) 170 /* _tlbw_hazard_x is handled differently. */ 171 UASM_L_LA(_split) 172 UASM_L_LA(_tlbl_goaround1) 173 UASM_L_LA(_tlbl_goaround2) 174 UASM_L_LA(_nopage_tlbl) 175 UASM_L_LA(_nopage_tlbs) 176 UASM_L_LA(_nopage_tlbm) 177 UASM_L_LA(_smp_pgtable_change) 178 UASM_L_LA(_r3000_write_probe_fail) 179 UASM_L_LA(_large_segbits_fault) 180 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 181 UASM_L_LA(_tlb_huge_update) 182 #endif 183 184 static int __cpuinitdata hazard_instance; 185 186 static void __cpuinit uasm_bgezl_hazard(u32 **p, 187 struct uasm_reloc **r, 188 int instance) 189 { 190 switch (instance) { 191 case 0 ... 7: 192 uasm_il_bgezl(p, r, 0, label_tlbw_hazard_0 + instance); 193 return; 194 default: 195 BUG(); 196 } 197 } 198 199 static void __cpuinit uasm_bgezl_label(struct uasm_label **l, 200 u32 **p, 201 int instance) 202 { 203 switch (instance) { 204 case 0 ... 7: 205 uasm_build_label(l, *p, label_tlbw_hazard_0 + instance); 206 break; 207 default: 208 BUG(); 209 } 210 } 211 212 /* 213 * pgtable bits are assigned dynamically depending on processor feature 214 * and statically based on kernel configuration. This spits out the actual 215 * values the kernel is using. Required to make sense from disassembled 216 * TLB exception handlers. 217 */ 218 static void output_pgtable_bits_defines(void) 219 { 220 #define pr_define(fmt, ...) \ 221 pr_debug("#define " fmt, ##__VA_ARGS__) 222 223 pr_debug("#include <asm/asm.h>\n"); 224 pr_debug("#include <asm/regdef.h>\n"); 225 pr_debug("\n"); 226 227 pr_define("_PAGE_PRESENT_SHIFT %d\n", _PAGE_PRESENT_SHIFT); 228 pr_define("_PAGE_READ_SHIFT %d\n", _PAGE_READ_SHIFT); 229 pr_define("_PAGE_WRITE_SHIFT %d\n", _PAGE_WRITE_SHIFT); 230 pr_define("_PAGE_ACCESSED_SHIFT %d\n", _PAGE_ACCESSED_SHIFT); 231 pr_define("_PAGE_MODIFIED_SHIFT %d\n", _PAGE_MODIFIED_SHIFT); 232 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 233 pr_define("_PAGE_HUGE_SHIFT %d\n", _PAGE_HUGE_SHIFT); 234 pr_define("_PAGE_SPLITTING_SHIFT %d\n", _PAGE_SPLITTING_SHIFT); 235 #endif 236 if (cpu_has_rixi) { 237 #ifdef _PAGE_NO_EXEC_SHIFT 238 pr_define("_PAGE_NO_EXEC_SHIFT %d\n", _PAGE_NO_EXEC_SHIFT); 239 #endif 240 #ifdef _PAGE_NO_READ_SHIFT 241 pr_define("_PAGE_NO_READ_SHIFT %d\n", _PAGE_NO_READ_SHIFT); 242 #endif 243 } 244 pr_define("_PAGE_GLOBAL_SHIFT %d\n", _PAGE_GLOBAL_SHIFT); 245 pr_define("_PAGE_VALID_SHIFT %d\n", _PAGE_VALID_SHIFT); 246 pr_define("_PAGE_DIRTY_SHIFT %d\n", _PAGE_DIRTY_SHIFT); 247 pr_define("_PFN_SHIFT %d\n", _PFN_SHIFT); 248 pr_debug("\n"); 249 } 250 251 static inline void dump_handler(const char *symbol, const u32 *handler, int count) 252 { 253 int i; 254 255 pr_debug("LEAF(%s)\n", symbol); 256 257 pr_debug("\t.set push\n"); 258 pr_debug("\t.set noreorder\n"); 259 260 for (i = 0; i < count; i++) 261 pr_debug("\t.word\t0x%08x\t\t# %p\n", handler[i], &handler[i]); 262 263 pr_debug("\t.set\tpop\n"); 264 265 pr_debug("\tEND(%s)\n", symbol); 266 } 267 268 /* The only general purpose registers allowed in TLB handlers. */ 269 #define K0 26 270 #define K1 27 271 272 /* Some CP0 registers */ 273 #define C0_INDEX 0, 0 274 #define C0_ENTRYLO0 2, 0 275 #define C0_TCBIND 2, 2 276 #define C0_ENTRYLO1 3, 0 277 #define C0_CONTEXT 4, 0 278 #define C0_PAGEMASK 5, 0 279 #define C0_BADVADDR 8, 0 280 #define C0_ENTRYHI 10, 0 281 #define C0_EPC 14, 0 282 #define C0_XCONTEXT 20, 0 283 284 #ifdef CONFIG_64BIT 285 # define GET_CONTEXT(buf, reg) UASM_i_MFC0(buf, reg, C0_XCONTEXT) 286 #else 287 # define GET_CONTEXT(buf, reg) UASM_i_MFC0(buf, reg, C0_CONTEXT) 288 #endif 289 290 /* The worst case length of the handler is around 18 instructions for 291 * R3000-style TLBs and up to 63 instructions for R4000-style TLBs. 292 * Maximum space available is 32 instructions for R3000 and 64 293 * instructions for R4000. 294 * 295 * We deliberately chose a buffer size of 128, so we won't scribble 296 * over anything important on overflow before we panic. 297 */ 298 static u32 tlb_handler[128] __cpuinitdata; 299 300 /* simply assume worst case size for labels and relocs */ 301 static struct uasm_label labels[128] __cpuinitdata; 302 static struct uasm_reloc relocs[128] __cpuinitdata; 303 304 #ifdef CONFIG_64BIT 305 static int check_for_high_segbits __cpuinitdata; 306 #endif 307 308 static int check_for_high_segbits __cpuinitdata; 309 310 static unsigned int kscratch_used_mask __cpuinitdata; 311 312 static int __cpuinit allocate_kscratch(void) 313 { 314 int r; 315 unsigned int a = cpu_data[0].kscratch_mask & ~kscratch_used_mask; 316 317 r = ffs(a); 318 319 if (r == 0) 320 return -1; 321 322 r--; /* make it zero based */ 323 324 kscratch_used_mask |= (1 << r); 325 326 return r; 327 } 328 329 static int scratch_reg __cpuinitdata; 330 static int pgd_reg __cpuinitdata; 331 enum vmalloc64_mode {not_refill, refill_scratch, refill_noscratch}; 332 333 static struct work_registers __cpuinit build_get_work_registers(u32 **p) 334 { 335 struct work_registers r; 336 337 int smp_processor_id_reg; 338 int smp_processor_id_sel; 339 int smp_processor_id_shift; 340 341 if (scratch_reg > 0) { 342 /* Save in CPU local C0_KScratch? */ 343 UASM_i_MTC0(p, 1, 31, scratch_reg); 344 r.r1 = K0; 345 r.r2 = K1; 346 r.r3 = 1; 347 return r; 348 } 349 350 if (num_possible_cpus() > 1) { 351 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 352 smp_processor_id_shift = 51; 353 smp_processor_id_reg = 20; /* XContext */ 354 smp_processor_id_sel = 0; 355 #else 356 # ifdef CONFIG_32BIT 357 smp_processor_id_shift = 25; 358 smp_processor_id_reg = 4; /* Context */ 359 smp_processor_id_sel = 0; 360 # endif 361 # ifdef CONFIG_64BIT 362 smp_processor_id_shift = 26; 363 smp_processor_id_reg = 4; /* Context */ 364 smp_processor_id_sel = 0; 365 # endif 366 #endif 367 /* Get smp_processor_id */ 368 UASM_i_MFC0(p, K0, smp_processor_id_reg, smp_processor_id_sel); 369 UASM_i_SRL_SAFE(p, K0, K0, smp_processor_id_shift); 370 371 /* handler_reg_save index in K0 */ 372 UASM_i_SLL(p, K0, K0, ilog2(sizeof(struct tlb_reg_save))); 373 374 UASM_i_LA(p, K1, (long)&handler_reg_save); 375 UASM_i_ADDU(p, K0, K0, K1); 376 } else { 377 UASM_i_LA(p, K0, (long)&handler_reg_save); 378 } 379 /* K0 now points to save area, save $1 and $2 */ 380 UASM_i_SW(p, 1, offsetof(struct tlb_reg_save, a), K0); 381 UASM_i_SW(p, 2, offsetof(struct tlb_reg_save, b), K0); 382 383 r.r1 = K1; 384 r.r2 = 1; 385 r.r3 = 2; 386 return r; 387 } 388 389 static void __cpuinit build_restore_work_registers(u32 **p) 390 { 391 if (scratch_reg > 0) { 392 UASM_i_MFC0(p, 1, 31, scratch_reg); 393 return; 394 } 395 /* K0 already points to save area, restore $1 and $2 */ 396 UASM_i_LW(p, 1, offsetof(struct tlb_reg_save, a), K0); 397 UASM_i_LW(p, 2, offsetof(struct tlb_reg_save, b), K0); 398 } 399 400 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT 401 402 /* 403 * CONFIG_MIPS_PGD_C0_CONTEXT implies 64 bit and lack of pgd_current, 404 * we cannot do r3000 under these circumstances. 405 * 406 * Declare pgd_current here instead of including mmu_context.h to avoid type 407 * conflicts for tlbmiss_handler_setup_pgd 408 */ 409 extern unsigned long pgd_current[]; 410 411 /* 412 * The R3000 TLB handler is simple. 413 */ 414 static void __cpuinit build_r3000_tlb_refill_handler(void) 415 { 416 long pgdc = (long)pgd_current; 417 u32 *p; 418 419 memset(tlb_handler, 0, sizeof(tlb_handler)); 420 p = tlb_handler; 421 422 uasm_i_mfc0(&p, K0, C0_BADVADDR); 423 uasm_i_lui(&p, K1, uasm_rel_hi(pgdc)); /* cp0 delay */ 424 uasm_i_lw(&p, K1, uasm_rel_lo(pgdc), K1); 425 uasm_i_srl(&p, K0, K0, 22); /* load delay */ 426 uasm_i_sll(&p, K0, K0, 2); 427 uasm_i_addu(&p, K1, K1, K0); 428 uasm_i_mfc0(&p, K0, C0_CONTEXT); 429 uasm_i_lw(&p, K1, 0, K1); /* cp0 delay */ 430 uasm_i_andi(&p, K0, K0, 0xffc); /* load delay */ 431 uasm_i_addu(&p, K1, K1, K0); 432 uasm_i_lw(&p, K0, 0, K1); 433 uasm_i_nop(&p); /* load delay */ 434 uasm_i_mtc0(&p, K0, C0_ENTRYLO0); 435 uasm_i_mfc0(&p, K1, C0_EPC); /* cp0 delay */ 436 uasm_i_tlbwr(&p); /* cp0 delay */ 437 uasm_i_jr(&p, K1); 438 uasm_i_rfe(&p); /* branch delay */ 439 440 if (p > tlb_handler + 32) 441 panic("TLB refill handler space exceeded"); 442 443 pr_debug("Wrote TLB refill handler (%u instructions).\n", 444 (unsigned int)(p - tlb_handler)); 445 446 memcpy((void *)ebase, tlb_handler, 0x80); 447 448 dump_handler("r3000_tlb_refill", (u32 *)ebase, 32); 449 } 450 #endif /* CONFIG_MIPS_PGD_C0_CONTEXT */ 451 452 /* 453 * The R4000 TLB handler is much more complicated. We have two 454 * consecutive handler areas with 32 instructions space each. 455 * Since they aren't used at the same time, we can overflow in the 456 * other one.To keep things simple, we first assume linear space, 457 * then we relocate it to the final handler layout as needed. 458 */ 459 static u32 final_handler[64] __cpuinitdata; 460 461 /* 462 * Hazards 463 * 464 * From the IDT errata for the QED RM5230 (Nevada), processor revision 1.0: 465 * 2. A timing hazard exists for the TLBP instruction. 466 * 467 * stalling_instruction 468 * TLBP 469 * 470 * The JTLB is being read for the TLBP throughout the stall generated by the 471 * previous instruction. This is not really correct as the stalling instruction 472 * can modify the address used to access the JTLB. The failure symptom is that 473 * the TLBP instruction will use an address created for the stalling instruction 474 * and not the address held in C0_ENHI and thus report the wrong results. 475 * 476 * The software work-around is to not allow the instruction preceding the TLBP 477 * to stall - make it an NOP or some other instruction guaranteed not to stall. 478 * 479 * Errata 2 will not be fixed. This errata is also on the R5000. 480 * 481 * As if we MIPS hackers wouldn't know how to nop pipelines happy ... 482 */ 483 static void __cpuinit __maybe_unused build_tlb_probe_entry(u32 **p) 484 { 485 switch (current_cpu_type()) { 486 /* Found by experiment: R4600 v2.0/R4700 needs this, too. */ 487 case CPU_R4600: 488 case CPU_R4700: 489 case CPU_R5000: 490 case CPU_NEVADA: 491 uasm_i_nop(p); 492 uasm_i_tlbp(p); 493 break; 494 495 default: 496 uasm_i_tlbp(p); 497 break; 498 } 499 } 500 501 /* 502 * Write random or indexed TLB entry, and care about the hazards from 503 * the preceding mtc0 and for the following eret. 504 */ 505 enum tlb_write_entry { tlb_random, tlb_indexed }; 506 507 static void __cpuinit build_tlb_write_entry(u32 **p, struct uasm_label **l, 508 struct uasm_reloc **r, 509 enum tlb_write_entry wmode) 510 { 511 void(*tlbw)(u32 **) = NULL; 512 513 switch (wmode) { 514 case tlb_random: tlbw = uasm_i_tlbwr; break; 515 case tlb_indexed: tlbw = uasm_i_tlbwi; break; 516 } 517 518 if (cpu_has_mips_r2) { 519 /* 520 * The architecture spec says an ehb is required here, 521 * but a number of cores do not have the hazard and 522 * using an ehb causes an expensive pipeline stall. 523 */ 524 switch (current_cpu_type()) { 525 case CPU_M14KC: 526 case CPU_74K: 527 break; 528 529 default: 530 uasm_i_ehb(p); 531 break; 532 } 533 tlbw(p); 534 return; 535 } 536 537 switch (current_cpu_type()) { 538 case CPU_R4000PC: 539 case CPU_R4000SC: 540 case CPU_R4000MC: 541 case CPU_R4400PC: 542 case CPU_R4400SC: 543 case CPU_R4400MC: 544 /* 545 * This branch uses up a mtc0 hazard nop slot and saves 546 * two nops after the tlbw instruction. 547 */ 548 uasm_bgezl_hazard(p, r, hazard_instance); 549 tlbw(p); 550 uasm_bgezl_label(l, p, hazard_instance); 551 hazard_instance++; 552 uasm_i_nop(p); 553 break; 554 555 case CPU_R4600: 556 case CPU_R4700: 557 uasm_i_nop(p); 558 tlbw(p); 559 uasm_i_nop(p); 560 break; 561 562 case CPU_R5000: 563 case CPU_NEVADA: 564 uasm_i_nop(p); /* QED specifies 2 nops hazard */ 565 uasm_i_nop(p); /* QED specifies 2 nops hazard */ 566 tlbw(p); 567 break; 568 569 case CPU_R4300: 570 case CPU_5KC: 571 case CPU_TX49XX: 572 case CPU_PR4450: 573 case CPU_XLR: 574 uasm_i_nop(p); 575 tlbw(p); 576 break; 577 578 case CPU_R10000: 579 case CPU_R12000: 580 case CPU_R14000: 581 case CPU_4KC: 582 case CPU_4KEC: 583 case CPU_M14KC: 584 case CPU_M14KEC: 585 case CPU_SB1: 586 case CPU_SB1A: 587 case CPU_4KSC: 588 case CPU_20KC: 589 case CPU_25KF: 590 case CPU_BMIPS32: 591 case CPU_BMIPS3300: 592 case CPU_BMIPS4350: 593 case CPU_BMIPS4380: 594 case CPU_BMIPS5000: 595 case CPU_LOONGSON2: 596 case CPU_R5500: 597 if (m4kc_tlbp_war()) 598 uasm_i_nop(p); 599 case CPU_ALCHEMY: 600 tlbw(p); 601 break; 602 603 case CPU_RM7000: 604 uasm_i_nop(p); 605 uasm_i_nop(p); 606 uasm_i_nop(p); 607 uasm_i_nop(p); 608 tlbw(p); 609 break; 610 611 case CPU_VR4111: 612 case CPU_VR4121: 613 case CPU_VR4122: 614 case CPU_VR4181: 615 case CPU_VR4181A: 616 uasm_i_nop(p); 617 uasm_i_nop(p); 618 tlbw(p); 619 uasm_i_nop(p); 620 uasm_i_nop(p); 621 break; 622 623 case CPU_VR4131: 624 case CPU_VR4133: 625 case CPU_R5432: 626 uasm_i_nop(p); 627 uasm_i_nop(p); 628 tlbw(p); 629 break; 630 631 case CPU_JZRISC: 632 tlbw(p); 633 uasm_i_nop(p); 634 break; 635 636 default: 637 panic("No TLB refill handler yet (CPU type: %d)", 638 current_cpu_data.cputype); 639 break; 640 } 641 } 642 643 static __cpuinit __maybe_unused void build_convert_pte_to_entrylo(u32 **p, 644 unsigned int reg) 645 { 646 if (cpu_has_rixi) { 647 UASM_i_ROTR(p, reg, reg, ilog2(_PAGE_GLOBAL)); 648 } else { 649 #ifdef CONFIG_64BIT_PHYS_ADDR 650 uasm_i_dsrl_safe(p, reg, reg, ilog2(_PAGE_GLOBAL)); 651 #else 652 UASM_i_SRL(p, reg, reg, ilog2(_PAGE_GLOBAL)); 653 #endif 654 } 655 } 656 657 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 658 659 static __cpuinit void build_restore_pagemask(u32 **p, 660 struct uasm_reloc **r, 661 unsigned int tmp, 662 enum label_id lid, 663 int restore_scratch) 664 { 665 if (restore_scratch) { 666 /* Reset default page size */ 667 if (PM_DEFAULT_MASK >> 16) { 668 uasm_i_lui(p, tmp, PM_DEFAULT_MASK >> 16); 669 uasm_i_ori(p, tmp, tmp, PM_DEFAULT_MASK & 0xffff); 670 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 671 uasm_il_b(p, r, lid); 672 } else if (PM_DEFAULT_MASK) { 673 uasm_i_ori(p, tmp, 0, PM_DEFAULT_MASK); 674 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 675 uasm_il_b(p, r, lid); 676 } else { 677 uasm_i_mtc0(p, 0, C0_PAGEMASK); 678 uasm_il_b(p, r, lid); 679 } 680 if (scratch_reg > 0) 681 UASM_i_MFC0(p, 1, 31, scratch_reg); 682 else 683 UASM_i_LW(p, 1, scratchpad_offset(0), 0); 684 } else { 685 /* Reset default page size */ 686 if (PM_DEFAULT_MASK >> 16) { 687 uasm_i_lui(p, tmp, PM_DEFAULT_MASK >> 16); 688 uasm_i_ori(p, tmp, tmp, PM_DEFAULT_MASK & 0xffff); 689 uasm_il_b(p, r, lid); 690 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 691 } else if (PM_DEFAULT_MASK) { 692 uasm_i_ori(p, tmp, 0, PM_DEFAULT_MASK); 693 uasm_il_b(p, r, lid); 694 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 695 } else { 696 uasm_il_b(p, r, lid); 697 uasm_i_mtc0(p, 0, C0_PAGEMASK); 698 } 699 } 700 } 701 702 static __cpuinit void build_huge_tlb_write_entry(u32 **p, 703 struct uasm_label **l, 704 struct uasm_reloc **r, 705 unsigned int tmp, 706 enum tlb_write_entry wmode, 707 int restore_scratch) 708 { 709 /* Set huge page tlb entry size */ 710 uasm_i_lui(p, tmp, PM_HUGE_MASK >> 16); 711 uasm_i_ori(p, tmp, tmp, PM_HUGE_MASK & 0xffff); 712 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 713 714 build_tlb_write_entry(p, l, r, wmode); 715 716 build_restore_pagemask(p, r, tmp, label_leave, restore_scratch); 717 } 718 719 /* 720 * Check if Huge PTE is present, if so then jump to LABEL. 721 */ 722 static void __cpuinit 723 build_is_huge_pte(u32 **p, struct uasm_reloc **r, unsigned int tmp, 724 unsigned int pmd, int lid) 725 { 726 UASM_i_LW(p, tmp, 0, pmd); 727 if (use_bbit_insns()) { 728 uasm_il_bbit1(p, r, tmp, ilog2(_PAGE_HUGE), lid); 729 } else { 730 uasm_i_andi(p, tmp, tmp, _PAGE_HUGE); 731 uasm_il_bnez(p, r, tmp, lid); 732 } 733 } 734 735 static __cpuinit void build_huge_update_entries(u32 **p, 736 unsigned int pte, 737 unsigned int tmp) 738 { 739 int small_sequence; 740 741 /* 742 * A huge PTE describes an area the size of the 743 * configured huge page size. This is twice the 744 * of the large TLB entry size we intend to use. 745 * A TLB entry half the size of the configured 746 * huge page size is configured into entrylo0 747 * and entrylo1 to cover the contiguous huge PTE 748 * address space. 749 */ 750 small_sequence = (HPAGE_SIZE >> 7) < 0x10000; 751 752 /* We can clobber tmp. It isn't used after this.*/ 753 if (!small_sequence) 754 uasm_i_lui(p, tmp, HPAGE_SIZE >> (7 + 16)); 755 756 build_convert_pte_to_entrylo(p, pte); 757 UASM_i_MTC0(p, pte, C0_ENTRYLO0); /* load it */ 758 /* convert to entrylo1 */ 759 if (small_sequence) 760 UASM_i_ADDIU(p, pte, pte, HPAGE_SIZE >> 7); 761 else 762 UASM_i_ADDU(p, pte, pte, tmp); 763 764 UASM_i_MTC0(p, pte, C0_ENTRYLO1); /* load it */ 765 } 766 767 static __cpuinit void build_huge_handler_tail(u32 **p, 768 struct uasm_reloc **r, 769 struct uasm_label **l, 770 unsigned int pte, 771 unsigned int ptr) 772 { 773 #ifdef CONFIG_SMP 774 UASM_i_SC(p, pte, 0, ptr); 775 uasm_il_beqz(p, r, pte, label_tlb_huge_update); 776 UASM_i_LW(p, pte, 0, ptr); /* Needed because SC killed our PTE */ 777 #else 778 UASM_i_SW(p, pte, 0, ptr); 779 #endif 780 build_huge_update_entries(p, pte, ptr); 781 build_huge_tlb_write_entry(p, l, r, pte, tlb_indexed, 0); 782 } 783 #endif /* CONFIG_MIPS_HUGE_TLB_SUPPORT */ 784 785 #ifdef CONFIG_64BIT 786 /* 787 * TMP and PTR are scratch. 788 * TMP will be clobbered, PTR will hold the pmd entry. 789 */ 790 static void __cpuinit 791 build_get_pmde64(u32 **p, struct uasm_label **l, struct uasm_reloc **r, 792 unsigned int tmp, unsigned int ptr) 793 { 794 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT 795 long pgdc = (long)pgd_current; 796 #endif 797 /* 798 * The vmalloc handling is not in the hotpath. 799 */ 800 uasm_i_dmfc0(p, tmp, C0_BADVADDR); 801 802 if (check_for_high_segbits) { 803 /* 804 * The kernel currently implicitely assumes that the 805 * MIPS SEGBITS parameter for the processor is 806 * (PGDIR_SHIFT+PGDIR_BITS) or less, and will never 807 * allocate virtual addresses outside the maximum 808 * range for SEGBITS = (PGDIR_SHIFT+PGDIR_BITS). But 809 * that doesn't prevent user code from accessing the 810 * higher xuseg addresses. Here, we make sure that 811 * everything but the lower xuseg addresses goes down 812 * the module_alloc/vmalloc path. 813 */ 814 uasm_i_dsrl_safe(p, ptr, tmp, PGDIR_SHIFT + PGD_ORDER + PAGE_SHIFT - 3); 815 uasm_il_bnez(p, r, ptr, label_vmalloc); 816 } else { 817 uasm_il_bltz(p, r, tmp, label_vmalloc); 818 } 819 /* No uasm_i_nop needed here, since the next insn doesn't touch TMP. */ 820 821 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 822 if (pgd_reg != -1) { 823 /* pgd is in pgd_reg */ 824 UASM_i_MFC0(p, ptr, 31, pgd_reg); 825 } else { 826 /* 827 * &pgd << 11 stored in CONTEXT [23..63]. 828 */ 829 UASM_i_MFC0(p, ptr, C0_CONTEXT); 830 831 /* Clear lower 23 bits of context. */ 832 uasm_i_dins(p, ptr, 0, 0, 23); 833 834 /* 1 0 1 0 1 << 6 xkphys cached */ 835 uasm_i_ori(p, ptr, ptr, 0x540); 836 uasm_i_drotr(p, ptr, ptr, 11); 837 } 838 #elif defined(CONFIG_SMP) 839 # ifdef CONFIG_MIPS_MT_SMTC 840 /* 841 * SMTC uses TCBind value as "CPU" index 842 */ 843 uasm_i_mfc0(p, ptr, C0_TCBIND); 844 uasm_i_dsrl_safe(p, ptr, ptr, 19); 845 # else 846 /* 847 * 64 bit SMP running in XKPHYS has smp_processor_id() << 3 848 * stored in CONTEXT. 849 */ 850 uasm_i_dmfc0(p, ptr, C0_CONTEXT); 851 uasm_i_dsrl_safe(p, ptr, ptr, 23); 852 # endif 853 UASM_i_LA_mostly(p, tmp, pgdc); 854 uasm_i_daddu(p, ptr, ptr, tmp); 855 uasm_i_dmfc0(p, tmp, C0_BADVADDR); 856 uasm_i_ld(p, ptr, uasm_rel_lo(pgdc), ptr); 857 #else 858 UASM_i_LA_mostly(p, ptr, pgdc); 859 uasm_i_ld(p, ptr, uasm_rel_lo(pgdc), ptr); 860 #endif 861 862 uasm_l_vmalloc_done(l, *p); 863 864 /* get pgd offset in bytes */ 865 uasm_i_dsrl_safe(p, tmp, tmp, PGDIR_SHIFT - 3); 866 867 uasm_i_andi(p, tmp, tmp, (PTRS_PER_PGD - 1)<<3); 868 uasm_i_daddu(p, ptr, ptr, tmp); /* add in pgd offset */ 869 #ifndef __PAGETABLE_PMD_FOLDED 870 uasm_i_dmfc0(p, tmp, C0_BADVADDR); /* get faulting address */ 871 uasm_i_ld(p, ptr, 0, ptr); /* get pmd pointer */ 872 uasm_i_dsrl_safe(p, tmp, tmp, PMD_SHIFT-3); /* get pmd offset in bytes */ 873 uasm_i_andi(p, tmp, tmp, (PTRS_PER_PMD - 1)<<3); 874 uasm_i_daddu(p, ptr, ptr, tmp); /* add in pmd offset */ 875 #endif 876 } 877 878 /* 879 * BVADDR is the faulting address, PTR is scratch. 880 * PTR will hold the pgd for vmalloc. 881 */ 882 static void __cpuinit 883 build_get_pgd_vmalloc64(u32 **p, struct uasm_label **l, struct uasm_reloc **r, 884 unsigned int bvaddr, unsigned int ptr, 885 enum vmalloc64_mode mode) 886 { 887 long swpd = (long)swapper_pg_dir; 888 int single_insn_swpd; 889 int did_vmalloc_branch = 0; 890 891 single_insn_swpd = uasm_in_compat_space_p(swpd) && !uasm_rel_lo(swpd); 892 893 uasm_l_vmalloc(l, *p); 894 895 if (mode != not_refill && check_for_high_segbits) { 896 if (single_insn_swpd) { 897 uasm_il_bltz(p, r, bvaddr, label_vmalloc_done); 898 uasm_i_lui(p, ptr, uasm_rel_hi(swpd)); 899 did_vmalloc_branch = 1; 900 /* fall through */ 901 } else { 902 uasm_il_bgez(p, r, bvaddr, label_large_segbits_fault); 903 } 904 } 905 if (!did_vmalloc_branch) { 906 if (uasm_in_compat_space_p(swpd) && !uasm_rel_lo(swpd)) { 907 uasm_il_b(p, r, label_vmalloc_done); 908 uasm_i_lui(p, ptr, uasm_rel_hi(swpd)); 909 } else { 910 UASM_i_LA_mostly(p, ptr, swpd); 911 uasm_il_b(p, r, label_vmalloc_done); 912 if (uasm_in_compat_space_p(swpd)) 913 uasm_i_addiu(p, ptr, ptr, uasm_rel_lo(swpd)); 914 else 915 uasm_i_daddiu(p, ptr, ptr, uasm_rel_lo(swpd)); 916 } 917 } 918 if (mode != not_refill && check_for_high_segbits) { 919 uasm_l_large_segbits_fault(l, *p); 920 /* 921 * We get here if we are an xsseg address, or if we are 922 * an xuseg address above (PGDIR_SHIFT+PGDIR_BITS) boundary. 923 * 924 * Ignoring xsseg (assume disabled so would generate 925 * (address errors?), the only remaining possibility 926 * is the upper xuseg addresses. On processors with 927 * TLB_SEGBITS <= PGDIR_SHIFT+PGDIR_BITS, these 928 * addresses would have taken an address error. We try 929 * to mimic that here by taking a load/istream page 930 * fault. 931 */ 932 UASM_i_LA(p, ptr, (unsigned long)tlb_do_page_fault_0); 933 uasm_i_jr(p, ptr); 934 935 if (mode == refill_scratch) { 936 if (scratch_reg > 0) 937 UASM_i_MFC0(p, 1, 31, scratch_reg); 938 else 939 UASM_i_LW(p, 1, scratchpad_offset(0), 0); 940 } else { 941 uasm_i_nop(p); 942 } 943 } 944 } 945 946 #else /* !CONFIG_64BIT */ 947 948 /* 949 * TMP and PTR are scratch. 950 * TMP will be clobbered, PTR will hold the pgd entry. 951 */ 952 static void __cpuinit __maybe_unused 953 build_get_pgde32(u32 **p, unsigned int tmp, unsigned int ptr) 954 { 955 long pgdc = (long)pgd_current; 956 957 /* 32 bit SMP has smp_processor_id() stored in CONTEXT. */ 958 #ifdef CONFIG_SMP 959 #ifdef CONFIG_MIPS_MT_SMTC 960 /* 961 * SMTC uses TCBind value as "CPU" index 962 */ 963 uasm_i_mfc0(p, ptr, C0_TCBIND); 964 UASM_i_LA_mostly(p, tmp, pgdc); 965 uasm_i_srl(p, ptr, ptr, 19); 966 #else 967 /* 968 * smp_processor_id() << 3 is stored in CONTEXT. 969 */ 970 uasm_i_mfc0(p, ptr, C0_CONTEXT); 971 UASM_i_LA_mostly(p, tmp, pgdc); 972 uasm_i_srl(p, ptr, ptr, 23); 973 #endif 974 uasm_i_addu(p, ptr, tmp, ptr); 975 #else 976 UASM_i_LA_mostly(p, ptr, pgdc); 977 #endif 978 uasm_i_mfc0(p, tmp, C0_BADVADDR); /* get faulting address */ 979 uasm_i_lw(p, ptr, uasm_rel_lo(pgdc), ptr); 980 uasm_i_srl(p, tmp, tmp, PGDIR_SHIFT); /* get pgd only bits */ 981 uasm_i_sll(p, tmp, tmp, PGD_T_LOG2); 982 uasm_i_addu(p, ptr, ptr, tmp); /* add in pgd offset */ 983 } 984 985 #endif /* !CONFIG_64BIT */ 986 987 static void __cpuinit build_adjust_context(u32 **p, unsigned int ctx) 988 { 989 unsigned int shift = 4 - (PTE_T_LOG2 + 1) + PAGE_SHIFT - 12; 990 unsigned int mask = (PTRS_PER_PTE / 2 - 1) << (PTE_T_LOG2 + 1); 991 992 switch (current_cpu_type()) { 993 case CPU_VR41XX: 994 case CPU_VR4111: 995 case CPU_VR4121: 996 case CPU_VR4122: 997 case CPU_VR4131: 998 case CPU_VR4181: 999 case CPU_VR4181A: 1000 case CPU_VR4133: 1001 shift += 2; 1002 break; 1003 1004 default: 1005 break; 1006 } 1007 1008 if (shift) 1009 UASM_i_SRL(p, ctx, ctx, shift); 1010 uasm_i_andi(p, ctx, ctx, mask); 1011 } 1012 1013 static void __cpuinit build_get_ptep(u32 **p, unsigned int tmp, unsigned int ptr) 1014 { 1015 /* 1016 * Bug workaround for the Nevada. It seems as if under certain 1017 * circumstances the move from cp0_context might produce a 1018 * bogus result when the mfc0 instruction and its consumer are 1019 * in a different cacheline or a load instruction, probably any 1020 * memory reference, is between them. 1021 */ 1022 switch (current_cpu_type()) { 1023 case CPU_NEVADA: 1024 UASM_i_LW(p, ptr, 0, ptr); 1025 GET_CONTEXT(p, tmp); /* get context reg */ 1026 break; 1027 1028 default: 1029 GET_CONTEXT(p, tmp); /* get context reg */ 1030 UASM_i_LW(p, ptr, 0, ptr); 1031 break; 1032 } 1033 1034 build_adjust_context(p, tmp); 1035 UASM_i_ADDU(p, ptr, ptr, tmp); /* add in offset */ 1036 } 1037 1038 static void __cpuinit build_update_entries(u32 **p, unsigned int tmp, 1039 unsigned int ptep) 1040 { 1041 /* 1042 * 64bit address support (36bit on a 32bit CPU) in a 32bit 1043 * Kernel is a special case. Only a few CPUs use it. 1044 */ 1045 #ifdef CONFIG_64BIT_PHYS_ADDR 1046 if (cpu_has_64bits) { 1047 uasm_i_ld(p, tmp, 0, ptep); /* get even pte */ 1048 uasm_i_ld(p, ptep, sizeof(pte_t), ptep); /* get odd pte */ 1049 if (cpu_has_rixi) { 1050 UASM_i_ROTR(p, tmp, tmp, ilog2(_PAGE_GLOBAL)); 1051 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1052 UASM_i_ROTR(p, ptep, ptep, ilog2(_PAGE_GLOBAL)); 1053 } else { 1054 uasm_i_dsrl_safe(p, tmp, tmp, ilog2(_PAGE_GLOBAL)); /* convert to entrylo0 */ 1055 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1056 uasm_i_dsrl_safe(p, ptep, ptep, ilog2(_PAGE_GLOBAL)); /* convert to entrylo1 */ 1057 } 1058 UASM_i_MTC0(p, ptep, C0_ENTRYLO1); /* load it */ 1059 } else { 1060 int pte_off_even = sizeof(pte_t) / 2; 1061 int pte_off_odd = pte_off_even + sizeof(pte_t); 1062 1063 /* The pte entries are pre-shifted */ 1064 uasm_i_lw(p, tmp, pte_off_even, ptep); /* get even pte */ 1065 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1066 uasm_i_lw(p, ptep, pte_off_odd, ptep); /* get odd pte */ 1067 UASM_i_MTC0(p, ptep, C0_ENTRYLO1); /* load it */ 1068 } 1069 #else 1070 UASM_i_LW(p, tmp, 0, ptep); /* get even pte */ 1071 UASM_i_LW(p, ptep, sizeof(pte_t), ptep); /* get odd pte */ 1072 if (r45k_bvahwbug()) 1073 build_tlb_probe_entry(p); 1074 if (cpu_has_rixi) { 1075 UASM_i_ROTR(p, tmp, tmp, ilog2(_PAGE_GLOBAL)); 1076 if (r4k_250MHZhwbug()) 1077 UASM_i_MTC0(p, 0, C0_ENTRYLO0); 1078 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1079 UASM_i_ROTR(p, ptep, ptep, ilog2(_PAGE_GLOBAL)); 1080 } else { 1081 UASM_i_SRL(p, tmp, tmp, ilog2(_PAGE_GLOBAL)); /* convert to entrylo0 */ 1082 if (r4k_250MHZhwbug()) 1083 UASM_i_MTC0(p, 0, C0_ENTRYLO0); 1084 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1085 UASM_i_SRL(p, ptep, ptep, ilog2(_PAGE_GLOBAL)); /* convert to entrylo1 */ 1086 if (r45k_bvahwbug()) 1087 uasm_i_mfc0(p, tmp, C0_INDEX); 1088 } 1089 if (r4k_250MHZhwbug()) 1090 UASM_i_MTC0(p, 0, C0_ENTRYLO1); 1091 UASM_i_MTC0(p, ptep, C0_ENTRYLO1); /* load it */ 1092 #endif 1093 } 1094 1095 struct mips_huge_tlb_info { 1096 int huge_pte; 1097 int restore_scratch; 1098 }; 1099 1100 static struct mips_huge_tlb_info __cpuinit 1101 build_fast_tlb_refill_handler (u32 **p, struct uasm_label **l, 1102 struct uasm_reloc **r, unsigned int tmp, 1103 unsigned int ptr, int c0_scratch) 1104 { 1105 struct mips_huge_tlb_info rv; 1106 unsigned int even, odd; 1107 int vmalloc_branch_delay_filled = 0; 1108 const int scratch = 1; /* Our extra working register */ 1109 1110 rv.huge_pte = scratch; 1111 rv.restore_scratch = 0; 1112 1113 if (check_for_high_segbits) { 1114 UASM_i_MFC0(p, tmp, C0_BADVADDR); 1115 1116 if (pgd_reg != -1) 1117 UASM_i_MFC0(p, ptr, 31, pgd_reg); 1118 else 1119 UASM_i_MFC0(p, ptr, C0_CONTEXT); 1120 1121 if (c0_scratch >= 0) 1122 UASM_i_MTC0(p, scratch, 31, c0_scratch); 1123 else 1124 UASM_i_SW(p, scratch, scratchpad_offset(0), 0); 1125 1126 uasm_i_dsrl_safe(p, scratch, tmp, 1127 PGDIR_SHIFT + PGD_ORDER + PAGE_SHIFT - 3); 1128 uasm_il_bnez(p, r, scratch, label_vmalloc); 1129 1130 if (pgd_reg == -1) { 1131 vmalloc_branch_delay_filled = 1; 1132 /* Clear lower 23 bits of context. */ 1133 uasm_i_dins(p, ptr, 0, 0, 23); 1134 } 1135 } else { 1136 if (pgd_reg != -1) 1137 UASM_i_MFC0(p, ptr, 31, pgd_reg); 1138 else 1139 UASM_i_MFC0(p, ptr, C0_CONTEXT); 1140 1141 UASM_i_MFC0(p, tmp, C0_BADVADDR); 1142 1143 if (c0_scratch >= 0) 1144 UASM_i_MTC0(p, scratch, 31, c0_scratch); 1145 else 1146 UASM_i_SW(p, scratch, scratchpad_offset(0), 0); 1147 1148 if (pgd_reg == -1) 1149 /* Clear lower 23 bits of context. */ 1150 uasm_i_dins(p, ptr, 0, 0, 23); 1151 1152 uasm_il_bltz(p, r, tmp, label_vmalloc); 1153 } 1154 1155 if (pgd_reg == -1) { 1156 vmalloc_branch_delay_filled = 1; 1157 /* 1 0 1 0 1 << 6 xkphys cached */ 1158 uasm_i_ori(p, ptr, ptr, 0x540); 1159 uasm_i_drotr(p, ptr, ptr, 11); 1160 } 1161 1162 #ifdef __PAGETABLE_PMD_FOLDED 1163 #define LOC_PTEP scratch 1164 #else 1165 #define LOC_PTEP ptr 1166 #endif 1167 1168 if (!vmalloc_branch_delay_filled) 1169 /* get pgd offset in bytes */ 1170 uasm_i_dsrl_safe(p, scratch, tmp, PGDIR_SHIFT - 3); 1171 1172 uasm_l_vmalloc_done(l, *p); 1173 1174 /* 1175 * tmp ptr 1176 * fall-through case = badvaddr *pgd_current 1177 * vmalloc case = badvaddr swapper_pg_dir 1178 */ 1179 1180 if (vmalloc_branch_delay_filled) 1181 /* get pgd offset in bytes */ 1182 uasm_i_dsrl_safe(p, scratch, tmp, PGDIR_SHIFT - 3); 1183 1184 #ifdef __PAGETABLE_PMD_FOLDED 1185 GET_CONTEXT(p, tmp); /* get context reg */ 1186 #endif 1187 uasm_i_andi(p, scratch, scratch, (PTRS_PER_PGD - 1) << 3); 1188 1189 if (use_lwx_insns()) { 1190 UASM_i_LWX(p, LOC_PTEP, scratch, ptr); 1191 } else { 1192 uasm_i_daddu(p, ptr, ptr, scratch); /* add in pgd offset */ 1193 uasm_i_ld(p, LOC_PTEP, 0, ptr); /* get pmd pointer */ 1194 } 1195 1196 #ifndef __PAGETABLE_PMD_FOLDED 1197 /* get pmd offset in bytes */ 1198 uasm_i_dsrl_safe(p, scratch, tmp, PMD_SHIFT - 3); 1199 uasm_i_andi(p, scratch, scratch, (PTRS_PER_PMD - 1) << 3); 1200 GET_CONTEXT(p, tmp); /* get context reg */ 1201 1202 if (use_lwx_insns()) { 1203 UASM_i_LWX(p, scratch, scratch, ptr); 1204 } else { 1205 uasm_i_daddu(p, ptr, ptr, scratch); /* add in pmd offset */ 1206 UASM_i_LW(p, scratch, 0, ptr); 1207 } 1208 #endif 1209 /* Adjust the context during the load latency. */ 1210 build_adjust_context(p, tmp); 1211 1212 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1213 uasm_il_bbit1(p, r, scratch, ilog2(_PAGE_HUGE), label_tlb_huge_update); 1214 /* 1215 * The in the LWX case we don't want to do the load in the 1216 * delay slot. It cannot issue in the same cycle and may be 1217 * speculative and unneeded. 1218 */ 1219 if (use_lwx_insns()) 1220 uasm_i_nop(p); 1221 #endif /* CONFIG_MIPS_HUGE_TLB_SUPPORT */ 1222 1223 1224 /* build_update_entries */ 1225 if (use_lwx_insns()) { 1226 even = ptr; 1227 odd = tmp; 1228 UASM_i_LWX(p, even, scratch, tmp); 1229 UASM_i_ADDIU(p, tmp, tmp, sizeof(pte_t)); 1230 UASM_i_LWX(p, odd, scratch, tmp); 1231 } else { 1232 UASM_i_ADDU(p, ptr, scratch, tmp); /* add in offset */ 1233 even = tmp; 1234 odd = ptr; 1235 UASM_i_LW(p, even, 0, ptr); /* get even pte */ 1236 UASM_i_LW(p, odd, sizeof(pte_t), ptr); /* get odd pte */ 1237 } 1238 if (cpu_has_rixi) { 1239 uasm_i_drotr(p, even, even, ilog2(_PAGE_GLOBAL)); 1240 UASM_i_MTC0(p, even, C0_ENTRYLO0); /* load it */ 1241 uasm_i_drotr(p, odd, odd, ilog2(_PAGE_GLOBAL)); 1242 } else { 1243 uasm_i_dsrl_safe(p, even, even, ilog2(_PAGE_GLOBAL)); 1244 UASM_i_MTC0(p, even, C0_ENTRYLO0); /* load it */ 1245 uasm_i_dsrl_safe(p, odd, odd, ilog2(_PAGE_GLOBAL)); 1246 } 1247 UASM_i_MTC0(p, odd, C0_ENTRYLO1); /* load it */ 1248 1249 if (c0_scratch >= 0) { 1250 UASM_i_MFC0(p, scratch, 31, c0_scratch); 1251 build_tlb_write_entry(p, l, r, tlb_random); 1252 uasm_l_leave(l, *p); 1253 rv.restore_scratch = 1; 1254 } else if (PAGE_SHIFT == 14 || PAGE_SHIFT == 13) { 1255 build_tlb_write_entry(p, l, r, tlb_random); 1256 uasm_l_leave(l, *p); 1257 UASM_i_LW(p, scratch, scratchpad_offset(0), 0); 1258 } else { 1259 UASM_i_LW(p, scratch, scratchpad_offset(0), 0); 1260 build_tlb_write_entry(p, l, r, tlb_random); 1261 uasm_l_leave(l, *p); 1262 rv.restore_scratch = 1; 1263 } 1264 1265 uasm_i_eret(p); /* return from trap */ 1266 1267 return rv; 1268 } 1269 1270 /* 1271 * For a 64-bit kernel, we are using the 64-bit XTLB refill exception 1272 * because EXL == 0. If we wrap, we can also use the 32 instruction 1273 * slots before the XTLB refill exception handler which belong to the 1274 * unused TLB refill exception. 1275 */ 1276 #define MIPS64_REFILL_INSNS 32 1277 1278 static void __cpuinit build_r4000_tlb_refill_handler(void) 1279 { 1280 u32 *p = tlb_handler; 1281 struct uasm_label *l = labels; 1282 struct uasm_reloc *r = relocs; 1283 u32 *f; 1284 unsigned int final_len; 1285 struct mips_huge_tlb_info htlb_info __maybe_unused; 1286 enum vmalloc64_mode vmalloc_mode __maybe_unused; 1287 1288 memset(tlb_handler, 0, sizeof(tlb_handler)); 1289 memset(labels, 0, sizeof(labels)); 1290 memset(relocs, 0, sizeof(relocs)); 1291 memset(final_handler, 0, sizeof(final_handler)); 1292 1293 if ((scratch_reg > 0 || scratchpad_available()) && use_bbit_insns()) { 1294 htlb_info = build_fast_tlb_refill_handler(&p, &l, &r, K0, K1, 1295 scratch_reg); 1296 vmalloc_mode = refill_scratch; 1297 } else { 1298 htlb_info.huge_pte = K0; 1299 htlb_info.restore_scratch = 0; 1300 vmalloc_mode = refill_noscratch; 1301 /* 1302 * create the plain linear handler 1303 */ 1304 if (bcm1250_m3_war()) { 1305 unsigned int segbits = 44; 1306 1307 uasm_i_dmfc0(&p, K0, C0_BADVADDR); 1308 uasm_i_dmfc0(&p, K1, C0_ENTRYHI); 1309 uasm_i_xor(&p, K0, K0, K1); 1310 uasm_i_dsrl_safe(&p, K1, K0, 62); 1311 uasm_i_dsrl_safe(&p, K0, K0, 12 + 1); 1312 uasm_i_dsll_safe(&p, K0, K0, 64 + 12 + 1 - segbits); 1313 uasm_i_or(&p, K0, K0, K1); 1314 uasm_il_bnez(&p, &r, K0, label_leave); 1315 /* No need for uasm_i_nop */ 1316 } 1317 1318 #ifdef CONFIG_64BIT 1319 build_get_pmde64(&p, &l, &r, K0, K1); /* get pmd in K1 */ 1320 #else 1321 build_get_pgde32(&p, K0, K1); /* get pgd in K1 */ 1322 #endif 1323 1324 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1325 build_is_huge_pte(&p, &r, K0, K1, label_tlb_huge_update); 1326 #endif 1327 1328 build_get_ptep(&p, K0, K1); 1329 build_update_entries(&p, K0, K1); 1330 build_tlb_write_entry(&p, &l, &r, tlb_random); 1331 uasm_l_leave(&l, p); 1332 uasm_i_eret(&p); /* return from trap */ 1333 } 1334 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1335 uasm_l_tlb_huge_update(&l, p); 1336 build_huge_update_entries(&p, htlb_info.huge_pte, K1); 1337 build_huge_tlb_write_entry(&p, &l, &r, K0, tlb_random, 1338 htlb_info.restore_scratch); 1339 #endif 1340 1341 #ifdef CONFIG_64BIT 1342 build_get_pgd_vmalloc64(&p, &l, &r, K0, K1, vmalloc_mode); 1343 #endif 1344 1345 /* 1346 * Overflow check: For the 64bit handler, we need at least one 1347 * free instruction slot for the wrap-around branch. In worst 1348 * case, if the intended insertion point is a delay slot, we 1349 * need three, with the second nop'ed and the third being 1350 * unused. 1351 */ 1352 /* Loongson2 ebase is different than r4k, we have more space */ 1353 #if defined(CONFIG_32BIT) || defined(CONFIG_CPU_LOONGSON2) 1354 if ((p - tlb_handler) > 64) 1355 panic("TLB refill handler space exceeded"); 1356 #else 1357 if (((p - tlb_handler) > (MIPS64_REFILL_INSNS * 2) - 1) 1358 || (((p - tlb_handler) > (MIPS64_REFILL_INSNS * 2) - 3) 1359 && uasm_insn_has_bdelay(relocs, 1360 tlb_handler + MIPS64_REFILL_INSNS - 3))) 1361 panic("TLB refill handler space exceeded"); 1362 #endif 1363 1364 /* 1365 * Now fold the handler in the TLB refill handler space. 1366 */ 1367 #if defined(CONFIG_32BIT) || defined(CONFIG_CPU_LOONGSON2) 1368 f = final_handler; 1369 /* Simplest case, just copy the handler. */ 1370 uasm_copy_handler(relocs, labels, tlb_handler, p, f); 1371 final_len = p - tlb_handler; 1372 #else /* CONFIG_64BIT */ 1373 f = final_handler + MIPS64_REFILL_INSNS; 1374 if ((p - tlb_handler) <= MIPS64_REFILL_INSNS) { 1375 /* Just copy the handler. */ 1376 uasm_copy_handler(relocs, labels, tlb_handler, p, f); 1377 final_len = p - tlb_handler; 1378 } else { 1379 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1380 const enum label_id ls = label_tlb_huge_update; 1381 #else 1382 const enum label_id ls = label_vmalloc; 1383 #endif 1384 u32 *split; 1385 int ov = 0; 1386 int i; 1387 1388 for (i = 0; i < ARRAY_SIZE(labels) && labels[i].lab != ls; i++) 1389 ; 1390 BUG_ON(i == ARRAY_SIZE(labels)); 1391 split = labels[i].addr; 1392 1393 /* 1394 * See if we have overflown one way or the other. 1395 */ 1396 if (split > tlb_handler + MIPS64_REFILL_INSNS || 1397 split < p - MIPS64_REFILL_INSNS) 1398 ov = 1; 1399 1400 if (ov) { 1401 /* 1402 * Split two instructions before the end. One 1403 * for the branch and one for the instruction 1404 * in the delay slot. 1405 */ 1406 split = tlb_handler + MIPS64_REFILL_INSNS - 2; 1407 1408 /* 1409 * If the branch would fall in a delay slot, 1410 * we must back up an additional instruction 1411 * so that it is no longer in a delay slot. 1412 */ 1413 if (uasm_insn_has_bdelay(relocs, split - 1)) 1414 split--; 1415 } 1416 /* Copy first part of the handler. */ 1417 uasm_copy_handler(relocs, labels, tlb_handler, split, f); 1418 f += split - tlb_handler; 1419 1420 if (ov) { 1421 /* Insert branch. */ 1422 uasm_l_split(&l, final_handler); 1423 uasm_il_b(&f, &r, label_split); 1424 if (uasm_insn_has_bdelay(relocs, split)) 1425 uasm_i_nop(&f); 1426 else { 1427 uasm_copy_handler(relocs, labels, 1428 split, split + 1, f); 1429 uasm_move_labels(labels, f, f + 1, -1); 1430 f++; 1431 split++; 1432 } 1433 } 1434 1435 /* Copy the rest of the handler. */ 1436 uasm_copy_handler(relocs, labels, split, p, final_handler); 1437 final_len = (f - (final_handler + MIPS64_REFILL_INSNS)) + 1438 (p - split); 1439 } 1440 #endif /* CONFIG_64BIT */ 1441 1442 uasm_resolve_relocs(relocs, labels); 1443 pr_debug("Wrote TLB refill handler (%u instructions).\n", 1444 final_len); 1445 1446 memcpy((void *)ebase, final_handler, 0x100); 1447 1448 dump_handler("r4000_tlb_refill", (u32 *)ebase, 64); 1449 } 1450 1451 /* 1452 * 128 instructions for the fastpath handler is generous and should 1453 * never be exceeded. 1454 */ 1455 #define FASTPATH_SIZE 128 1456 1457 u32 handle_tlbl[FASTPATH_SIZE] __cacheline_aligned; 1458 u32 handle_tlbs[FASTPATH_SIZE] __cacheline_aligned; 1459 u32 handle_tlbm[FASTPATH_SIZE] __cacheline_aligned; 1460 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 1461 u32 tlbmiss_handler_setup_pgd[16] __cacheline_aligned; 1462 1463 static void __cpuinit build_r4000_setup_pgd(void) 1464 { 1465 const int a0 = 4; 1466 const int a1 = 5; 1467 u32 *p = tlbmiss_handler_setup_pgd; 1468 struct uasm_label *l = labels; 1469 struct uasm_reloc *r = relocs; 1470 1471 memset(tlbmiss_handler_setup_pgd, 0, sizeof(tlbmiss_handler_setup_pgd)); 1472 memset(labels, 0, sizeof(labels)); 1473 memset(relocs, 0, sizeof(relocs)); 1474 1475 pgd_reg = allocate_kscratch(); 1476 1477 if (pgd_reg == -1) { 1478 /* PGD << 11 in c0_Context */ 1479 /* 1480 * If it is a ckseg0 address, convert to a physical 1481 * address. Shifting right by 29 and adding 4 will 1482 * result in zero for these addresses. 1483 * 1484 */ 1485 UASM_i_SRA(&p, a1, a0, 29); 1486 UASM_i_ADDIU(&p, a1, a1, 4); 1487 uasm_il_bnez(&p, &r, a1, label_tlbl_goaround1); 1488 uasm_i_nop(&p); 1489 uasm_i_dinsm(&p, a0, 0, 29, 64 - 29); 1490 uasm_l_tlbl_goaround1(&l, p); 1491 UASM_i_SLL(&p, a0, a0, 11); 1492 uasm_i_jr(&p, 31); 1493 UASM_i_MTC0(&p, a0, C0_CONTEXT); 1494 } else { 1495 /* PGD in c0_KScratch */ 1496 uasm_i_jr(&p, 31); 1497 UASM_i_MTC0(&p, a0, 31, pgd_reg); 1498 } 1499 if (p - tlbmiss_handler_setup_pgd > ARRAY_SIZE(tlbmiss_handler_setup_pgd)) 1500 panic("tlbmiss_handler_setup_pgd space exceeded"); 1501 uasm_resolve_relocs(relocs, labels); 1502 pr_debug("Wrote tlbmiss_handler_setup_pgd (%u instructions).\n", 1503 (unsigned int)(p - tlbmiss_handler_setup_pgd)); 1504 1505 dump_handler("tlbmiss_handler", 1506 tlbmiss_handler_setup_pgd, 1507 ARRAY_SIZE(tlbmiss_handler_setup_pgd)); 1508 } 1509 #endif 1510 1511 static void __cpuinit 1512 iPTE_LW(u32 **p, unsigned int pte, unsigned int ptr) 1513 { 1514 #ifdef CONFIG_SMP 1515 # ifdef CONFIG_64BIT_PHYS_ADDR 1516 if (cpu_has_64bits) 1517 uasm_i_lld(p, pte, 0, ptr); 1518 else 1519 # endif 1520 UASM_i_LL(p, pte, 0, ptr); 1521 #else 1522 # ifdef CONFIG_64BIT_PHYS_ADDR 1523 if (cpu_has_64bits) 1524 uasm_i_ld(p, pte, 0, ptr); 1525 else 1526 # endif 1527 UASM_i_LW(p, pte, 0, ptr); 1528 #endif 1529 } 1530 1531 static void __cpuinit 1532 iPTE_SW(u32 **p, struct uasm_reloc **r, unsigned int pte, unsigned int ptr, 1533 unsigned int mode) 1534 { 1535 #ifdef CONFIG_64BIT_PHYS_ADDR 1536 unsigned int hwmode = mode & (_PAGE_VALID | _PAGE_DIRTY); 1537 #endif 1538 1539 uasm_i_ori(p, pte, pte, mode); 1540 #ifdef CONFIG_SMP 1541 # ifdef CONFIG_64BIT_PHYS_ADDR 1542 if (cpu_has_64bits) 1543 uasm_i_scd(p, pte, 0, ptr); 1544 else 1545 # endif 1546 UASM_i_SC(p, pte, 0, ptr); 1547 1548 if (r10000_llsc_war()) 1549 uasm_il_beqzl(p, r, pte, label_smp_pgtable_change); 1550 else 1551 uasm_il_beqz(p, r, pte, label_smp_pgtable_change); 1552 1553 # ifdef CONFIG_64BIT_PHYS_ADDR 1554 if (!cpu_has_64bits) { 1555 /* no uasm_i_nop needed */ 1556 uasm_i_ll(p, pte, sizeof(pte_t) / 2, ptr); 1557 uasm_i_ori(p, pte, pte, hwmode); 1558 uasm_i_sc(p, pte, sizeof(pte_t) / 2, ptr); 1559 uasm_il_beqz(p, r, pte, label_smp_pgtable_change); 1560 /* no uasm_i_nop needed */ 1561 uasm_i_lw(p, pte, 0, ptr); 1562 } else 1563 uasm_i_nop(p); 1564 # else 1565 uasm_i_nop(p); 1566 # endif 1567 #else 1568 # ifdef CONFIG_64BIT_PHYS_ADDR 1569 if (cpu_has_64bits) 1570 uasm_i_sd(p, pte, 0, ptr); 1571 else 1572 # endif 1573 UASM_i_SW(p, pte, 0, ptr); 1574 1575 # ifdef CONFIG_64BIT_PHYS_ADDR 1576 if (!cpu_has_64bits) { 1577 uasm_i_lw(p, pte, sizeof(pte_t) / 2, ptr); 1578 uasm_i_ori(p, pte, pte, hwmode); 1579 uasm_i_sw(p, pte, sizeof(pte_t) / 2, ptr); 1580 uasm_i_lw(p, pte, 0, ptr); 1581 } 1582 # endif 1583 #endif 1584 } 1585 1586 /* 1587 * Check if PTE is present, if not then jump to LABEL. PTR points to 1588 * the page table where this PTE is located, PTE will be re-loaded 1589 * with it's original value. 1590 */ 1591 static void __cpuinit 1592 build_pte_present(u32 **p, struct uasm_reloc **r, 1593 int pte, int ptr, int scratch, enum label_id lid) 1594 { 1595 int t = scratch >= 0 ? scratch : pte; 1596 1597 if (cpu_has_rixi) { 1598 if (use_bbit_insns()) { 1599 uasm_il_bbit0(p, r, pte, ilog2(_PAGE_PRESENT), lid); 1600 uasm_i_nop(p); 1601 } else { 1602 uasm_i_andi(p, t, pte, _PAGE_PRESENT); 1603 uasm_il_beqz(p, r, t, lid); 1604 if (pte == t) 1605 /* You lose the SMP race :-(*/ 1606 iPTE_LW(p, pte, ptr); 1607 } 1608 } else { 1609 uasm_i_andi(p, t, pte, _PAGE_PRESENT | _PAGE_READ); 1610 uasm_i_xori(p, t, t, _PAGE_PRESENT | _PAGE_READ); 1611 uasm_il_bnez(p, r, t, lid); 1612 if (pte == t) 1613 /* You lose the SMP race :-(*/ 1614 iPTE_LW(p, pte, ptr); 1615 } 1616 } 1617 1618 /* Make PTE valid, store result in PTR. */ 1619 static void __cpuinit 1620 build_make_valid(u32 **p, struct uasm_reloc **r, unsigned int pte, 1621 unsigned int ptr) 1622 { 1623 unsigned int mode = _PAGE_VALID | _PAGE_ACCESSED; 1624 1625 iPTE_SW(p, r, pte, ptr, mode); 1626 } 1627 1628 /* 1629 * Check if PTE can be written to, if not branch to LABEL. Regardless 1630 * restore PTE with value from PTR when done. 1631 */ 1632 static void __cpuinit 1633 build_pte_writable(u32 **p, struct uasm_reloc **r, 1634 unsigned int pte, unsigned int ptr, int scratch, 1635 enum label_id lid) 1636 { 1637 int t = scratch >= 0 ? scratch : pte; 1638 1639 uasm_i_andi(p, t, pte, _PAGE_PRESENT | _PAGE_WRITE); 1640 uasm_i_xori(p, t, t, _PAGE_PRESENT | _PAGE_WRITE); 1641 uasm_il_bnez(p, r, t, lid); 1642 if (pte == t) 1643 /* You lose the SMP race :-(*/ 1644 iPTE_LW(p, pte, ptr); 1645 else 1646 uasm_i_nop(p); 1647 } 1648 1649 /* Make PTE writable, update software status bits as well, then store 1650 * at PTR. 1651 */ 1652 static void __cpuinit 1653 build_make_write(u32 **p, struct uasm_reloc **r, unsigned int pte, 1654 unsigned int ptr) 1655 { 1656 unsigned int mode = (_PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID 1657 | _PAGE_DIRTY); 1658 1659 iPTE_SW(p, r, pte, ptr, mode); 1660 } 1661 1662 /* 1663 * Check if PTE can be modified, if not branch to LABEL. Regardless 1664 * restore PTE with value from PTR when done. 1665 */ 1666 static void __cpuinit 1667 build_pte_modifiable(u32 **p, struct uasm_reloc **r, 1668 unsigned int pte, unsigned int ptr, int scratch, 1669 enum label_id lid) 1670 { 1671 if (use_bbit_insns()) { 1672 uasm_il_bbit0(p, r, pte, ilog2(_PAGE_WRITE), lid); 1673 uasm_i_nop(p); 1674 } else { 1675 int t = scratch >= 0 ? scratch : pte; 1676 uasm_i_andi(p, t, pte, _PAGE_WRITE); 1677 uasm_il_beqz(p, r, t, lid); 1678 if (pte == t) 1679 /* You lose the SMP race :-(*/ 1680 iPTE_LW(p, pte, ptr); 1681 } 1682 } 1683 1684 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT 1685 1686 1687 /* 1688 * R3000 style TLB load/store/modify handlers. 1689 */ 1690 1691 /* 1692 * This places the pte into ENTRYLO0 and writes it with tlbwi. 1693 * Then it returns. 1694 */ 1695 static void __cpuinit 1696 build_r3000_pte_reload_tlbwi(u32 **p, unsigned int pte, unsigned int tmp) 1697 { 1698 uasm_i_mtc0(p, pte, C0_ENTRYLO0); /* cp0 delay */ 1699 uasm_i_mfc0(p, tmp, C0_EPC); /* cp0 delay */ 1700 uasm_i_tlbwi(p); 1701 uasm_i_jr(p, tmp); 1702 uasm_i_rfe(p); /* branch delay */ 1703 } 1704 1705 /* 1706 * This places the pte into ENTRYLO0 and writes it with tlbwi 1707 * or tlbwr as appropriate. This is because the index register 1708 * may have the probe fail bit set as a result of a trap on a 1709 * kseg2 access, i.e. without refill. Then it returns. 1710 */ 1711 static void __cpuinit 1712 build_r3000_tlb_reload_write(u32 **p, struct uasm_label **l, 1713 struct uasm_reloc **r, unsigned int pte, 1714 unsigned int tmp) 1715 { 1716 uasm_i_mfc0(p, tmp, C0_INDEX); 1717 uasm_i_mtc0(p, pte, C0_ENTRYLO0); /* cp0 delay */ 1718 uasm_il_bltz(p, r, tmp, label_r3000_write_probe_fail); /* cp0 delay */ 1719 uasm_i_mfc0(p, tmp, C0_EPC); /* branch delay */ 1720 uasm_i_tlbwi(p); /* cp0 delay */ 1721 uasm_i_jr(p, tmp); 1722 uasm_i_rfe(p); /* branch delay */ 1723 uasm_l_r3000_write_probe_fail(l, *p); 1724 uasm_i_tlbwr(p); /* cp0 delay */ 1725 uasm_i_jr(p, tmp); 1726 uasm_i_rfe(p); /* branch delay */ 1727 } 1728 1729 static void __cpuinit 1730 build_r3000_tlbchange_handler_head(u32 **p, unsigned int pte, 1731 unsigned int ptr) 1732 { 1733 long pgdc = (long)pgd_current; 1734 1735 uasm_i_mfc0(p, pte, C0_BADVADDR); 1736 uasm_i_lui(p, ptr, uasm_rel_hi(pgdc)); /* cp0 delay */ 1737 uasm_i_lw(p, ptr, uasm_rel_lo(pgdc), ptr); 1738 uasm_i_srl(p, pte, pte, 22); /* load delay */ 1739 uasm_i_sll(p, pte, pte, 2); 1740 uasm_i_addu(p, ptr, ptr, pte); 1741 uasm_i_mfc0(p, pte, C0_CONTEXT); 1742 uasm_i_lw(p, ptr, 0, ptr); /* cp0 delay */ 1743 uasm_i_andi(p, pte, pte, 0xffc); /* load delay */ 1744 uasm_i_addu(p, ptr, ptr, pte); 1745 uasm_i_lw(p, pte, 0, ptr); 1746 uasm_i_tlbp(p); /* load delay */ 1747 } 1748 1749 static void __cpuinit build_r3000_tlb_load_handler(void) 1750 { 1751 u32 *p = handle_tlbl; 1752 struct uasm_label *l = labels; 1753 struct uasm_reloc *r = relocs; 1754 1755 memset(handle_tlbl, 0, sizeof(handle_tlbl)); 1756 memset(labels, 0, sizeof(labels)); 1757 memset(relocs, 0, sizeof(relocs)); 1758 1759 build_r3000_tlbchange_handler_head(&p, K0, K1); 1760 build_pte_present(&p, &r, K0, K1, -1, label_nopage_tlbl); 1761 uasm_i_nop(&p); /* load delay */ 1762 build_make_valid(&p, &r, K0, K1); 1763 build_r3000_tlb_reload_write(&p, &l, &r, K0, K1); 1764 1765 uasm_l_nopage_tlbl(&l, p); 1766 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_0 & 0x0fffffff); 1767 uasm_i_nop(&p); 1768 1769 if ((p - handle_tlbl) > FASTPATH_SIZE) 1770 panic("TLB load handler fastpath space exceeded"); 1771 1772 uasm_resolve_relocs(relocs, labels); 1773 pr_debug("Wrote TLB load handler fastpath (%u instructions).\n", 1774 (unsigned int)(p - handle_tlbl)); 1775 1776 dump_handler("r3000_tlb_load", handle_tlbl, ARRAY_SIZE(handle_tlbl)); 1777 } 1778 1779 static void __cpuinit build_r3000_tlb_store_handler(void) 1780 { 1781 u32 *p = handle_tlbs; 1782 struct uasm_label *l = labels; 1783 struct uasm_reloc *r = relocs; 1784 1785 memset(handle_tlbs, 0, sizeof(handle_tlbs)); 1786 memset(labels, 0, sizeof(labels)); 1787 memset(relocs, 0, sizeof(relocs)); 1788 1789 build_r3000_tlbchange_handler_head(&p, K0, K1); 1790 build_pte_writable(&p, &r, K0, K1, -1, label_nopage_tlbs); 1791 uasm_i_nop(&p); /* load delay */ 1792 build_make_write(&p, &r, K0, K1); 1793 build_r3000_tlb_reload_write(&p, &l, &r, K0, K1); 1794 1795 uasm_l_nopage_tlbs(&l, p); 1796 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff); 1797 uasm_i_nop(&p); 1798 1799 if ((p - handle_tlbs) > FASTPATH_SIZE) 1800 panic("TLB store handler fastpath space exceeded"); 1801 1802 uasm_resolve_relocs(relocs, labels); 1803 pr_debug("Wrote TLB store handler fastpath (%u instructions).\n", 1804 (unsigned int)(p - handle_tlbs)); 1805 1806 dump_handler("r3000_tlb_store", handle_tlbs, ARRAY_SIZE(handle_tlbs)); 1807 } 1808 1809 static void __cpuinit build_r3000_tlb_modify_handler(void) 1810 { 1811 u32 *p = handle_tlbm; 1812 struct uasm_label *l = labels; 1813 struct uasm_reloc *r = relocs; 1814 1815 memset(handle_tlbm, 0, sizeof(handle_tlbm)); 1816 memset(labels, 0, sizeof(labels)); 1817 memset(relocs, 0, sizeof(relocs)); 1818 1819 build_r3000_tlbchange_handler_head(&p, K0, K1); 1820 build_pte_modifiable(&p, &r, K0, K1, -1, label_nopage_tlbm); 1821 uasm_i_nop(&p); /* load delay */ 1822 build_make_write(&p, &r, K0, K1); 1823 build_r3000_pte_reload_tlbwi(&p, K0, K1); 1824 1825 uasm_l_nopage_tlbm(&l, p); 1826 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff); 1827 uasm_i_nop(&p); 1828 1829 if ((p - handle_tlbm) > FASTPATH_SIZE) 1830 panic("TLB modify handler fastpath space exceeded"); 1831 1832 uasm_resolve_relocs(relocs, labels); 1833 pr_debug("Wrote TLB modify handler fastpath (%u instructions).\n", 1834 (unsigned int)(p - handle_tlbm)); 1835 1836 dump_handler("r3000_tlb_modify", handle_tlbm, ARRAY_SIZE(handle_tlbm)); 1837 } 1838 #endif /* CONFIG_MIPS_PGD_C0_CONTEXT */ 1839 1840 /* 1841 * R4000 style TLB load/store/modify handlers. 1842 */ 1843 static struct work_registers __cpuinit 1844 build_r4000_tlbchange_handler_head(u32 **p, struct uasm_label **l, 1845 struct uasm_reloc **r) 1846 { 1847 struct work_registers wr = build_get_work_registers(p); 1848 1849 #ifdef CONFIG_64BIT 1850 build_get_pmde64(p, l, r, wr.r1, wr.r2); /* get pmd in ptr */ 1851 #else 1852 build_get_pgde32(p, wr.r1, wr.r2); /* get pgd in ptr */ 1853 #endif 1854 1855 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1856 /* 1857 * For huge tlb entries, pmd doesn't contain an address but 1858 * instead contains the tlb pte. Check the PAGE_HUGE bit and 1859 * see if we need to jump to huge tlb processing. 1860 */ 1861 build_is_huge_pte(p, r, wr.r1, wr.r2, label_tlb_huge_update); 1862 #endif 1863 1864 UASM_i_MFC0(p, wr.r1, C0_BADVADDR); 1865 UASM_i_LW(p, wr.r2, 0, wr.r2); 1866 UASM_i_SRL(p, wr.r1, wr.r1, PAGE_SHIFT + PTE_ORDER - PTE_T_LOG2); 1867 uasm_i_andi(p, wr.r1, wr.r1, (PTRS_PER_PTE - 1) << PTE_T_LOG2); 1868 UASM_i_ADDU(p, wr.r2, wr.r2, wr.r1); 1869 1870 #ifdef CONFIG_SMP 1871 uasm_l_smp_pgtable_change(l, *p); 1872 #endif 1873 iPTE_LW(p, wr.r1, wr.r2); /* get even pte */ 1874 if (!m4kc_tlbp_war()) 1875 build_tlb_probe_entry(p); 1876 return wr; 1877 } 1878 1879 static void __cpuinit 1880 build_r4000_tlbchange_handler_tail(u32 **p, struct uasm_label **l, 1881 struct uasm_reloc **r, unsigned int tmp, 1882 unsigned int ptr) 1883 { 1884 uasm_i_ori(p, ptr, ptr, sizeof(pte_t)); 1885 uasm_i_xori(p, ptr, ptr, sizeof(pte_t)); 1886 build_update_entries(p, tmp, ptr); 1887 build_tlb_write_entry(p, l, r, tlb_indexed); 1888 uasm_l_leave(l, *p); 1889 build_restore_work_registers(p); 1890 uasm_i_eret(p); /* return from trap */ 1891 1892 #ifdef CONFIG_64BIT 1893 build_get_pgd_vmalloc64(p, l, r, tmp, ptr, not_refill); 1894 #endif 1895 } 1896 1897 static void __cpuinit build_r4000_tlb_load_handler(void) 1898 { 1899 u32 *p = handle_tlbl; 1900 struct uasm_label *l = labels; 1901 struct uasm_reloc *r = relocs; 1902 struct work_registers wr; 1903 1904 memset(handle_tlbl, 0, sizeof(handle_tlbl)); 1905 memset(labels, 0, sizeof(labels)); 1906 memset(relocs, 0, sizeof(relocs)); 1907 1908 if (bcm1250_m3_war()) { 1909 unsigned int segbits = 44; 1910 1911 uasm_i_dmfc0(&p, K0, C0_BADVADDR); 1912 uasm_i_dmfc0(&p, K1, C0_ENTRYHI); 1913 uasm_i_xor(&p, K0, K0, K1); 1914 uasm_i_dsrl_safe(&p, K1, K0, 62); 1915 uasm_i_dsrl_safe(&p, K0, K0, 12 + 1); 1916 uasm_i_dsll_safe(&p, K0, K0, 64 + 12 + 1 - segbits); 1917 uasm_i_or(&p, K0, K0, K1); 1918 uasm_il_bnez(&p, &r, K0, label_leave); 1919 /* No need for uasm_i_nop */ 1920 } 1921 1922 wr = build_r4000_tlbchange_handler_head(&p, &l, &r); 1923 build_pte_present(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbl); 1924 if (m4kc_tlbp_war()) 1925 build_tlb_probe_entry(&p); 1926 1927 if (cpu_has_rixi) { 1928 /* 1929 * If the page is not _PAGE_VALID, RI or XI could not 1930 * have triggered it. Skip the expensive test.. 1931 */ 1932 if (use_bbit_insns()) { 1933 uasm_il_bbit0(&p, &r, wr.r1, ilog2(_PAGE_VALID), 1934 label_tlbl_goaround1); 1935 } else { 1936 uasm_i_andi(&p, wr.r3, wr.r1, _PAGE_VALID); 1937 uasm_il_beqz(&p, &r, wr.r3, label_tlbl_goaround1); 1938 } 1939 uasm_i_nop(&p); 1940 1941 uasm_i_tlbr(&p); 1942 /* Examine entrylo 0 or 1 based on ptr. */ 1943 if (use_bbit_insns()) { 1944 uasm_i_bbit0(&p, wr.r2, ilog2(sizeof(pte_t)), 8); 1945 } else { 1946 uasm_i_andi(&p, wr.r3, wr.r2, sizeof(pte_t)); 1947 uasm_i_beqz(&p, wr.r3, 8); 1948 } 1949 /* load it in the delay slot*/ 1950 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO0); 1951 /* load it if ptr is odd */ 1952 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO1); 1953 /* 1954 * If the entryLo (now in wr.r3) is valid (bit 1), RI or 1955 * XI must have triggered it. 1956 */ 1957 if (use_bbit_insns()) { 1958 uasm_il_bbit1(&p, &r, wr.r3, 1, label_nopage_tlbl); 1959 uasm_i_nop(&p); 1960 uasm_l_tlbl_goaround1(&l, p); 1961 } else { 1962 uasm_i_andi(&p, wr.r3, wr.r3, 2); 1963 uasm_il_bnez(&p, &r, wr.r3, label_nopage_tlbl); 1964 uasm_i_nop(&p); 1965 } 1966 uasm_l_tlbl_goaround1(&l, p); 1967 } 1968 build_make_valid(&p, &r, wr.r1, wr.r2); 1969 build_r4000_tlbchange_handler_tail(&p, &l, &r, wr.r1, wr.r2); 1970 1971 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1972 /* 1973 * This is the entry point when build_r4000_tlbchange_handler_head 1974 * spots a huge page. 1975 */ 1976 uasm_l_tlb_huge_update(&l, p); 1977 iPTE_LW(&p, wr.r1, wr.r2); 1978 build_pte_present(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbl); 1979 build_tlb_probe_entry(&p); 1980 1981 if (cpu_has_rixi) { 1982 /* 1983 * If the page is not _PAGE_VALID, RI or XI could not 1984 * have triggered it. Skip the expensive test.. 1985 */ 1986 if (use_bbit_insns()) { 1987 uasm_il_bbit0(&p, &r, wr.r1, ilog2(_PAGE_VALID), 1988 label_tlbl_goaround2); 1989 } else { 1990 uasm_i_andi(&p, wr.r3, wr.r1, _PAGE_VALID); 1991 uasm_il_beqz(&p, &r, wr.r3, label_tlbl_goaround2); 1992 } 1993 uasm_i_nop(&p); 1994 1995 uasm_i_tlbr(&p); 1996 /* Examine entrylo 0 or 1 based on ptr. */ 1997 if (use_bbit_insns()) { 1998 uasm_i_bbit0(&p, wr.r2, ilog2(sizeof(pte_t)), 8); 1999 } else { 2000 uasm_i_andi(&p, wr.r3, wr.r2, sizeof(pte_t)); 2001 uasm_i_beqz(&p, wr.r3, 8); 2002 } 2003 /* load it in the delay slot*/ 2004 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO0); 2005 /* load it if ptr is odd */ 2006 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO1); 2007 /* 2008 * If the entryLo (now in wr.r3) is valid (bit 1), RI or 2009 * XI must have triggered it. 2010 */ 2011 if (use_bbit_insns()) { 2012 uasm_il_bbit0(&p, &r, wr.r3, 1, label_tlbl_goaround2); 2013 } else { 2014 uasm_i_andi(&p, wr.r3, wr.r3, 2); 2015 uasm_il_beqz(&p, &r, wr.r3, label_tlbl_goaround2); 2016 } 2017 if (PM_DEFAULT_MASK == 0) 2018 uasm_i_nop(&p); 2019 /* 2020 * We clobbered C0_PAGEMASK, restore it. On the other branch 2021 * it is restored in build_huge_tlb_write_entry. 2022 */ 2023 build_restore_pagemask(&p, &r, wr.r3, label_nopage_tlbl, 0); 2024 2025 uasm_l_tlbl_goaround2(&l, p); 2026 } 2027 uasm_i_ori(&p, wr.r1, wr.r1, (_PAGE_ACCESSED | _PAGE_VALID)); 2028 build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2); 2029 #endif 2030 2031 uasm_l_nopage_tlbl(&l, p); 2032 build_restore_work_registers(&p); 2033 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_0 & 0x0fffffff); 2034 uasm_i_nop(&p); 2035 2036 if ((p - handle_tlbl) > FASTPATH_SIZE) 2037 panic("TLB load handler fastpath space exceeded"); 2038 2039 uasm_resolve_relocs(relocs, labels); 2040 pr_debug("Wrote TLB load handler fastpath (%u instructions).\n", 2041 (unsigned int)(p - handle_tlbl)); 2042 2043 dump_handler("r4000_tlb_load", handle_tlbl, ARRAY_SIZE(handle_tlbl)); 2044 } 2045 2046 static void __cpuinit build_r4000_tlb_store_handler(void) 2047 { 2048 u32 *p = handle_tlbs; 2049 struct uasm_label *l = labels; 2050 struct uasm_reloc *r = relocs; 2051 struct work_registers wr; 2052 2053 memset(handle_tlbs, 0, sizeof(handle_tlbs)); 2054 memset(labels, 0, sizeof(labels)); 2055 memset(relocs, 0, sizeof(relocs)); 2056 2057 wr = build_r4000_tlbchange_handler_head(&p, &l, &r); 2058 build_pte_writable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbs); 2059 if (m4kc_tlbp_war()) 2060 build_tlb_probe_entry(&p); 2061 build_make_write(&p, &r, wr.r1, wr.r2); 2062 build_r4000_tlbchange_handler_tail(&p, &l, &r, wr.r1, wr.r2); 2063 2064 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 2065 /* 2066 * This is the entry point when 2067 * build_r4000_tlbchange_handler_head spots a huge page. 2068 */ 2069 uasm_l_tlb_huge_update(&l, p); 2070 iPTE_LW(&p, wr.r1, wr.r2); 2071 build_pte_writable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbs); 2072 build_tlb_probe_entry(&p); 2073 uasm_i_ori(&p, wr.r1, wr.r1, 2074 _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY); 2075 build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2); 2076 #endif 2077 2078 uasm_l_nopage_tlbs(&l, p); 2079 build_restore_work_registers(&p); 2080 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff); 2081 uasm_i_nop(&p); 2082 2083 if ((p - handle_tlbs) > FASTPATH_SIZE) 2084 panic("TLB store handler fastpath space exceeded"); 2085 2086 uasm_resolve_relocs(relocs, labels); 2087 pr_debug("Wrote TLB store handler fastpath (%u instructions).\n", 2088 (unsigned int)(p - handle_tlbs)); 2089 2090 dump_handler("r4000_tlb_store", handle_tlbs, ARRAY_SIZE(handle_tlbs)); 2091 } 2092 2093 static void __cpuinit build_r4000_tlb_modify_handler(void) 2094 { 2095 u32 *p = handle_tlbm; 2096 struct uasm_label *l = labels; 2097 struct uasm_reloc *r = relocs; 2098 struct work_registers wr; 2099 2100 memset(handle_tlbm, 0, sizeof(handle_tlbm)); 2101 memset(labels, 0, sizeof(labels)); 2102 memset(relocs, 0, sizeof(relocs)); 2103 2104 wr = build_r4000_tlbchange_handler_head(&p, &l, &r); 2105 build_pte_modifiable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbm); 2106 if (m4kc_tlbp_war()) 2107 build_tlb_probe_entry(&p); 2108 /* Present and writable bits set, set accessed and dirty bits. */ 2109 build_make_write(&p, &r, wr.r1, wr.r2); 2110 build_r4000_tlbchange_handler_tail(&p, &l, &r, wr.r1, wr.r2); 2111 2112 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 2113 /* 2114 * This is the entry point when 2115 * build_r4000_tlbchange_handler_head spots a huge page. 2116 */ 2117 uasm_l_tlb_huge_update(&l, p); 2118 iPTE_LW(&p, wr.r1, wr.r2); 2119 build_pte_modifiable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbm); 2120 build_tlb_probe_entry(&p); 2121 uasm_i_ori(&p, wr.r1, wr.r1, 2122 _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY); 2123 build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2); 2124 #endif 2125 2126 uasm_l_nopage_tlbm(&l, p); 2127 build_restore_work_registers(&p); 2128 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff); 2129 uasm_i_nop(&p); 2130 2131 if ((p - handle_tlbm) > FASTPATH_SIZE) 2132 panic("TLB modify handler fastpath space exceeded"); 2133 2134 uasm_resolve_relocs(relocs, labels); 2135 pr_debug("Wrote TLB modify handler fastpath (%u instructions).\n", 2136 (unsigned int)(p - handle_tlbm)); 2137 2138 dump_handler("r4000_tlb_modify", handle_tlbm, ARRAY_SIZE(handle_tlbm)); 2139 } 2140 2141 void __cpuinit build_tlb_refill_handler(void) 2142 { 2143 /* 2144 * The refill handler is generated per-CPU, multi-node systems 2145 * may have local storage for it. The other handlers are only 2146 * needed once. 2147 */ 2148 static int run_once = 0; 2149 2150 output_pgtable_bits_defines(); 2151 2152 #ifdef CONFIG_64BIT 2153 check_for_high_segbits = current_cpu_data.vmbits > (PGDIR_SHIFT + PGD_ORDER + PAGE_SHIFT - 3); 2154 #endif 2155 2156 switch (current_cpu_type()) { 2157 case CPU_R2000: 2158 case CPU_R3000: 2159 case CPU_R3000A: 2160 case CPU_R3081E: 2161 case CPU_TX3912: 2162 case CPU_TX3922: 2163 case CPU_TX3927: 2164 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT 2165 build_r3000_tlb_refill_handler(); 2166 if (!run_once) { 2167 build_r3000_tlb_load_handler(); 2168 build_r3000_tlb_store_handler(); 2169 build_r3000_tlb_modify_handler(); 2170 run_once++; 2171 } 2172 #else 2173 panic("No R3000 TLB refill handler"); 2174 #endif 2175 break; 2176 2177 case CPU_R6000: 2178 case CPU_R6000A: 2179 panic("No R6000 TLB refill handler yet"); 2180 break; 2181 2182 case CPU_R8000: 2183 panic("No R8000 TLB refill handler yet"); 2184 break; 2185 2186 default: 2187 if (!run_once) { 2188 scratch_reg = allocate_kscratch(); 2189 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 2190 build_r4000_setup_pgd(); 2191 #endif 2192 build_r4000_tlb_load_handler(); 2193 build_r4000_tlb_store_handler(); 2194 build_r4000_tlb_modify_handler(); 2195 run_once++; 2196 } 2197 build_r4000_tlb_refill_handler(); 2198 } 2199 } 2200 2201 void __cpuinit flush_tlb_handlers(void) 2202 { 2203 local_flush_icache_range((unsigned long)handle_tlbl, 2204 (unsigned long)handle_tlbl + sizeof(handle_tlbl)); 2205 local_flush_icache_range((unsigned long)handle_tlbs, 2206 (unsigned long)handle_tlbs + sizeof(handle_tlbs)); 2207 local_flush_icache_range((unsigned long)handle_tlbm, 2208 (unsigned long)handle_tlbm + sizeof(handle_tlbm)); 2209 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 2210 local_flush_icache_range((unsigned long)tlbmiss_handler_setup_pgd, 2211 (unsigned long)tlbmiss_handler_setup_pgd + sizeof(handle_tlbm)); 2212 #endif 2213 } 2214