1/* 2 * Low level TLB miss handlers for Book3E 3 * 4 * Copyright (C) 2008-2009 5 * Ben. Herrenschmidt (benh@kernel.crashing.org), IBM Corp. 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License 9 * as published by the Free Software Foundation; either version 10 * 2 of the License, or (at your option) any later version. 11 */ 12 13#include <asm/processor.h> 14#include <asm/reg.h> 15#include <asm/page.h> 16#include <asm/mmu.h> 17#include <asm/ppc_asm.h> 18#include <asm/asm-offsets.h> 19#include <asm/cputable.h> 20#include <asm/pgtable.h> 21#include <asm/exception-64e.h> 22#include <asm/ppc-opcode.h> 23#include <asm/kvm_asm.h> 24#include <asm/kvm_booke_hv_asm.h> 25 26#ifdef CONFIG_PPC_64K_PAGES 27#define VPTE_PMD_SHIFT (PTE_INDEX_SIZE+1) 28#else 29#define VPTE_PMD_SHIFT (PTE_INDEX_SIZE) 30#endif 31#define VPTE_PUD_SHIFT (VPTE_PMD_SHIFT + PMD_INDEX_SIZE) 32#define VPTE_PGD_SHIFT (VPTE_PUD_SHIFT + PUD_INDEX_SIZE) 33#define VPTE_INDEX_SIZE (VPTE_PGD_SHIFT + PGD_INDEX_SIZE) 34 35/********************************************************************** 36 * * 37 * TLB miss handling for Book3E with a bolted linear mapping * 38 * No virtual page table, no nested TLB misses * 39 * * 40 **********************************************************************/ 41 42/* 43 * Note that, unlike non-bolted handlers, TLB_EXFRAME is not 44 * modified by the TLB miss handlers themselves, since the TLB miss 45 * handler code will not itself cause a recursive TLB miss. 46 * 47 * TLB_EXFRAME will be modified when crit/mc/debug exceptions are 48 * entered/exited. 49 */ 50.macro tlb_prolog_bolted intnum addr 51 mtspr SPRN_SPRG_GEN_SCRATCH,r12 52 mfspr r12,SPRN_SPRG_TLB_EXFRAME 53 std r13,EX_TLB_R13(r12) 54 std r10,EX_TLB_R10(r12) 55 mfspr r13,SPRN_SPRG_PACA 56 57 mfcr r10 58 std r11,EX_TLB_R11(r12) 59#ifdef CONFIG_KVM_BOOKE_HV 60BEGIN_FTR_SECTION 61 mfspr r11, SPRN_SRR1 62END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV) 63#endif 64 DO_KVM \intnum, SPRN_SRR1 65 std r16,EX_TLB_R16(r12) 66 mfspr r16,\addr /* get faulting address */ 67 std r14,EX_TLB_R14(r12) 68 ld r14,PACAPGD(r13) 69 std r15,EX_TLB_R15(r12) 70 std r10,EX_TLB_CR(r12) 71 TLB_MISS_PROLOG_STATS 72.endm 73 74.macro tlb_epilog_bolted 75 ld r14,EX_TLB_CR(r12) 76 ld r10,EX_TLB_R10(r12) 77 ld r11,EX_TLB_R11(r12) 78 ld r13,EX_TLB_R13(r12) 79 mtcr r14 80 ld r14,EX_TLB_R14(r12) 81 ld r15,EX_TLB_R15(r12) 82 TLB_MISS_RESTORE_STATS 83 ld r16,EX_TLB_R16(r12) 84 mfspr r12,SPRN_SPRG_GEN_SCRATCH 85.endm 86 87/* Data TLB miss */ 88 START_EXCEPTION(data_tlb_miss_bolted) 89 tlb_prolog_bolted BOOKE_INTERRUPT_DTLB_MISS SPRN_DEAR 90 91 /* We need _PAGE_PRESENT and _PAGE_ACCESSED set */ 92 93 /* We do the user/kernel test for the PID here along with the RW test 94 */ 95 /* We pre-test some combination of permissions to avoid double 96 * faults: 97 * 98 * We move the ESR:ST bit into the position of _PAGE_BAP_SW in the PTE 99 * ESR_ST is 0x00800000 100 * _PAGE_BAP_SW is 0x00000010 101 * So the shift is >> 19. This tests for supervisor writeability. 102 * If the page happens to be supervisor writeable and not user 103 * writeable, we will take a new fault later, but that should be 104 * a rare enough case. 105 * 106 * We also move ESR_ST in _PAGE_DIRTY position 107 * _PAGE_DIRTY is 0x00001000 so the shift is >> 11 108 * 109 * MAS1 is preset for all we need except for TID that needs to 110 * be cleared for kernel translations 111 */ 112 113 mfspr r11,SPRN_ESR 114 115 srdi r15,r16,60 /* get region */ 116 rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4 117 bne- dtlb_miss_fault_bolted /* Bail if fault addr is invalid */ 118 119 rlwinm r10,r11,32-19,27,27 120 rlwimi r10,r11,32-16,19,19 121 cmpwi r15,0 /* user vs kernel check */ 122 ori r10,r10,_PAGE_PRESENT 123 oris r11,r10,_PAGE_ACCESSED@h 124 125 TLB_MISS_STATS_SAVE_INFO_BOLTED 126 bne tlb_miss_kernel_bolted 127 128tlb_miss_common_bolted: 129/* 130 * This is the guts of the TLB miss handler for bolted-linear. 131 * We are entered with: 132 * 133 * r16 = faulting address 134 * r15 = crap (free to use) 135 * r14 = page table base 136 * r13 = PACA 137 * r11 = PTE permission mask 138 * r10 = crap (free to use) 139 */ 140 rldicl r15,r16,64-PGDIR_SHIFT+3,64-PGD_INDEX_SIZE-3 141 cmpldi cr0,r14,0 142 clrrdi r15,r15,3 143 beq tlb_miss_fault_bolted /* No PGDIR, bail */ 144 145BEGIN_MMU_FTR_SECTION 146 /* Set the TLB reservation and search for existing entry. Then load 147 * the entry. 148 */ 149 PPC_TLBSRX_DOT(0,R16) 150 ldx r14,r14,r15 /* grab pgd entry */ 151 beq tlb_miss_done_bolted /* tlb exists already, bail */ 152MMU_FTR_SECTION_ELSE 153 ldx r14,r14,r15 /* grab pgd entry */ 154ALT_MMU_FTR_SECTION_END_IFSET(MMU_FTR_USE_TLBRSRV) 155 156#ifndef CONFIG_PPC_64K_PAGES 157 rldicl r15,r16,64-PUD_SHIFT+3,64-PUD_INDEX_SIZE-3 158 clrrdi r15,r15,3 159 cmpdi cr0,r14,0 160 bge tlb_miss_fault_bolted /* Bad pgd entry or hugepage; bail */ 161 ldx r14,r14,r15 /* grab pud entry */ 162#endif /* CONFIG_PPC_64K_PAGES */ 163 164 rldicl r15,r16,64-PMD_SHIFT+3,64-PMD_INDEX_SIZE-3 165 clrrdi r15,r15,3 166 cmpdi cr0,r14,0 167 bge tlb_miss_fault_bolted 168 ldx r14,r14,r15 /* Grab pmd entry */ 169 170 rldicl r15,r16,64-PAGE_SHIFT+3,64-PTE_INDEX_SIZE-3 171 clrrdi r15,r15,3 172 cmpdi cr0,r14,0 173 bge tlb_miss_fault_bolted 174 ldx r14,r14,r15 /* Grab PTE, normal (!huge) page */ 175 176 /* Check if required permissions are met */ 177 andc. r15,r11,r14 178 rldicr r15,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT 179 bne- tlb_miss_fault_bolted 180 181 /* Now we build the MAS: 182 * 183 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG 184 * MAS 1 : Almost fully setup 185 * - PID already updated by caller if necessary 186 * - TSIZE need change if !base page size, not 187 * yet implemented for now 188 * MAS 2 : Defaults not useful, need to be redone 189 * MAS 3+7 : Needs to be done 190 */ 191 clrrdi r11,r16,12 /* Clear low crap in EA */ 192 clrldi r15,r15,12 /* Clear crap at the top */ 193 rlwimi r11,r14,32-19,27,31 /* Insert WIMGE */ 194 rlwimi r15,r14,32-8,22,25 /* Move in U bits */ 195 mtspr SPRN_MAS2,r11 196 andi. r11,r14,_PAGE_DIRTY 197 rlwimi r15,r14,32-2,26,31 /* Move in BAP bits */ 198 199 /* Mask out SW and UW if !DIRTY (XXX optimize this !) */ 200 bne 1f 201 li r11,MAS3_SW|MAS3_UW 202 andc r15,r15,r11 2031: 204 mtspr SPRN_MAS7_MAS3,r15 205 tlbwe 206 207tlb_miss_done_bolted: 208 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_NORM_OK) 209 tlb_epilog_bolted 210 rfi 211 212itlb_miss_kernel_bolted: 213 li r11,_PAGE_PRESENT|_PAGE_BAP_SX /* Base perm */ 214 oris r11,r11,_PAGE_ACCESSED@h 215tlb_miss_kernel_bolted: 216 mfspr r10,SPRN_MAS1 217 ld r14,PACA_KERNELPGD(r13) 218 cmpldi cr0,r15,8 /* Check for vmalloc region */ 219 rlwinm r10,r10,0,16,1 /* Clear TID */ 220 mtspr SPRN_MAS1,r10 221 beq+ tlb_miss_common_bolted 222 223tlb_miss_fault_bolted: 224 /* We need to check if it was an instruction miss */ 225 andi. r10,r11,_PAGE_EXEC|_PAGE_BAP_SX 226 bne itlb_miss_fault_bolted 227dtlb_miss_fault_bolted: 228 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT) 229 tlb_epilog_bolted 230 b exc_data_storage_book3e 231itlb_miss_fault_bolted: 232 TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT) 233 tlb_epilog_bolted 234 b exc_instruction_storage_book3e 235 236/* Instruction TLB miss */ 237 START_EXCEPTION(instruction_tlb_miss_bolted) 238 tlb_prolog_bolted BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR0 239 240 rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4 241 srdi r15,r16,60 /* get region */ 242 TLB_MISS_STATS_SAVE_INFO_BOLTED 243 bne- itlb_miss_fault_bolted 244 245 li r11,_PAGE_PRESENT|_PAGE_EXEC /* Base perm */ 246 247 /* We do the user/kernel test for the PID here along with the RW test 248 */ 249 250 cmpldi cr0,r15,0 /* Check for user region */ 251 oris r11,r11,_PAGE_ACCESSED@h 252 beq tlb_miss_common_bolted 253 b itlb_miss_kernel_bolted 254 255#ifdef CONFIG_PPC_FSL_BOOK3E 256/* 257 * TLB miss handling for e6500 and derivatives, using hardware tablewalk. 258 * 259 * Linear mapping is bolted: no virtual page table or nested TLB misses 260 * Indirect entries in TLB1, hardware loads resulting direct entries 261 * into TLB0 262 * No HES or NV hint on TLB1, so we need to do software round-robin 263 * No tlbsrx. so we need a spinlock, and we have to deal 264 * with MAS-damage caused by tlbsx 265 * 4K pages only 266 */ 267 268 START_EXCEPTION(instruction_tlb_miss_e6500) 269 tlb_prolog_bolted BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR0 270 271 ld r11,PACA_TCD_PTR(r13) 272 srdi. r15,r16,60 /* get region */ 273 ori r16,r16,1 274 275 TLB_MISS_STATS_SAVE_INFO_BOLTED 276 bne tlb_miss_kernel_e6500 /* user/kernel test */ 277 278 b tlb_miss_common_e6500 279 280 START_EXCEPTION(data_tlb_miss_e6500) 281 tlb_prolog_bolted BOOKE_INTERRUPT_DTLB_MISS SPRN_DEAR 282 283 ld r11,PACA_TCD_PTR(r13) 284 srdi. r15,r16,60 /* get region */ 285 rldicr r16,r16,0,62 286 287 TLB_MISS_STATS_SAVE_INFO_BOLTED 288 bne tlb_miss_kernel_e6500 /* user vs kernel check */ 289 290/* 291 * This is the guts of the TLB miss handler for e6500 and derivatives. 292 * We are entered with: 293 * 294 * r16 = page of faulting address (low bit 0 if data, 1 if instruction) 295 * r15 = crap (free to use) 296 * r14 = page table base 297 * r13 = PACA 298 * r11 = tlb_per_core ptr 299 * r10 = crap (free to use) 300 */ 301tlb_miss_common_e6500: 302 crmove cr2*4+2,cr0*4+2 /* cr2.eq != 0 if kernel address */ 303 304BEGIN_FTR_SECTION /* CPU_FTR_SMT */ 305 /* 306 * Search if we already have an indirect entry for that virtual 307 * address, and if we do, bail out. 308 * 309 * MAS6:IND should be already set based on MAS4 310 */ 3111: lbarx r15,0,r11 312 lhz r10,PACAPACAINDEX(r13) 313 cmpdi r15,0 314 cmpdi cr1,r15,1 /* set cr1.eq = 0 for non-recursive */ 315 addi r10,r10,1 316 bne 2f 317 stbcx. r10,0,r11 318 bne 1b 3193: 320 .subsection 1 3212: cmpd cr1,r15,r10 /* recursive lock due to mcheck/crit/etc? */ 322 beq cr1,3b /* unlock will happen if cr1.eq = 0 */ 323 lbz r15,0(r11) 324 cmpdi r15,0 325 bne 2b 326 b 1b 327 .previous 328 329 /* 330 * Erratum A-008139 says that we can't use tlbwe to change 331 * an indirect entry in any way (including replacing or 332 * invalidating) if the other thread could be in the process 333 * of a lookup. The workaround is to invalidate the entry 334 * with tlbilx before overwriting. 335 */ 336 337 lbz r15,TCD_ESEL_NEXT(r11) 338 rlwinm r10,r15,16,0xff0000 339 oris r10,r10,MAS0_TLBSEL(1)@h 340 mtspr SPRN_MAS0,r10 341 isync 342 tlbre 343 mfspr r15,SPRN_MAS1 344 andis. r15,r15,MAS1_VALID@h 345 beq 5f 346 347BEGIN_FTR_SECTION_NESTED(532) 348 mfspr r10,SPRN_MAS8 349 rlwinm r10,r10,0,0x80000fff /* tgs,tlpid -> sgs,slpid */ 350 mtspr SPRN_MAS5,r10 351END_FTR_SECTION_NESTED(CPU_FTR_EMB_HV,CPU_FTR_EMB_HV,532) 352 353 mfspr r10,SPRN_MAS1 354 rlwinm r15,r10,0,0x3fff0000 /* tid -> spid */ 355 rlwimi r15,r10,20,0x00000003 /* ind,ts -> sind,sas */ 356 mfspr r10,SPRN_MAS6 357 mtspr SPRN_MAS6,r15 358 359 mfspr r15,SPRN_MAS2 360 isync 361 tlbilxva 0,r15 362 isync 363 364 mtspr SPRN_MAS6,r10 365 3665: 367BEGIN_FTR_SECTION_NESTED(532) 368 li r10,0 369 mtspr SPRN_MAS8,r10 370 mtspr SPRN_MAS5,r10 371END_FTR_SECTION_NESTED(CPU_FTR_EMB_HV,CPU_FTR_EMB_HV,532) 372 373 tlbsx 0,r16 374 mfspr r10,SPRN_MAS1 375 andis. r15,r10,MAS1_VALID@h 376 bne tlb_miss_done_e6500 377FTR_SECTION_ELSE 378 mfspr r10,SPRN_MAS1 379ALT_FTR_SECTION_END_IFSET(CPU_FTR_SMT) 380 381 oris r10,r10,MAS1_VALID@h 382 beq cr2,4f 383 rlwinm r10,r10,0,16,1 /* Clear TID */ 3844: mtspr SPRN_MAS1,r10 385 386 /* Now, we need to walk the page tables. First check if we are in 387 * range. 388 */ 389 rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4 390 bne- tlb_miss_fault_e6500 391 392 rldicl r15,r16,64-PGDIR_SHIFT+3,64-PGD_INDEX_SIZE-3 393 cmpldi cr0,r14,0 394 clrrdi r15,r15,3 395 beq- tlb_miss_fault_e6500 /* No PGDIR, bail */ 396 ldx r14,r14,r15 /* grab pgd entry */ 397 398 rldicl r15,r16,64-PUD_SHIFT+3,64-PUD_INDEX_SIZE-3 399 clrrdi r15,r15,3 400 cmpdi cr0,r14,0 401 bge tlb_miss_fault_e6500 /* Bad pgd entry or hugepage; bail */ 402 ldx r14,r14,r15 /* grab pud entry */ 403 404 rldicl r15,r16,64-PMD_SHIFT+3,64-PMD_INDEX_SIZE-3 405 clrrdi r15,r15,3 406 cmpdi cr0,r14,0 407 bge tlb_miss_fault_e6500 408 ldx r14,r14,r15 /* Grab pmd entry */ 409 410 mfspr r10,SPRN_MAS0 411 cmpdi cr0,r14,0 412 bge tlb_miss_fault_e6500 413 414 /* Now we build the MAS for a 2M indirect page: 415 * 416 * MAS 0 : ESEL needs to be filled by software round-robin 417 * MAS 1 : Fully set up 418 * - PID already updated by caller if necessary 419 * - TSIZE for now is base ind page size always 420 * - TID already cleared if necessary 421 * MAS 2 : Default not 2M-aligned, need to be redone 422 * MAS 3+7 : Needs to be done 423 */ 424 425 ori r14,r14,(BOOK3E_PAGESZ_4K << MAS3_SPSIZE_SHIFT) 426 mtspr SPRN_MAS7_MAS3,r14 427 428 clrrdi r15,r16,21 /* make EA 2M-aligned */ 429 mtspr SPRN_MAS2,r15 430 431 lbz r15,TCD_ESEL_NEXT(r11) 432 lbz r16,TCD_ESEL_MAX(r11) 433 lbz r14,TCD_ESEL_FIRST(r11) 434 rlwimi r10,r15,16,0x00ff0000 /* insert esel_next into MAS0 */ 435 addi r15,r15,1 /* increment esel_next */ 436 mtspr SPRN_MAS0,r10 437 cmpw r15,r16 438 iseleq r15,r14,r15 /* if next == last use first */ 439 stb r15,TCD_ESEL_NEXT(r11) 440 441 tlbwe 442 443tlb_miss_done_e6500: 444 .macro tlb_unlock_e6500 445BEGIN_FTR_SECTION 446 beq cr1,1f /* no unlock if lock was recursively grabbed */ 447 li r15,0 448 isync 449 stb r15,0(r11) 4501: 451END_FTR_SECTION_IFSET(CPU_FTR_SMT) 452 .endm 453 454 tlb_unlock_e6500 455 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_NORM_OK) 456 tlb_epilog_bolted 457 rfi 458 459tlb_miss_kernel_e6500: 460 ld r14,PACA_KERNELPGD(r13) 461 cmpldi cr1,r15,8 /* Check for vmalloc region */ 462 beq+ cr1,tlb_miss_common_e6500 463 464tlb_miss_fault_e6500: 465 tlb_unlock_e6500 466 /* We need to check if it was an instruction miss */ 467 andi. r16,r16,1 468 bne itlb_miss_fault_e6500 469dtlb_miss_fault_e6500: 470 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT) 471 tlb_epilog_bolted 472 b exc_data_storage_book3e 473itlb_miss_fault_e6500: 474 TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT) 475 tlb_epilog_bolted 476 b exc_instruction_storage_book3e 477#endif /* CONFIG_PPC_FSL_BOOK3E */ 478 479/********************************************************************** 480 * * 481 * TLB miss handling for Book3E with TLB reservation and HES support * 482 * * 483 **********************************************************************/ 484 485 486/* Data TLB miss */ 487 START_EXCEPTION(data_tlb_miss) 488 TLB_MISS_PROLOG 489 490 /* Now we handle the fault proper. We only save DEAR in normal 491 * fault case since that's the only interesting values here. 492 * We could probably also optimize by not saving SRR0/1 in the 493 * linear mapping case but I'll leave that for later 494 */ 495 mfspr r14,SPRN_ESR 496 mfspr r16,SPRN_DEAR /* get faulting address */ 497 srdi r15,r16,60 /* get region */ 498 cmpldi cr0,r15,0xc /* linear mapping ? */ 499 TLB_MISS_STATS_SAVE_INFO 500 beq tlb_load_linear /* yes -> go to linear map load */ 501 502 /* The page tables are mapped virtually linear. At this point, though, 503 * we don't know whether we are trying to fault in a first level 504 * virtual address or a virtual page table address. We can get that 505 * from bit 0x1 of the region ID which we have set for a page table 506 */ 507 andi. r10,r15,0x1 508 bne- virt_page_table_tlb_miss 509 510 std r14,EX_TLB_ESR(r12); /* save ESR */ 511 std r16,EX_TLB_DEAR(r12); /* save DEAR */ 512 513 /* We need _PAGE_PRESENT and _PAGE_ACCESSED set */ 514 li r11,_PAGE_PRESENT 515 oris r11,r11,_PAGE_ACCESSED@h 516 517 /* We do the user/kernel test for the PID here along with the RW test 518 */ 519 cmpldi cr0,r15,0 /* Check for user region */ 520 521 /* We pre-test some combination of permissions to avoid double 522 * faults: 523 * 524 * We move the ESR:ST bit into the position of _PAGE_BAP_SW in the PTE 525 * ESR_ST is 0x00800000 526 * _PAGE_BAP_SW is 0x00000010 527 * So the shift is >> 19. This tests for supervisor writeability. 528 * If the page happens to be supervisor writeable and not user 529 * writeable, we will take a new fault later, but that should be 530 * a rare enough case. 531 * 532 * We also move ESR_ST in _PAGE_DIRTY position 533 * _PAGE_DIRTY is 0x00001000 so the shift is >> 11 534 * 535 * MAS1 is preset for all we need except for TID that needs to 536 * be cleared for kernel translations 537 */ 538 rlwimi r11,r14,32-19,27,27 539 rlwimi r11,r14,32-16,19,19 540 beq normal_tlb_miss 541 /* XXX replace the RMW cycles with immediate loads + writes */ 5421: mfspr r10,SPRN_MAS1 543 cmpldi cr0,r15,8 /* Check for vmalloc region */ 544 rlwinm r10,r10,0,16,1 /* Clear TID */ 545 mtspr SPRN_MAS1,r10 546 beq+ normal_tlb_miss 547 548 /* We got a crappy address, just fault with whatever DEAR and ESR 549 * are here 550 */ 551 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT) 552 TLB_MISS_EPILOG_ERROR 553 b exc_data_storage_book3e 554 555/* Instruction TLB miss */ 556 START_EXCEPTION(instruction_tlb_miss) 557 TLB_MISS_PROLOG 558 559 /* If we take a recursive fault, the second level handler may need 560 * to know whether we are handling a data or instruction fault in 561 * order to get to the right store fault handler. We provide that 562 * info by writing a crazy value in ESR in our exception frame 563 */ 564 li r14,-1 /* store to exception frame is done later */ 565 566 /* Now we handle the fault proper. We only save DEAR in the non 567 * linear mapping case since we know the linear mapping case will 568 * not re-enter. We could indeed optimize and also not save SRR0/1 569 * in the linear mapping case but I'll leave that for later 570 * 571 * Faulting address is SRR0 which is already in r16 572 */ 573 srdi r15,r16,60 /* get region */ 574 cmpldi cr0,r15,0xc /* linear mapping ? */ 575 TLB_MISS_STATS_SAVE_INFO 576 beq tlb_load_linear /* yes -> go to linear map load */ 577 578 /* We do the user/kernel test for the PID here along with the RW test 579 */ 580 li r11,_PAGE_PRESENT|_PAGE_EXEC /* Base perm */ 581 oris r11,r11,_PAGE_ACCESSED@h 582 583 cmpldi cr0,r15,0 /* Check for user region */ 584 std r14,EX_TLB_ESR(r12) /* write crazy -1 to frame */ 585 beq normal_tlb_miss 586 587 li r11,_PAGE_PRESENT|_PAGE_BAP_SX /* Base perm */ 588 oris r11,r11,_PAGE_ACCESSED@h 589 /* XXX replace the RMW cycles with immediate loads + writes */ 590 mfspr r10,SPRN_MAS1 591 cmpldi cr0,r15,8 /* Check for vmalloc region */ 592 rlwinm r10,r10,0,16,1 /* Clear TID */ 593 mtspr SPRN_MAS1,r10 594 beq+ normal_tlb_miss 595 596 /* We got a crappy address, just fault */ 597 TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT) 598 TLB_MISS_EPILOG_ERROR 599 b exc_instruction_storage_book3e 600 601/* 602 * This is the guts of the first-level TLB miss handler for direct 603 * misses. We are entered with: 604 * 605 * r16 = faulting address 606 * r15 = region ID 607 * r14 = crap (free to use) 608 * r13 = PACA 609 * r12 = TLB exception frame in PACA 610 * r11 = PTE permission mask 611 * r10 = crap (free to use) 612 */ 613normal_tlb_miss: 614 /* So we first construct the page table address. We do that by 615 * shifting the bottom of the address (not the region ID) by 616 * PAGE_SHIFT-3, clearing the bottom 3 bits (get a PTE ptr) and 617 * or'ing the fourth high bit. 618 * 619 * NOTE: For 64K pages, we do things slightly differently in 620 * order to handle the weird page table format used by linux 621 */ 622 ori r10,r15,0x1 623#ifdef CONFIG_PPC_64K_PAGES 624 /* For the top bits, 16 bytes per PTE */ 625 rldicl r14,r16,64-(PAGE_SHIFT-4),PAGE_SHIFT-4+4 626 /* Now create the bottom bits as 0 in position 0x8000 and 627 * the rest calculated for 8 bytes per PTE 628 */ 629 rldicl r15,r16,64-(PAGE_SHIFT-3),64-15 630 /* Insert the bottom bits in */ 631 rlwimi r14,r15,0,16,31 632#else 633 rldicl r14,r16,64-(PAGE_SHIFT-3),PAGE_SHIFT-3+4 634#endif 635 sldi r15,r10,60 636 clrrdi r14,r14,3 637 or r10,r15,r14 638 639BEGIN_MMU_FTR_SECTION 640 /* Set the TLB reservation and search for existing entry. Then load 641 * the entry. 642 */ 643 PPC_TLBSRX_DOT(0,R16) 644 ld r14,0(r10) 645 beq normal_tlb_miss_done 646MMU_FTR_SECTION_ELSE 647 ld r14,0(r10) 648ALT_MMU_FTR_SECTION_END_IFSET(MMU_FTR_USE_TLBRSRV) 649 650finish_normal_tlb_miss: 651 /* Check if required permissions are met */ 652 andc. r15,r11,r14 653 bne- normal_tlb_miss_access_fault 654 655 /* Now we build the MAS: 656 * 657 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG 658 * MAS 1 : Almost fully setup 659 * - PID already updated by caller if necessary 660 * - TSIZE need change if !base page size, not 661 * yet implemented for now 662 * MAS 2 : Defaults not useful, need to be redone 663 * MAS 3+7 : Needs to be done 664 * 665 * TODO: mix up code below for better scheduling 666 */ 667 clrrdi r11,r16,12 /* Clear low crap in EA */ 668 rlwimi r11,r14,32-19,27,31 /* Insert WIMGE */ 669 mtspr SPRN_MAS2,r11 670 671 /* Check page size, if not standard, update MAS1 */ 672 rldicl r11,r14,64-8,64-8 673#ifdef CONFIG_PPC_64K_PAGES 674 cmpldi cr0,r11,BOOK3E_PAGESZ_64K 675#else 676 cmpldi cr0,r11,BOOK3E_PAGESZ_4K 677#endif 678 beq- 1f 679 mfspr r11,SPRN_MAS1 680 rlwimi r11,r14,31,21,24 681 rlwinm r11,r11,0,21,19 682 mtspr SPRN_MAS1,r11 6831: 684 /* Move RPN in position */ 685 rldicr r11,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT 686 clrldi r15,r11,12 /* Clear crap at the top */ 687 rlwimi r15,r14,32-8,22,25 /* Move in U bits */ 688 rlwimi r15,r14,32-2,26,31 /* Move in BAP bits */ 689 690 /* Mask out SW and UW if !DIRTY (XXX optimize this !) */ 691 andi. r11,r14,_PAGE_DIRTY 692 bne 1f 693 li r11,MAS3_SW|MAS3_UW 694 andc r15,r15,r11 6951: 696BEGIN_MMU_FTR_SECTION 697 srdi r16,r15,32 698 mtspr SPRN_MAS3,r15 699 mtspr SPRN_MAS7,r16 700MMU_FTR_SECTION_ELSE 701 mtspr SPRN_MAS7_MAS3,r15 702ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) 703 704 tlbwe 705 706normal_tlb_miss_done: 707 /* We don't bother with restoring DEAR or ESR since we know we are 708 * level 0 and just going back to userland. They are only needed 709 * if you are going to take an access fault 710 */ 711 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_NORM_OK) 712 TLB_MISS_EPILOG_SUCCESS 713 rfi 714 715normal_tlb_miss_access_fault: 716 /* We need to check if it was an instruction miss */ 717 andi. r10,r11,_PAGE_EXEC 718 bne 1f 719 ld r14,EX_TLB_DEAR(r12) 720 ld r15,EX_TLB_ESR(r12) 721 mtspr SPRN_DEAR,r14 722 mtspr SPRN_ESR,r15 723 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT) 724 TLB_MISS_EPILOG_ERROR 725 b exc_data_storage_book3e 7261: TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT) 727 TLB_MISS_EPILOG_ERROR 728 b exc_instruction_storage_book3e 729 730 731/* 732 * This is the guts of the second-level TLB miss handler for direct 733 * misses. We are entered with: 734 * 735 * r16 = virtual page table faulting address 736 * r15 = region (top 4 bits of address) 737 * r14 = crap (free to use) 738 * r13 = PACA 739 * r12 = TLB exception frame in PACA 740 * r11 = crap (free to use) 741 * r10 = crap (free to use) 742 * 743 * Note that this should only ever be called as a second level handler 744 * with the current scheme when using SW load. 745 * That means we can always get the original fault DEAR at 746 * EX_TLB_DEAR-EX_TLB_SIZE(r12) 747 * 748 * It can be re-entered by the linear mapping miss handler. However, to 749 * avoid too much complication, it will restart the whole fault at level 750 * 0 so we don't care too much about clobbers 751 * 752 * XXX That code was written back when we couldn't clobber r14. We can now, 753 * so we could probably optimize things a bit 754 */ 755virt_page_table_tlb_miss: 756 /* Are we hitting a kernel page table ? */ 757 andi. r10,r15,0x8 758 759 /* The cool thing now is that r10 contains 0 for user and 8 for kernel, 760 * and we happen to have the swapper_pg_dir at offset 8 from the user 761 * pgdir in the PACA :-). 762 */ 763 add r11,r10,r13 764 765 /* If kernel, we need to clear MAS1 TID */ 766 beq 1f 767 /* XXX replace the RMW cycles with immediate loads + writes */ 768 mfspr r10,SPRN_MAS1 769 rlwinm r10,r10,0,16,1 /* Clear TID */ 770 mtspr SPRN_MAS1,r10 7711: 772BEGIN_MMU_FTR_SECTION 773 /* Search if we already have a TLB entry for that virtual address, and 774 * if we do, bail out. 775 */ 776 PPC_TLBSRX_DOT(0,R16) 777 beq virt_page_table_tlb_miss_done 778END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_TLBRSRV) 779 780 /* Now, we need to walk the page tables. First check if we are in 781 * range. 782 */ 783 rldicl. r10,r16,64-(VPTE_INDEX_SIZE+3),VPTE_INDEX_SIZE+3+4 784 bne- virt_page_table_tlb_miss_fault 785 786 /* Get the PGD pointer */ 787 ld r15,PACAPGD(r11) 788 cmpldi cr0,r15,0 789 beq- virt_page_table_tlb_miss_fault 790 791 /* Get to PGD entry */ 792 rldicl r11,r16,64-VPTE_PGD_SHIFT,64-PGD_INDEX_SIZE-3 793 clrrdi r10,r11,3 794 ldx r15,r10,r15 795 cmpdi cr0,r15,0 796 bge virt_page_table_tlb_miss_fault 797 798#ifndef CONFIG_PPC_64K_PAGES 799 /* Get to PUD entry */ 800 rldicl r11,r16,64-VPTE_PUD_SHIFT,64-PUD_INDEX_SIZE-3 801 clrrdi r10,r11,3 802 ldx r15,r10,r15 803 cmpdi cr0,r15,0 804 bge virt_page_table_tlb_miss_fault 805#endif /* CONFIG_PPC_64K_PAGES */ 806 807 /* Get to PMD entry */ 808 rldicl r11,r16,64-VPTE_PMD_SHIFT,64-PMD_INDEX_SIZE-3 809 clrrdi r10,r11,3 810 ldx r15,r10,r15 811 cmpdi cr0,r15,0 812 bge virt_page_table_tlb_miss_fault 813 814 /* Ok, we're all right, we can now create a kernel translation for 815 * a 4K or 64K page from r16 -> r15. 816 */ 817 /* Now we build the MAS: 818 * 819 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG 820 * MAS 1 : Almost fully setup 821 * - PID already updated by caller if necessary 822 * - TSIZE for now is base page size always 823 * MAS 2 : Use defaults 824 * MAS 3+7 : Needs to be done 825 * 826 * So we only do MAS 2 and 3 for now... 827 */ 828 clrldi r11,r15,4 /* remove region ID from RPN */ 829 ori r10,r11,1 /* Or-in SR */ 830 831BEGIN_MMU_FTR_SECTION 832 srdi r16,r10,32 833 mtspr SPRN_MAS3,r10 834 mtspr SPRN_MAS7,r16 835MMU_FTR_SECTION_ELSE 836 mtspr SPRN_MAS7_MAS3,r10 837ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) 838 839 tlbwe 840 841BEGIN_MMU_FTR_SECTION 842virt_page_table_tlb_miss_done: 843 844 /* We have overriden MAS2:EPN but currently our primary TLB miss 845 * handler will always restore it so that should not be an issue, 846 * if we ever optimize the primary handler to not write MAS2 on 847 * some cases, we'll have to restore MAS2:EPN here based on the 848 * original fault's DEAR. If we do that we have to modify the 849 * ITLB miss handler to also store SRR0 in the exception frame 850 * as DEAR. 851 * 852 * However, one nasty thing we did is we cleared the reservation 853 * (well, potentially we did). We do a trick here thus if we 854 * are not a level 0 exception (we interrupted the TLB miss) we 855 * offset the return address by -4 in order to replay the tlbsrx 856 * instruction there 857 */ 858 subf r10,r13,r12 859 cmpldi cr0,r10,PACA_EXTLB+EX_TLB_SIZE 860 bne- 1f 861 ld r11,PACA_EXTLB+EX_TLB_SIZE+EX_TLB_SRR0(r13) 862 addi r10,r11,-4 863 std r10,PACA_EXTLB+EX_TLB_SIZE+EX_TLB_SRR0(r13) 8641: 865END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_TLBRSRV) 866 /* Return to caller, normal case */ 867 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_OK); 868 TLB_MISS_EPILOG_SUCCESS 869 rfi 870 871virt_page_table_tlb_miss_fault: 872 /* If we fault here, things are a little bit tricky. We need to call 873 * either data or instruction store fault, and we need to retrieve 874 * the original fault address and ESR (for data). 875 * 876 * The thing is, we know that in normal circumstances, this is 877 * always called as a second level tlb miss for SW load or as a first 878 * level TLB miss for HW load, so we should be able to peek at the 879 * relevant information in the first exception frame in the PACA. 880 * 881 * However, we do need to double check that, because we may just hit 882 * a stray kernel pointer or a userland attack trying to hit those 883 * areas. If that is the case, we do a data fault. (We can't get here 884 * from an instruction tlb miss anyway). 885 * 886 * Note also that when going to a fault, we must unwind the previous 887 * level as well. Since we are doing that, we don't need to clear or 888 * restore the TLB reservation neither. 889 */ 890 subf r10,r13,r12 891 cmpldi cr0,r10,PACA_EXTLB+EX_TLB_SIZE 892 bne- virt_page_table_tlb_miss_whacko_fault 893 894 /* We dig the original DEAR and ESR from slot 0 */ 895 ld r15,EX_TLB_DEAR+PACA_EXTLB(r13) 896 ld r16,EX_TLB_ESR+PACA_EXTLB(r13) 897 898 /* We check for the "special" ESR value for instruction faults */ 899 cmpdi cr0,r16,-1 900 beq 1f 901 mtspr SPRN_DEAR,r15 902 mtspr SPRN_ESR,r16 903 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_PT_FAULT); 904 TLB_MISS_EPILOG_ERROR 905 b exc_data_storage_book3e 9061: TLB_MISS_STATS_I(MMSTAT_TLB_MISS_PT_FAULT); 907 TLB_MISS_EPILOG_ERROR 908 b exc_instruction_storage_book3e 909 910virt_page_table_tlb_miss_whacko_fault: 911 /* The linear fault will restart everything so ESR and DEAR will 912 * not have been clobbered, let's just fault with what we have 913 */ 914 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_FAULT); 915 TLB_MISS_EPILOG_ERROR 916 b exc_data_storage_book3e 917 918 919/************************************************************** 920 * * 921 * TLB miss handling for Book3E with hw page table support * 922 * * 923 **************************************************************/ 924 925 926/* Data TLB miss */ 927 START_EXCEPTION(data_tlb_miss_htw) 928 TLB_MISS_PROLOG 929 930 /* Now we handle the fault proper. We only save DEAR in normal 931 * fault case since that's the only interesting values here. 932 * We could probably also optimize by not saving SRR0/1 in the 933 * linear mapping case but I'll leave that for later 934 */ 935 mfspr r14,SPRN_ESR 936 mfspr r16,SPRN_DEAR /* get faulting address */ 937 srdi r11,r16,60 /* get region */ 938 cmpldi cr0,r11,0xc /* linear mapping ? */ 939 TLB_MISS_STATS_SAVE_INFO 940 beq tlb_load_linear /* yes -> go to linear map load */ 941 942 /* We do the user/kernel test for the PID here along with the RW test 943 */ 944 cmpldi cr0,r11,0 /* Check for user region */ 945 ld r15,PACAPGD(r13) /* Load user pgdir */ 946 beq htw_tlb_miss 947 948 /* XXX replace the RMW cycles with immediate loads + writes */ 9491: mfspr r10,SPRN_MAS1 950 cmpldi cr0,r11,8 /* Check for vmalloc region */ 951 rlwinm r10,r10,0,16,1 /* Clear TID */ 952 mtspr SPRN_MAS1,r10 953 ld r15,PACA_KERNELPGD(r13) /* Load kernel pgdir */ 954 beq+ htw_tlb_miss 955 956 /* We got a crappy address, just fault with whatever DEAR and ESR 957 * are here 958 */ 959 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT) 960 TLB_MISS_EPILOG_ERROR 961 b exc_data_storage_book3e 962 963/* Instruction TLB miss */ 964 START_EXCEPTION(instruction_tlb_miss_htw) 965 TLB_MISS_PROLOG 966 967 /* If we take a recursive fault, the second level handler may need 968 * to know whether we are handling a data or instruction fault in 969 * order to get to the right store fault handler. We provide that 970 * info by keeping a crazy value for ESR in r14 971 */ 972 li r14,-1 /* store to exception frame is done later */ 973 974 /* Now we handle the fault proper. We only save DEAR in the non 975 * linear mapping case since we know the linear mapping case will 976 * not re-enter. We could indeed optimize and also not save SRR0/1 977 * in the linear mapping case but I'll leave that for later 978 * 979 * Faulting address is SRR0 which is already in r16 980 */ 981 srdi r11,r16,60 /* get region */ 982 cmpldi cr0,r11,0xc /* linear mapping ? */ 983 TLB_MISS_STATS_SAVE_INFO 984 beq tlb_load_linear /* yes -> go to linear map load */ 985 986 /* We do the user/kernel test for the PID here along with the RW test 987 */ 988 cmpldi cr0,r11,0 /* Check for user region */ 989 ld r15,PACAPGD(r13) /* Load user pgdir */ 990 beq htw_tlb_miss 991 992 /* XXX replace the RMW cycles with immediate loads + writes */ 9931: mfspr r10,SPRN_MAS1 994 cmpldi cr0,r11,8 /* Check for vmalloc region */ 995 rlwinm r10,r10,0,16,1 /* Clear TID */ 996 mtspr SPRN_MAS1,r10 997 ld r15,PACA_KERNELPGD(r13) /* Load kernel pgdir */ 998 beq+ htw_tlb_miss 999 1000 /* We got a crappy address, just fault */ 1001 TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT) 1002 TLB_MISS_EPILOG_ERROR 1003 b exc_instruction_storage_book3e 1004 1005 1006/* 1007 * This is the guts of the second-level TLB miss handler for direct 1008 * misses. We are entered with: 1009 * 1010 * r16 = virtual page table faulting address 1011 * r15 = PGD pointer 1012 * r14 = ESR 1013 * r13 = PACA 1014 * r12 = TLB exception frame in PACA 1015 * r11 = crap (free to use) 1016 * r10 = crap (free to use) 1017 * 1018 * It can be re-entered by the linear mapping miss handler. However, to 1019 * avoid too much complication, it will save/restore things for us 1020 */ 1021htw_tlb_miss: 1022 /* Search if we already have a TLB entry for that virtual address, and 1023 * if we do, bail out. 1024 * 1025 * MAS1:IND should be already set based on MAS4 1026 */ 1027 PPC_TLBSRX_DOT(0,R16) 1028 beq htw_tlb_miss_done 1029 1030 /* Now, we need to walk the page tables. First check if we are in 1031 * range. 1032 */ 1033 rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4 1034 bne- htw_tlb_miss_fault 1035 1036 /* Get the PGD pointer */ 1037 cmpldi cr0,r15,0 1038 beq- htw_tlb_miss_fault 1039 1040 /* Get to PGD entry */ 1041 rldicl r11,r16,64-(PGDIR_SHIFT-3),64-PGD_INDEX_SIZE-3 1042 clrrdi r10,r11,3 1043 ldx r15,r10,r15 1044 cmpdi cr0,r15,0 1045 bge htw_tlb_miss_fault 1046 1047#ifndef CONFIG_PPC_64K_PAGES 1048 /* Get to PUD entry */ 1049 rldicl r11,r16,64-(PUD_SHIFT-3),64-PUD_INDEX_SIZE-3 1050 clrrdi r10,r11,3 1051 ldx r15,r10,r15 1052 cmpdi cr0,r15,0 1053 bge htw_tlb_miss_fault 1054#endif /* CONFIG_PPC_64K_PAGES */ 1055 1056 /* Get to PMD entry */ 1057 rldicl r11,r16,64-(PMD_SHIFT-3),64-PMD_INDEX_SIZE-3 1058 clrrdi r10,r11,3 1059 ldx r15,r10,r15 1060 cmpdi cr0,r15,0 1061 bge htw_tlb_miss_fault 1062 1063 /* Ok, we're all right, we can now create an indirect entry for 1064 * a 1M or 256M page. 1065 * 1066 * The last trick is now that because we use "half" pages for 1067 * the HTW (1M IND is 2K and 256M IND is 32K) we need to account 1068 * for an added LSB bit to the RPN. For 64K pages, there is no 1069 * problem as we already use 32K arrays (half PTE pages), but for 1070 * 4K page we need to extract a bit from the virtual address and 1071 * insert it into the "PA52" bit of the RPN. 1072 */ 1073#ifndef CONFIG_PPC_64K_PAGES 1074 rlwimi r15,r16,32-9,20,20 1075#endif 1076 /* Now we build the MAS: 1077 * 1078 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG 1079 * MAS 1 : Almost fully setup 1080 * - PID already updated by caller if necessary 1081 * - TSIZE for now is base ind page size always 1082 * MAS 2 : Use defaults 1083 * MAS 3+7 : Needs to be done 1084 */ 1085#ifdef CONFIG_PPC_64K_PAGES 1086 ori r10,r15,(BOOK3E_PAGESZ_64K << MAS3_SPSIZE_SHIFT) 1087#else 1088 ori r10,r15,(BOOK3E_PAGESZ_4K << MAS3_SPSIZE_SHIFT) 1089#endif 1090 1091BEGIN_MMU_FTR_SECTION 1092 srdi r16,r10,32 1093 mtspr SPRN_MAS3,r10 1094 mtspr SPRN_MAS7,r16 1095MMU_FTR_SECTION_ELSE 1096 mtspr SPRN_MAS7_MAS3,r10 1097ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) 1098 1099 tlbwe 1100 1101htw_tlb_miss_done: 1102 /* We don't bother with restoring DEAR or ESR since we know we are 1103 * level 0 and just going back to userland. They are only needed 1104 * if you are going to take an access fault 1105 */ 1106 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_OK) 1107 TLB_MISS_EPILOG_SUCCESS 1108 rfi 1109 1110htw_tlb_miss_fault: 1111 /* We need to check if it was an instruction miss. We know this 1112 * though because r14 would contain -1 1113 */ 1114 cmpdi cr0,r14,-1 1115 beq 1f 1116 mtspr SPRN_DEAR,r16 1117 mtspr SPRN_ESR,r14 1118 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_PT_FAULT) 1119 TLB_MISS_EPILOG_ERROR 1120 b exc_data_storage_book3e 11211: TLB_MISS_STATS_I(MMSTAT_TLB_MISS_PT_FAULT) 1122 TLB_MISS_EPILOG_ERROR 1123 b exc_instruction_storage_book3e 1124 1125/* 1126 * This is the guts of "any" level TLB miss handler for kernel linear 1127 * mapping misses. We are entered with: 1128 * 1129 * 1130 * r16 = faulting address 1131 * r15 = crap (free to use) 1132 * r14 = ESR (data) or -1 (instruction) 1133 * r13 = PACA 1134 * r12 = TLB exception frame in PACA 1135 * r11 = crap (free to use) 1136 * r10 = crap (free to use) 1137 * 1138 * In addition we know that we will not re-enter, so in theory, we could 1139 * use a simpler epilog not restoring SRR0/1 etc.. but we'll do that later. 1140 * 1141 * We also need to be careful about MAS registers here & TLB reservation, 1142 * as we know we'll have clobbered them if we interrupt the main TLB miss 1143 * handlers in which case we probably want to do a full restart at level 1144 * 0 rather than saving / restoring the MAS. 1145 * 1146 * Note: If we care about performance of that core, we can easily shuffle 1147 * a few things around 1148 */ 1149tlb_load_linear: 1150 /* For now, we assume the linear mapping is contiguous and stops at 1151 * linear_map_top. We also assume the size is a multiple of 1G, thus 1152 * we only use 1G pages for now. That might have to be changed in a 1153 * final implementation, especially when dealing with hypervisors 1154 */ 1155 ld r11,PACATOC(r13) 1156 ld r11,linear_map_top@got(r11) 1157 ld r10,0(r11) 1158 tovirt(10,10) 1159 cmpld cr0,r16,r10 1160 bge tlb_load_linear_fault 1161 1162 /* MAS1 need whole new setup. */ 1163 li r15,(BOOK3E_PAGESZ_1GB<<MAS1_TSIZE_SHIFT) 1164 oris r15,r15,MAS1_VALID@h /* MAS1 needs V and TSIZE */ 1165 mtspr SPRN_MAS1,r15 1166 1167 /* Already somebody there ? */ 1168 PPC_TLBSRX_DOT(0,R16) 1169 beq tlb_load_linear_done 1170 1171 /* Now we build the remaining MAS. MAS0 and 2 should be fine 1172 * with their defaults, which leaves us with MAS 3 and 7. The 1173 * mapping is linear, so we just take the address, clear the 1174 * region bits, and or in the permission bits which are currently 1175 * hard wired 1176 */ 1177 clrrdi r10,r16,30 /* 1G page index */ 1178 clrldi r10,r10,4 /* clear region bits */ 1179 ori r10,r10,MAS3_SR|MAS3_SW|MAS3_SX 1180 1181BEGIN_MMU_FTR_SECTION 1182 srdi r16,r10,32 1183 mtspr SPRN_MAS3,r10 1184 mtspr SPRN_MAS7,r16 1185MMU_FTR_SECTION_ELSE 1186 mtspr SPRN_MAS7_MAS3,r10 1187ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) 1188 1189 tlbwe 1190 1191tlb_load_linear_done: 1192 /* We use the "error" epilog for success as we do want to 1193 * restore to the initial faulting context, whatever it was. 1194 * We do that because we can't resume a fault within a TLB 1195 * miss handler, due to MAS and TLB reservation being clobbered. 1196 */ 1197 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_LINEAR) 1198 TLB_MISS_EPILOG_ERROR 1199 rfi 1200 1201tlb_load_linear_fault: 1202 /* We keep the DEAR and ESR around, this shouldn't have happened */ 1203 cmpdi cr0,r14,-1 1204 beq 1f 1205 TLB_MISS_EPILOG_ERROR_SPECIAL 1206 b exc_data_storage_book3e 12071: TLB_MISS_EPILOG_ERROR_SPECIAL 1208 b exc_instruction_storage_book3e 1209 1210 1211#ifdef CONFIG_BOOK3E_MMU_TLB_STATS 1212.tlb_stat_inc: 12131: ldarx r8,0,r9 1214 addi r8,r8,1 1215 stdcx. r8,0,r9 1216 bne- 1b 1217 blr 1218#endif 1219