root/arch/powerpc/mm/nohash/tlb_low_64e.S

   1 /* SPDX-License-Identifier: GPL-2.0-or-later */
   2 /*
   3  *  Low level TLB miss handlers for Book3E
   4  *
   5  *  Copyright (C) 2008-2009
   6  *      Ben. Herrenschmidt (benh@kernel.crashing.org), IBM Corp.
   7  */
   8 
   9 #include <asm/processor.h>
  10 #include <asm/reg.h>
  11 #include <asm/page.h>
  12 #include <asm/mmu.h>
  13 #include <asm/ppc_asm.h>
  14 #include <asm/asm-offsets.h>
  15 #include <asm/cputable.h>
  16 #include <asm/pgtable.h>
  17 #include <asm/exception-64e.h>
  18 #include <asm/ppc-opcode.h>
  19 #include <asm/kvm_asm.h>
  20 #include <asm/kvm_booke_hv_asm.h>
  21 #include <asm/feature-fixups.h>
  22 
  23 #define VPTE_PMD_SHIFT  (PTE_INDEX_SIZE)
  24 #define VPTE_PUD_SHIFT  (VPTE_PMD_SHIFT + PMD_INDEX_SIZE)
  25 #define VPTE_PGD_SHIFT  (VPTE_PUD_SHIFT + PUD_INDEX_SIZE)
  26 #define VPTE_INDEX_SIZE (VPTE_PGD_SHIFT + PGD_INDEX_SIZE)
  27 
  28 /**********************************************************************
  29  *                                                                    *
  30  * TLB miss handling for Book3E with a bolted linear mapping          *
  31  * No virtual page table, no nested TLB misses                        *
  32  *                                                                    *
  33  **********************************************************************/
  34 
  35 /*
  36  * Note that, unlike non-bolted handlers, TLB_EXFRAME is not
  37  * modified by the TLB miss handlers themselves, since the TLB miss
  38  * handler code will not itself cause a recursive TLB miss.
  39  *
  40  * TLB_EXFRAME will be modified when crit/mc/debug exceptions are
  41  * entered/exited.
  42  */
  43 .macro tlb_prolog_bolted intnum addr
  44         mtspr   SPRN_SPRG_GEN_SCRATCH,r12
  45         mfspr   r12,SPRN_SPRG_TLB_EXFRAME
  46         std     r13,EX_TLB_R13(r12)
  47         std     r10,EX_TLB_R10(r12)
  48         mfspr   r13,SPRN_SPRG_PACA
  49 
  50         mfcr    r10
  51         std     r11,EX_TLB_R11(r12)
  52 #ifdef CONFIG_KVM_BOOKE_HV
  53 BEGIN_FTR_SECTION
  54         mfspr   r11, SPRN_SRR1
  55 END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
  56 #endif
  57         DO_KVM  \intnum, SPRN_SRR1
  58         std     r16,EX_TLB_R16(r12)
  59         mfspr   r16,\addr               /* get faulting address */
  60         std     r14,EX_TLB_R14(r12)
  61         ld      r14,PACAPGD(r13)
  62         std     r15,EX_TLB_R15(r12)
  63         std     r10,EX_TLB_CR(r12)
  64 #ifdef CONFIG_PPC_FSL_BOOK3E
  65 START_BTB_FLUSH_SECTION
  66         mfspr r11, SPRN_SRR1
  67         andi. r10,r11,MSR_PR
  68         beq 1f
  69         BTB_FLUSH(r10)
  70 1:
  71 END_BTB_FLUSH_SECTION
  72         std     r7,EX_TLB_R7(r12)
  73 #endif
  74         TLB_MISS_PROLOG_STATS
  75 .endm
  76 
  77 .macro tlb_epilog_bolted
  78         ld      r14,EX_TLB_CR(r12)
  79 #ifdef CONFIG_PPC_FSL_BOOK3E
  80         ld      r7,EX_TLB_R7(r12)
  81 #endif
  82         ld      r10,EX_TLB_R10(r12)
  83         ld      r11,EX_TLB_R11(r12)
  84         ld      r13,EX_TLB_R13(r12)
  85         mtcr    r14
  86         ld      r14,EX_TLB_R14(r12)
  87         ld      r15,EX_TLB_R15(r12)
  88         TLB_MISS_RESTORE_STATS
  89         ld      r16,EX_TLB_R16(r12)
  90         mfspr   r12,SPRN_SPRG_GEN_SCRATCH
  91 .endm
  92 
  93 /* Data TLB miss */
  94         START_EXCEPTION(data_tlb_miss_bolted)
  95         tlb_prolog_bolted BOOKE_INTERRUPT_DTLB_MISS SPRN_DEAR
  96 
  97         /* We need _PAGE_PRESENT and  _PAGE_ACCESSED set */
  98 
  99         /* We do the user/kernel test for the PID here along with the RW test
 100          */
 101         /* We pre-test some combination of permissions to avoid double
 102          * faults:
 103          *
 104          * We move the ESR:ST bit into the position of _PAGE_BAP_SW in the PTE
 105          * ESR_ST   is 0x00800000
 106          * _PAGE_BAP_SW is 0x00000010
 107          * So the shift is >> 19. This tests for supervisor writeability.
 108          * If the page happens to be supervisor writeable and not user
 109          * writeable, we will take a new fault later, but that should be
 110          * a rare enough case.
 111          *
 112          * We also move ESR_ST in _PAGE_DIRTY position
 113          * _PAGE_DIRTY is 0x00001000 so the shift is >> 11
 114          *
 115          * MAS1 is preset for all we need except for TID that needs to
 116          * be cleared for kernel translations
 117          */
 118 
 119         mfspr   r11,SPRN_ESR
 120 
 121         srdi    r15,r16,60              /* get region */
 122         rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4
 123         bne-    dtlb_miss_fault_bolted  /* Bail if fault addr is invalid */
 124 
 125         rlwinm  r10,r11,32-19,27,27
 126         rlwimi  r10,r11,32-16,19,19
 127         cmpwi   r15,0                   /* user vs kernel check */
 128         ori     r10,r10,_PAGE_PRESENT
 129         oris    r11,r10,_PAGE_ACCESSED@h
 130 
 131         TLB_MISS_STATS_SAVE_INFO_BOLTED
 132         bne     tlb_miss_kernel_bolted
 133 
 134 tlb_miss_common_bolted:
 135 /*
 136  * This is the guts of the TLB miss handler for bolted-linear.
 137  * We are entered with:
 138  *
 139  * r16 = faulting address
 140  * r15 = crap (free to use)
 141  * r14 = page table base
 142  * r13 = PACA
 143  * r11 = PTE permission mask
 144  * r10 = crap (free to use)
 145  */
 146         rldicl  r15,r16,64-PGDIR_SHIFT+3,64-PGD_INDEX_SIZE-3
 147         cmpldi  cr0,r14,0
 148         clrrdi  r15,r15,3
 149         beq     tlb_miss_fault_bolted   /* No PGDIR, bail */
 150 
 151 BEGIN_MMU_FTR_SECTION
 152         /* Set the TLB reservation and search for existing entry. Then load
 153          * the entry.
 154          */
 155         PPC_TLBSRX_DOT(0,R16)
 156         ldx     r14,r14,r15             /* grab pgd entry */
 157         beq     tlb_miss_done_bolted    /* tlb exists already, bail */
 158 MMU_FTR_SECTION_ELSE
 159         ldx     r14,r14,r15             /* grab pgd entry */
 160 ALT_MMU_FTR_SECTION_END_IFSET(MMU_FTR_USE_TLBRSRV)
 161 
 162         rldicl  r15,r16,64-PUD_SHIFT+3,64-PUD_INDEX_SIZE-3
 163         clrrdi  r15,r15,3
 164         cmpdi   cr0,r14,0
 165         bge     tlb_miss_fault_bolted   /* Bad pgd entry or hugepage; bail */
 166         ldx     r14,r14,r15             /* grab pud entry */
 167 
 168         rldicl  r15,r16,64-PMD_SHIFT+3,64-PMD_INDEX_SIZE-3
 169         clrrdi  r15,r15,3
 170         cmpdi   cr0,r14,0
 171         bge     tlb_miss_fault_bolted
 172         ldx     r14,r14,r15             /* Grab pmd entry */
 173 
 174         rldicl  r15,r16,64-PAGE_SHIFT+3,64-PTE_INDEX_SIZE-3
 175         clrrdi  r15,r15,3
 176         cmpdi   cr0,r14,0
 177         bge     tlb_miss_fault_bolted
 178         ldx     r14,r14,r15             /* Grab PTE, normal (!huge) page */
 179 
 180         /* Check if required permissions are met */
 181         andc.   r15,r11,r14
 182         rldicr  r15,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT
 183         bne-    tlb_miss_fault_bolted
 184 
 185         /* Now we build the MAS:
 186          *
 187          * MAS 0   :    Fully setup with defaults in MAS4 and TLBnCFG
 188          * MAS 1   :    Almost fully setup
 189          *               - PID already updated by caller if necessary
 190          *               - TSIZE need change if !base page size, not
 191          *                 yet implemented for now
 192          * MAS 2   :    Defaults not useful, need to be redone
 193          * MAS 3+7 :    Needs to be done
 194          */
 195         clrrdi  r11,r16,12              /* Clear low crap in EA */
 196         clrldi  r15,r15,12              /* Clear crap at the top */
 197         rlwimi  r11,r14,32-19,27,31     /* Insert WIMGE */
 198         rlwimi  r15,r14,32-8,22,25      /* Move in U bits */
 199         mtspr   SPRN_MAS2,r11
 200         andi.   r11,r14,_PAGE_DIRTY
 201         rlwimi  r15,r14,32-2,26,31      /* Move in BAP bits */
 202 
 203         /* Mask out SW and UW if !DIRTY (XXX optimize this !) */
 204         bne     1f
 205         li      r11,MAS3_SW|MAS3_UW
 206         andc    r15,r15,r11
 207 1:
 208         mtspr   SPRN_MAS7_MAS3,r15
 209         tlbwe
 210 
 211 tlb_miss_done_bolted:
 212         TLB_MISS_STATS_X(MMSTAT_TLB_MISS_NORM_OK)
 213         tlb_epilog_bolted
 214         rfi
 215 
 216 itlb_miss_kernel_bolted:
 217         li      r11,_PAGE_PRESENT|_PAGE_BAP_SX  /* Base perm */
 218         oris    r11,r11,_PAGE_ACCESSED@h
 219 tlb_miss_kernel_bolted:
 220         mfspr   r10,SPRN_MAS1
 221         ld      r14,PACA_KERNELPGD(r13)
 222         cmpldi  cr0,r15,8               /* Check for vmalloc region */
 223         rlwinm  r10,r10,0,16,1          /* Clear TID */
 224         mtspr   SPRN_MAS1,r10
 225         beq+    tlb_miss_common_bolted
 226 
 227 tlb_miss_fault_bolted:
 228         /* We need to check if it was an instruction miss */
 229         andi.   r10,r11,_PAGE_EXEC|_PAGE_BAP_SX
 230         bne     itlb_miss_fault_bolted
 231 dtlb_miss_fault_bolted:
 232         TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT)
 233         tlb_epilog_bolted
 234         b       exc_data_storage_book3e
 235 itlb_miss_fault_bolted:
 236         TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT)
 237         tlb_epilog_bolted
 238         b       exc_instruction_storage_book3e
 239 
 240 /* Instruction TLB miss */
 241         START_EXCEPTION(instruction_tlb_miss_bolted)
 242         tlb_prolog_bolted BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR0
 243 
 244         rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4
 245         srdi    r15,r16,60              /* get region */
 246         TLB_MISS_STATS_SAVE_INFO_BOLTED
 247         bne-    itlb_miss_fault_bolted
 248 
 249         li      r11,_PAGE_PRESENT|_PAGE_EXEC    /* Base perm */
 250 
 251         /* We do the user/kernel test for the PID here along with the RW test
 252          */
 253 
 254         cmpldi  cr0,r15,0                       /* Check for user region */
 255         oris    r11,r11,_PAGE_ACCESSED@h
 256         beq     tlb_miss_common_bolted
 257         b       itlb_miss_kernel_bolted
 258 
 259 #ifdef CONFIG_PPC_FSL_BOOK3E
 260 /*
 261  * TLB miss handling for e6500 and derivatives, using hardware tablewalk.
 262  *
 263  * Linear mapping is bolted: no virtual page table or nested TLB misses
 264  * Indirect entries in TLB1, hardware loads resulting direct entries
 265  *    into TLB0
 266  * No HES or NV hint on TLB1, so we need to do software round-robin
 267  * No tlbsrx. so we need a spinlock, and we have to deal
 268  *    with MAS-damage caused by tlbsx
 269  * 4K pages only
 270  */
 271 
 272         START_EXCEPTION(instruction_tlb_miss_e6500)
 273         tlb_prolog_bolted BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR0
 274 
 275         ld      r11,PACA_TCD_PTR(r13)
 276         srdi.   r15,r16,60              /* get region */
 277         ori     r16,r16,1
 278 
 279         TLB_MISS_STATS_SAVE_INFO_BOLTED
 280         bne     tlb_miss_kernel_e6500   /* user/kernel test */
 281 
 282         b       tlb_miss_common_e6500
 283 
 284         START_EXCEPTION(data_tlb_miss_e6500)
 285         tlb_prolog_bolted BOOKE_INTERRUPT_DTLB_MISS SPRN_DEAR
 286 
 287         ld      r11,PACA_TCD_PTR(r13)
 288         srdi.   r15,r16,60              /* get region */
 289         rldicr  r16,r16,0,62
 290 
 291         TLB_MISS_STATS_SAVE_INFO_BOLTED
 292         bne     tlb_miss_kernel_e6500   /* user vs kernel check */
 293 
 294 /*
 295  * This is the guts of the TLB miss handler for e6500 and derivatives.
 296  * We are entered with:
 297  *
 298  * r16 = page of faulting address (low bit 0 if data, 1 if instruction)
 299  * r15 = crap (free to use)
 300  * r14 = page table base
 301  * r13 = PACA
 302  * r11 = tlb_per_core ptr
 303  * r10 = crap (free to use)
 304  * r7  = esel_next
 305  */
 306 tlb_miss_common_e6500:
 307         crmove  cr2*4+2,cr0*4+2         /* cr2.eq != 0 if kernel address */
 308 
 309 BEGIN_FTR_SECTION               /* CPU_FTR_SMT */
 310         /*
 311          * Search if we already have an indirect entry for that virtual
 312          * address, and if we do, bail out.
 313          *
 314          * MAS6:IND should be already set based on MAS4
 315          */
 316         lhz     r10,PACAPACAINDEX(r13)
 317         addi    r10,r10,1
 318         crclr   cr1*4+eq        /* set cr1.eq = 0 for non-recursive */
 319 1:      lbarx   r15,0,r11
 320         cmpdi   r15,0
 321         bne     2f
 322         stbcx.  r10,0,r11
 323         bne     1b
 324 3:
 325         .subsection 1
 326 2:      cmpd    cr1,r15,r10     /* recursive lock due to mcheck/crit/etc? */
 327         beq     cr1,3b          /* unlock will happen if cr1.eq = 0 */
 328 10:     lbz     r15,0(r11)
 329         cmpdi   r15,0
 330         bne     10b
 331         b       1b
 332         .previous
 333 END_FTR_SECTION_IFSET(CPU_FTR_SMT)
 334 
 335         lbz     r7,TCD_ESEL_NEXT(r11)
 336 
 337 BEGIN_FTR_SECTION               /* CPU_FTR_SMT */
 338         /*
 339          * Erratum A-008139 says that we can't use tlbwe to change
 340          * an indirect entry in any way (including replacing or
 341          * invalidating) if the other thread could be in the process
 342          * of a lookup.  The workaround is to invalidate the entry
 343          * with tlbilx before overwriting.
 344          */
 345 
 346         rlwinm  r10,r7,16,0xff0000
 347         oris    r10,r10,MAS0_TLBSEL(1)@h
 348         mtspr   SPRN_MAS0,r10
 349         isync
 350         tlbre
 351         mfspr   r15,SPRN_MAS1
 352         andis.  r15,r15,MAS1_VALID@h
 353         beq     5f
 354 
 355 BEGIN_FTR_SECTION_NESTED(532)
 356         mfspr   r10,SPRN_MAS8
 357         rlwinm  r10,r10,0,0x80000fff  /* tgs,tlpid -> sgs,slpid */
 358         mtspr   SPRN_MAS5,r10
 359 END_FTR_SECTION_NESTED(CPU_FTR_EMB_HV,CPU_FTR_EMB_HV,532)
 360 
 361         mfspr   r10,SPRN_MAS1
 362         rlwinm  r15,r10,0,0x3fff0000  /* tid -> spid */
 363         rlwimi  r15,r10,20,0x00000003 /* ind,ts -> sind,sas */
 364         mfspr   r10,SPRN_MAS6
 365         mtspr   SPRN_MAS6,r15
 366 
 367         mfspr   r15,SPRN_MAS2
 368         isync
 369         tlbilxva 0,r15
 370         isync
 371 
 372         mtspr   SPRN_MAS6,r10
 373 
 374 5:
 375 BEGIN_FTR_SECTION_NESTED(532)
 376         li      r10,0
 377         mtspr   SPRN_MAS8,r10
 378         mtspr   SPRN_MAS5,r10
 379 END_FTR_SECTION_NESTED(CPU_FTR_EMB_HV,CPU_FTR_EMB_HV,532)
 380 
 381         tlbsx   0,r16
 382         mfspr   r10,SPRN_MAS1
 383         andis.  r15,r10,MAS1_VALID@h
 384         bne     tlb_miss_done_e6500
 385 FTR_SECTION_ELSE
 386         mfspr   r10,SPRN_MAS1
 387 ALT_FTR_SECTION_END_IFSET(CPU_FTR_SMT)
 388 
 389         oris    r10,r10,MAS1_VALID@h
 390         beq     cr2,4f
 391         rlwinm  r10,r10,0,16,1          /* Clear TID */
 392 4:      mtspr   SPRN_MAS1,r10
 393 
 394         /* Now, we need to walk the page tables. First check if we are in
 395          * range.
 396          */
 397         rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4
 398         bne-    tlb_miss_fault_e6500
 399 
 400         rldicl  r15,r16,64-PGDIR_SHIFT+3,64-PGD_INDEX_SIZE-3
 401         cmpldi  cr0,r14,0
 402         clrrdi  r15,r15,3
 403         beq-    tlb_miss_fault_e6500 /* No PGDIR, bail */
 404         ldx     r14,r14,r15             /* grab pgd entry */
 405 
 406         rldicl  r15,r16,64-PUD_SHIFT+3,64-PUD_INDEX_SIZE-3
 407         clrrdi  r15,r15,3
 408         cmpdi   cr0,r14,0
 409         bge     tlb_miss_huge_e6500     /* Bad pgd entry or hugepage; bail */
 410         ldx     r14,r14,r15             /* grab pud entry */
 411 
 412         rldicl  r15,r16,64-PMD_SHIFT+3,64-PMD_INDEX_SIZE-3
 413         clrrdi  r15,r15,3
 414         cmpdi   cr0,r14,0
 415         bge     tlb_miss_huge_e6500
 416         ldx     r14,r14,r15             /* Grab pmd entry */
 417 
 418         mfspr   r10,SPRN_MAS0
 419         cmpdi   cr0,r14,0
 420         bge     tlb_miss_huge_e6500
 421 
 422         /* Now we build the MAS for a 2M indirect page:
 423          *
 424          * MAS 0   :    ESEL needs to be filled by software round-robin
 425          * MAS 1   :    Fully set up
 426          *               - PID already updated by caller if necessary
 427          *               - TSIZE for now is base ind page size always
 428          *               - TID already cleared if necessary
 429          * MAS 2   :    Default not 2M-aligned, need to be redone
 430          * MAS 3+7 :    Needs to be done
 431          */
 432 
 433         ori     r14,r14,(BOOK3E_PAGESZ_4K << MAS3_SPSIZE_SHIFT)
 434         mtspr   SPRN_MAS7_MAS3,r14
 435 
 436         clrrdi  r15,r16,21              /* make EA 2M-aligned */
 437         mtspr   SPRN_MAS2,r15
 438 
 439 tlb_miss_huge_done_e6500:
 440         lbz     r16,TCD_ESEL_MAX(r11)
 441         lbz     r14,TCD_ESEL_FIRST(r11)
 442         rlwimi  r10,r7,16,0x00ff0000    /* insert esel_next into MAS0 */
 443         addi    r7,r7,1                 /* increment esel_next */
 444         mtspr   SPRN_MAS0,r10
 445         cmpw    r7,r16
 446         iseleq  r7,r14,r7               /* if next == last use first */
 447         stb     r7,TCD_ESEL_NEXT(r11)
 448 
 449         tlbwe
 450 
 451 tlb_miss_done_e6500:
 452         .macro  tlb_unlock_e6500
 453 BEGIN_FTR_SECTION
 454         beq     cr1,1f          /* no unlock if lock was recursively grabbed */
 455         li      r15,0
 456         isync
 457         stb     r15,0(r11)
 458 1:
 459 END_FTR_SECTION_IFSET(CPU_FTR_SMT)
 460         .endm
 461 
 462         tlb_unlock_e6500
 463         TLB_MISS_STATS_X(MMSTAT_TLB_MISS_NORM_OK)
 464         tlb_epilog_bolted
 465         rfi
 466 
 467 tlb_miss_huge_e6500:
 468         beq     tlb_miss_fault_e6500
 469         li      r10,1
 470         andi.   r15,r14,HUGEPD_SHIFT_MASK@l /* r15 = psize */
 471         rldimi  r14,r10,63,0            /* Set PD_HUGE */
 472         xor     r14,r14,r15             /* Clear size bits */
 473         ldx     r14,0,r14
 474 
 475         /*
 476          * Now we build the MAS for a huge page.
 477          *
 478          * MAS 0   :    ESEL needs to be filled by software round-robin
 479          *               - can be handled by indirect code
 480          * MAS 1   :    Need to clear IND and set TSIZE
 481          * MAS 2,3+7:   Needs to be redone similar to non-tablewalk handler
 482          */
 483 
 484         subi    r15,r15,10              /* Convert psize to tsize */
 485         mfspr   r10,SPRN_MAS1
 486         rlwinm  r10,r10,0,~MAS1_IND
 487         rlwimi  r10,r15,MAS1_TSIZE_SHIFT,MAS1_TSIZE_MASK
 488         mtspr   SPRN_MAS1,r10
 489 
 490         li      r10,-0x400
 491         sld     r15,r10,r15             /* Generate mask based on size */
 492         and     r10,r16,r15
 493         rldicr  r15,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT
 494         rlwimi  r10,r14,32-19,27,31     /* Insert WIMGE */
 495         clrldi  r15,r15,PAGE_SHIFT      /* Clear crap at the top */
 496         rlwimi  r15,r14,32-8,22,25      /* Move in U bits */
 497         mtspr   SPRN_MAS2,r10
 498         andi.   r10,r14,_PAGE_DIRTY
 499         rlwimi  r15,r14,32-2,26,31      /* Move in BAP bits */
 500 
 501         /* Mask out SW and UW if !DIRTY (XXX optimize this !) */
 502         bne     1f
 503         li      r10,MAS3_SW|MAS3_UW
 504         andc    r15,r15,r10
 505 1:
 506         mtspr   SPRN_MAS7_MAS3,r15
 507 
 508         mfspr   r10,SPRN_MAS0
 509         b       tlb_miss_huge_done_e6500
 510 
 511 tlb_miss_kernel_e6500:
 512         ld      r14,PACA_KERNELPGD(r13)
 513         cmpldi  cr1,r15,8               /* Check for vmalloc region */
 514         beq+    cr1,tlb_miss_common_e6500
 515 
 516 tlb_miss_fault_e6500:
 517         tlb_unlock_e6500
 518         /* We need to check if it was an instruction miss */
 519         andi.   r16,r16,1
 520         bne     itlb_miss_fault_e6500
 521 dtlb_miss_fault_e6500:
 522         TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT)
 523         tlb_epilog_bolted
 524         b       exc_data_storage_book3e
 525 itlb_miss_fault_e6500:
 526         TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT)
 527         tlb_epilog_bolted
 528         b       exc_instruction_storage_book3e
 529 #endif /* CONFIG_PPC_FSL_BOOK3E */
 530 
 531 /**********************************************************************
 532  *                                                                    *
 533  * TLB miss handling for Book3E with TLB reservation and HES support  *
 534  *                                                                    *
 535  **********************************************************************/
 536 
 537 
 538 /* Data TLB miss */
 539         START_EXCEPTION(data_tlb_miss)
 540         TLB_MISS_PROLOG
 541 
 542         /* Now we handle the fault proper. We only save DEAR in normal
 543          * fault case since that's the only interesting values here.
 544          * We could probably also optimize by not saving SRR0/1 in the
 545          * linear mapping case but I'll leave that for later
 546          */
 547         mfspr   r14,SPRN_ESR
 548         mfspr   r16,SPRN_DEAR           /* get faulting address */
 549         srdi    r15,r16,60              /* get region */
 550         cmpldi  cr0,r15,0xc             /* linear mapping ? */
 551         TLB_MISS_STATS_SAVE_INFO
 552         beq     tlb_load_linear         /* yes -> go to linear map load */
 553 
 554         /* The page tables are mapped virtually linear. At this point, though,
 555          * we don't know whether we are trying to fault in a first level
 556          * virtual address or a virtual page table address. We can get that
 557          * from bit 0x1 of the region ID which we have set for a page table
 558          */
 559         andi.   r10,r15,0x1
 560         bne-    virt_page_table_tlb_miss
 561 
 562         std     r14,EX_TLB_ESR(r12);    /* save ESR */
 563         std     r16,EX_TLB_DEAR(r12);   /* save DEAR */
 564 
 565          /* We need _PAGE_PRESENT and  _PAGE_ACCESSED set */
 566         li      r11,_PAGE_PRESENT
 567         oris    r11,r11,_PAGE_ACCESSED@h
 568 
 569         /* We do the user/kernel test for the PID here along with the RW test
 570          */
 571         cmpldi  cr0,r15,0               /* Check for user region */
 572 
 573         /* We pre-test some combination of permissions to avoid double
 574          * faults:
 575          *
 576          * We move the ESR:ST bit into the position of _PAGE_BAP_SW in the PTE
 577          * ESR_ST   is 0x00800000
 578          * _PAGE_BAP_SW is 0x00000010
 579          * So the shift is >> 19. This tests for supervisor writeability.
 580          * If the page happens to be supervisor writeable and not user
 581          * writeable, we will take a new fault later, but that should be
 582          * a rare enough case.
 583          *
 584          * We also move ESR_ST in _PAGE_DIRTY position
 585          * _PAGE_DIRTY is 0x00001000 so the shift is >> 11
 586          *
 587          * MAS1 is preset for all we need except for TID that needs to
 588          * be cleared for kernel translations
 589          */
 590         rlwimi  r11,r14,32-19,27,27
 591         rlwimi  r11,r14,32-16,19,19
 592         beq     normal_tlb_miss
 593         /* XXX replace the RMW cycles with immediate loads + writes */
 594 1:      mfspr   r10,SPRN_MAS1
 595         cmpldi  cr0,r15,8               /* Check for vmalloc region */
 596         rlwinm  r10,r10,0,16,1          /* Clear TID */
 597         mtspr   SPRN_MAS1,r10
 598         beq+    normal_tlb_miss
 599 
 600         /* We got a crappy address, just fault with whatever DEAR and ESR
 601          * are here
 602          */
 603         TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT)
 604         TLB_MISS_EPILOG_ERROR
 605         b       exc_data_storage_book3e
 606 
 607 /* Instruction TLB miss */
 608         START_EXCEPTION(instruction_tlb_miss)
 609         TLB_MISS_PROLOG
 610 
 611         /* If we take a recursive fault, the second level handler may need
 612          * to know whether we are handling a data or instruction fault in
 613          * order to get to the right store fault handler. We provide that
 614          * info by writing a crazy value in ESR in our exception frame
 615          */
 616         li      r14,-1  /* store to exception frame is done later */
 617 
 618         /* Now we handle the fault proper. We only save DEAR in the non
 619          * linear mapping case since we know the linear mapping case will
 620          * not re-enter. We could indeed optimize and also not save SRR0/1
 621          * in the linear mapping case but I'll leave that for later
 622          *
 623          * Faulting address is SRR0 which is already in r16
 624          */
 625         srdi    r15,r16,60              /* get region */
 626         cmpldi  cr0,r15,0xc             /* linear mapping ? */
 627         TLB_MISS_STATS_SAVE_INFO
 628         beq     tlb_load_linear         /* yes -> go to linear map load */
 629 
 630         /* We do the user/kernel test for the PID here along with the RW test
 631          */
 632         li      r11,_PAGE_PRESENT|_PAGE_EXEC    /* Base perm */
 633         oris    r11,r11,_PAGE_ACCESSED@h
 634 
 635         cmpldi  cr0,r15,0                       /* Check for user region */
 636         std     r14,EX_TLB_ESR(r12)             /* write crazy -1 to frame */
 637         beq     normal_tlb_miss
 638 
 639         li      r11,_PAGE_PRESENT|_PAGE_BAP_SX  /* Base perm */
 640         oris    r11,r11,_PAGE_ACCESSED@h
 641         /* XXX replace the RMW cycles with immediate loads + writes */
 642         mfspr   r10,SPRN_MAS1
 643         cmpldi  cr0,r15,8                       /* Check for vmalloc region */
 644         rlwinm  r10,r10,0,16,1                  /* Clear TID */
 645         mtspr   SPRN_MAS1,r10
 646         beq+    normal_tlb_miss
 647 
 648         /* We got a crappy address, just fault */
 649         TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT)
 650         TLB_MISS_EPILOG_ERROR
 651         b       exc_instruction_storage_book3e
 652 
 653 /*
 654  * This is the guts of the first-level TLB miss handler for direct
 655  * misses. We are entered with:
 656  *
 657  * r16 = faulting address
 658  * r15 = region ID
 659  * r14 = crap (free to use)
 660  * r13 = PACA
 661  * r12 = TLB exception frame in PACA
 662  * r11 = PTE permission mask
 663  * r10 = crap (free to use)
 664  */
 665 normal_tlb_miss:
 666         /* So we first construct the page table address. We do that by
 667          * shifting the bottom of the address (not the region ID) by
 668          * PAGE_SHIFT-3, clearing the bottom 3 bits (get a PTE ptr) and
 669          * or'ing the fourth high bit.
 670          *
 671          * NOTE: For 64K pages, we do things slightly differently in
 672          * order to handle the weird page table format used by linux
 673          */
 674         ori     r10,r15,0x1
 675         rldicl  r14,r16,64-(PAGE_SHIFT-3),PAGE_SHIFT-3+4
 676         sldi    r15,r10,60
 677         clrrdi  r14,r14,3
 678         or      r10,r15,r14
 679 
 680 BEGIN_MMU_FTR_SECTION
 681         /* Set the TLB reservation and search for existing entry. Then load
 682          * the entry.
 683          */
 684         PPC_TLBSRX_DOT(0,R16)
 685         ld      r14,0(r10)
 686         beq     normal_tlb_miss_done
 687 MMU_FTR_SECTION_ELSE
 688         ld      r14,0(r10)
 689 ALT_MMU_FTR_SECTION_END_IFSET(MMU_FTR_USE_TLBRSRV)
 690 
 691 finish_normal_tlb_miss:
 692         /* Check if required permissions are met */
 693         andc.   r15,r11,r14
 694         bne-    normal_tlb_miss_access_fault
 695 
 696         /* Now we build the MAS:
 697          *
 698          * MAS 0   :    Fully setup with defaults in MAS4 and TLBnCFG
 699          * MAS 1   :    Almost fully setup
 700          *               - PID already updated by caller if necessary
 701          *               - TSIZE need change if !base page size, not
 702          *                 yet implemented for now
 703          * MAS 2   :    Defaults not useful, need to be redone
 704          * MAS 3+7 :    Needs to be done
 705          *
 706          * TODO: mix up code below for better scheduling
 707          */
 708         clrrdi  r11,r16,12              /* Clear low crap in EA */
 709         rlwimi  r11,r14,32-19,27,31     /* Insert WIMGE */
 710         mtspr   SPRN_MAS2,r11
 711 
 712         /* Check page size, if not standard, update MAS1 */
 713         rldicl  r11,r14,64-8,64-8
 714         cmpldi  cr0,r11,BOOK3E_PAGESZ_4K
 715         beq-    1f
 716         mfspr   r11,SPRN_MAS1
 717         rlwimi  r11,r14,31,21,24
 718         rlwinm  r11,r11,0,21,19
 719         mtspr   SPRN_MAS1,r11
 720 1:
 721         /* Move RPN in position */
 722         rldicr  r11,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT
 723         clrldi  r15,r11,12              /* Clear crap at the top */
 724         rlwimi  r15,r14,32-8,22,25      /* Move in U bits */
 725         rlwimi  r15,r14,32-2,26,31      /* Move in BAP bits */
 726 
 727         /* Mask out SW and UW if !DIRTY (XXX optimize this !) */
 728         andi.   r11,r14,_PAGE_DIRTY
 729         bne     1f
 730         li      r11,MAS3_SW|MAS3_UW
 731         andc    r15,r15,r11
 732 1:
 733 BEGIN_MMU_FTR_SECTION
 734         srdi    r16,r15,32
 735         mtspr   SPRN_MAS3,r15
 736         mtspr   SPRN_MAS7,r16
 737 MMU_FTR_SECTION_ELSE
 738         mtspr   SPRN_MAS7_MAS3,r15
 739 ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS)
 740 
 741         tlbwe
 742 
 743 normal_tlb_miss_done:
 744         /* We don't bother with restoring DEAR or ESR since we know we are
 745          * level 0 and just going back to userland. They are only needed
 746          * if you are going to take an access fault
 747          */
 748         TLB_MISS_STATS_X(MMSTAT_TLB_MISS_NORM_OK)
 749         TLB_MISS_EPILOG_SUCCESS
 750         rfi
 751 
 752 normal_tlb_miss_access_fault:
 753         /* We need to check if it was an instruction miss */
 754         andi.   r10,r11,_PAGE_EXEC
 755         bne     1f
 756         ld      r14,EX_TLB_DEAR(r12)
 757         ld      r15,EX_TLB_ESR(r12)
 758         mtspr   SPRN_DEAR,r14
 759         mtspr   SPRN_ESR,r15
 760         TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT)
 761         TLB_MISS_EPILOG_ERROR
 762         b       exc_data_storage_book3e
 763 1:      TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT)
 764         TLB_MISS_EPILOG_ERROR
 765         b       exc_instruction_storage_book3e
 766 
 767 
 768 /*
 769  * This is the guts of the second-level TLB miss handler for direct
 770  * misses. We are entered with:
 771  *
 772  * r16 = virtual page table faulting address
 773  * r15 = region (top 4 bits of address)
 774  * r14 = crap (free to use)
 775  * r13 = PACA
 776  * r12 = TLB exception frame in PACA
 777  * r11 = crap (free to use)
 778  * r10 = crap (free to use)
 779  *
 780  * Note that this should only ever be called as a second level handler
 781  * with the current scheme when using SW load.
 782  * That means we can always get the original fault DEAR at
 783  * EX_TLB_DEAR-EX_TLB_SIZE(r12)
 784  *
 785  * It can be re-entered by the linear mapping miss handler. However, to
 786  * avoid too much complication, it will restart the whole fault at level
 787  * 0 so we don't care too much about clobbers
 788  *
 789  * XXX That code was written back when we couldn't clobber r14. We can now,
 790  * so we could probably optimize things a bit
 791  */
 792 virt_page_table_tlb_miss:
 793         /* Are we hitting a kernel page table ? */
 794         andi.   r10,r15,0x8
 795 
 796         /* The cool thing now is that r10 contains 0 for user and 8 for kernel,
 797          * and we happen to have the swapper_pg_dir at offset 8 from the user
 798          * pgdir in the PACA :-).
 799          */
 800         add     r11,r10,r13
 801 
 802         /* If kernel, we need to clear MAS1 TID */
 803         beq     1f
 804         /* XXX replace the RMW cycles with immediate loads + writes */
 805         mfspr   r10,SPRN_MAS1
 806         rlwinm  r10,r10,0,16,1                  /* Clear TID */
 807         mtspr   SPRN_MAS1,r10
 808 1:
 809 BEGIN_MMU_FTR_SECTION
 810         /* Search if we already have a TLB entry for that virtual address, and
 811          * if we do, bail out.
 812          */
 813         PPC_TLBSRX_DOT(0,R16)
 814         beq     virt_page_table_tlb_miss_done
 815 END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_TLBRSRV)
 816 
 817         /* Now, we need to walk the page tables. First check if we are in
 818          * range.
 819          */
 820         rldicl. r10,r16,64-(VPTE_INDEX_SIZE+3),VPTE_INDEX_SIZE+3+4
 821         bne-    virt_page_table_tlb_miss_fault
 822 
 823         /* Get the PGD pointer */
 824         ld      r15,PACAPGD(r11)
 825         cmpldi  cr0,r15,0
 826         beq-    virt_page_table_tlb_miss_fault
 827 
 828         /* Get to PGD entry */
 829         rldicl  r11,r16,64-VPTE_PGD_SHIFT,64-PGD_INDEX_SIZE-3
 830         clrrdi  r10,r11,3
 831         ldx     r15,r10,r15
 832         cmpdi   cr0,r15,0
 833         bge     virt_page_table_tlb_miss_fault
 834 
 835         /* Get to PUD entry */
 836         rldicl  r11,r16,64-VPTE_PUD_SHIFT,64-PUD_INDEX_SIZE-3
 837         clrrdi  r10,r11,3
 838         ldx     r15,r10,r15
 839         cmpdi   cr0,r15,0
 840         bge     virt_page_table_tlb_miss_fault
 841 
 842         /* Get to PMD entry */
 843         rldicl  r11,r16,64-VPTE_PMD_SHIFT,64-PMD_INDEX_SIZE-3
 844         clrrdi  r10,r11,3
 845         ldx     r15,r10,r15
 846         cmpdi   cr0,r15,0
 847         bge     virt_page_table_tlb_miss_fault
 848 
 849         /* Ok, we're all right, we can now create a kernel translation for
 850          * a 4K or 64K page from r16 -> r15.
 851          */
 852         /* Now we build the MAS:
 853          *
 854          * MAS 0   :    Fully setup with defaults in MAS4 and TLBnCFG
 855          * MAS 1   :    Almost fully setup
 856          *               - PID already updated by caller if necessary
 857          *               - TSIZE for now is base page size always
 858          * MAS 2   :    Use defaults
 859          * MAS 3+7 :    Needs to be done
 860          *
 861          * So we only do MAS 2 and 3 for now...
 862          */
 863         clrldi  r11,r15,4               /* remove region ID from RPN */
 864         ori     r10,r11,1               /* Or-in SR */
 865 
 866 BEGIN_MMU_FTR_SECTION
 867         srdi    r16,r10,32
 868         mtspr   SPRN_MAS3,r10
 869         mtspr   SPRN_MAS7,r16
 870 MMU_FTR_SECTION_ELSE
 871         mtspr   SPRN_MAS7_MAS3,r10
 872 ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS)
 873 
 874         tlbwe
 875 
 876 BEGIN_MMU_FTR_SECTION
 877 virt_page_table_tlb_miss_done:
 878 
 879         /* We have overridden MAS2:EPN but currently our primary TLB miss
 880          * handler will always restore it so that should not be an issue,
 881          * if we ever optimize the primary handler to not write MAS2 on
 882          * some cases, we'll have to restore MAS2:EPN here based on the
 883          * original fault's DEAR. If we do that we have to modify the
 884          * ITLB miss handler to also store SRR0 in the exception frame
 885          * as DEAR.
 886          *
 887          * However, one nasty thing we did is we cleared the reservation
 888          * (well, potentially we did). We do a trick here thus if we
 889          * are not a level 0 exception (we interrupted the TLB miss) we
 890          * offset the return address by -4 in order to replay the tlbsrx
 891          * instruction there
 892          */
 893         subf    r10,r13,r12
 894         cmpldi  cr0,r10,PACA_EXTLB+EX_TLB_SIZE
 895         bne-    1f
 896         ld      r11,PACA_EXTLB+EX_TLB_SIZE+EX_TLB_SRR0(r13)
 897         addi    r10,r11,-4
 898         std     r10,PACA_EXTLB+EX_TLB_SIZE+EX_TLB_SRR0(r13)
 899 1:
 900 END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_TLBRSRV)
 901         /* Return to caller, normal case */
 902         TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_OK);
 903         TLB_MISS_EPILOG_SUCCESS
 904         rfi
 905 
 906 virt_page_table_tlb_miss_fault:
 907         /* If we fault here, things are a little bit tricky. We need to call
 908          * either data or instruction store fault, and we need to retrieve
 909          * the original fault address and ESR (for data).
 910          *
 911          * The thing is, we know that in normal circumstances, this is
 912          * always called as a second level tlb miss for SW load or as a first
 913          * level TLB miss for HW load, so we should be able to peek at the
 914          * relevant information in the first exception frame in the PACA.
 915          *
 916          * However, we do need to double check that, because we may just hit
 917          * a stray kernel pointer or a userland attack trying to hit those
 918          * areas. If that is the case, we do a data fault. (We can't get here
 919          * from an instruction tlb miss anyway).
 920          *
 921          * Note also that when going to a fault, we must unwind the previous
 922          * level as well. Since we are doing that, we don't need to clear or
 923          * restore the TLB reservation neither.
 924          */
 925         subf    r10,r13,r12
 926         cmpldi  cr0,r10,PACA_EXTLB+EX_TLB_SIZE
 927         bne-    virt_page_table_tlb_miss_whacko_fault
 928 
 929         /* We dig the original DEAR and ESR from slot 0 */
 930         ld      r15,EX_TLB_DEAR+PACA_EXTLB(r13)
 931         ld      r16,EX_TLB_ESR+PACA_EXTLB(r13)
 932 
 933         /* We check for the "special" ESR value for instruction faults */
 934         cmpdi   cr0,r16,-1
 935         beq     1f
 936         mtspr   SPRN_DEAR,r15
 937         mtspr   SPRN_ESR,r16
 938         TLB_MISS_STATS_D(MMSTAT_TLB_MISS_PT_FAULT);
 939         TLB_MISS_EPILOG_ERROR
 940         b       exc_data_storage_book3e
 941 1:      TLB_MISS_STATS_I(MMSTAT_TLB_MISS_PT_FAULT);
 942         TLB_MISS_EPILOG_ERROR
 943         b       exc_instruction_storage_book3e
 944 
 945 virt_page_table_tlb_miss_whacko_fault:
 946         /* The linear fault will restart everything so ESR and DEAR will
 947          * not have been clobbered, let's just fault with what we have
 948          */
 949         TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_FAULT);
 950         TLB_MISS_EPILOG_ERROR
 951         b       exc_data_storage_book3e
 952 
 953 
 954 /**************************************************************
 955  *                                                            *
 956  * TLB miss handling for Book3E with hw page table support    *
 957  *                                                            *
 958  **************************************************************/
 959 
 960 
 961 /* Data TLB miss */
 962         START_EXCEPTION(data_tlb_miss_htw)
 963         TLB_MISS_PROLOG
 964 
 965         /* Now we handle the fault proper. We only save DEAR in normal
 966          * fault case since that's the only interesting values here.
 967          * We could probably also optimize by not saving SRR0/1 in the
 968          * linear mapping case but I'll leave that for later
 969          */
 970         mfspr   r14,SPRN_ESR
 971         mfspr   r16,SPRN_DEAR           /* get faulting address */
 972         srdi    r11,r16,60              /* get region */
 973         cmpldi  cr0,r11,0xc             /* linear mapping ? */
 974         TLB_MISS_STATS_SAVE_INFO
 975         beq     tlb_load_linear         /* yes -> go to linear map load */
 976 
 977         /* We do the user/kernel test for the PID here along with the RW test
 978          */
 979         cmpldi  cr0,r11,0               /* Check for user region */
 980         ld      r15,PACAPGD(r13)        /* Load user pgdir */
 981         beq     htw_tlb_miss
 982 
 983         /* XXX replace the RMW cycles with immediate loads + writes */
 984 1:      mfspr   r10,SPRN_MAS1
 985         cmpldi  cr0,r11,8               /* Check for vmalloc region */
 986         rlwinm  r10,r10,0,16,1          /* Clear TID */
 987         mtspr   SPRN_MAS1,r10
 988         ld      r15,PACA_KERNELPGD(r13) /* Load kernel pgdir */
 989         beq+    htw_tlb_miss
 990 
 991         /* We got a crappy address, just fault with whatever DEAR and ESR
 992          * are here
 993          */
 994         TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT)
 995         TLB_MISS_EPILOG_ERROR
 996         b       exc_data_storage_book3e
 997 
 998 /* Instruction TLB miss */
 999         START_EXCEPTION(instruction_tlb_miss_htw)
1000         TLB_MISS_PROLOG
1001 
1002         /* If we take a recursive fault, the second level handler may need
1003          * to know whether we are handling a data or instruction fault in
1004          * order to get to the right store fault handler. We provide that
1005          * info by keeping a crazy value for ESR in r14
1006          */
1007         li      r14,-1  /* store to exception frame is done later */
1008 
1009         /* Now we handle the fault proper. We only save DEAR in the non
1010          * linear mapping case since we know the linear mapping case will
1011          * not re-enter. We could indeed optimize and also not save SRR0/1
1012          * in the linear mapping case but I'll leave that for later
1013          *
1014          * Faulting address is SRR0 which is already in r16
1015          */
1016         srdi    r11,r16,60              /* get region */
1017         cmpldi  cr0,r11,0xc             /* linear mapping ? */
1018         TLB_MISS_STATS_SAVE_INFO
1019         beq     tlb_load_linear         /* yes -> go to linear map load */
1020 
1021         /* We do the user/kernel test for the PID here along with the RW test
1022          */
1023         cmpldi  cr0,r11,0                       /* Check for user region */
1024         ld      r15,PACAPGD(r13)                /* Load user pgdir */
1025         beq     htw_tlb_miss
1026 
1027         /* XXX replace the RMW cycles with immediate loads + writes */
1028 1:      mfspr   r10,SPRN_MAS1
1029         cmpldi  cr0,r11,8                       /* Check for vmalloc region */
1030         rlwinm  r10,r10,0,16,1                  /* Clear TID */
1031         mtspr   SPRN_MAS1,r10
1032         ld      r15,PACA_KERNELPGD(r13)         /* Load kernel pgdir */
1033         beq+    htw_tlb_miss
1034 
1035         /* We got a crappy address, just fault */
1036         TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT)
1037         TLB_MISS_EPILOG_ERROR
1038         b       exc_instruction_storage_book3e
1039 
1040 
1041 /*
1042  * This is the guts of the second-level TLB miss handler for direct
1043  * misses. We are entered with:
1044  *
1045  * r16 = virtual page table faulting address
1046  * r15 = PGD pointer
1047  * r14 = ESR
1048  * r13 = PACA
1049  * r12 = TLB exception frame in PACA
1050  * r11 = crap (free to use)
1051  * r10 = crap (free to use)
1052  *
1053  * It can be re-entered by the linear mapping miss handler. However, to
1054  * avoid too much complication, it will save/restore things for us
1055  */
1056 htw_tlb_miss:
1057         /* Search if we already have a TLB entry for that virtual address, and
1058          * if we do, bail out.
1059          *
1060          * MAS1:IND should be already set based on MAS4
1061          */
1062         PPC_TLBSRX_DOT(0,R16)
1063         beq     htw_tlb_miss_done
1064 
1065         /* Now, we need to walk the page tables. First check if we are in
1066          * range.
1067          */
1068         rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4
1069         bne-    htw_tlb_miss_fault
1070 
1071         /* Get the PGD pointer */
1072         cmpldi  cr0,r15,0
1073         beq-    htw_tlb_miss_fault
1074 
1075         /* Get to PGD entry */
1076         rldicl  r11,r16,64-(PGDIR_SHIFT-3),64-PGD_INDEX_SIZE-3
1077         clrrdi  r10,r11,3
1078         ldx     r15,r10,r15
1079         cmpdi   cr0,r15,0
1080         bge     htw_tlb_miss_fault
1081 
1082         /* Get to PUD entry */
1083         rldicl  r11,r16,64-(PUD_SHIFT-3),64-PUD_INDEX_SIZE-3
1084         clrrdi  r10,r11,3
1085         ldx     r15,r10,r15
1086         cmpdi   cr0,r15,0
1087         bge     htw_tlb_miss_fault
1088 
1089         /* Get to PMD entry */
1090         rldicl  r11,r16,64-(PMD_SHIFT-3),64-PMD_INDEX_SIZE-3
1091         clrrdi  r10,r11,3
1092         ldx     r15,r10,r15
1093         cmpdi   cr0,r15,0
1094         bge     htw_tlb_miss_fault
1095 
1096         /* Ok, we're all right, we can now create an indirect entry for
1097          * a 1M or 256M page.
1098          *
1099          * The last trick is now that because we use "half" pages for
1100          * the HTW (1M IND is 2K and 256M IND is 32K) we need to account
1101          * for an added LSB bit to the RPN. For 64K pages, there is no
1102          * problem as we already use 32K arrays (half PTE pages), but for
1103          * 4K page we need to extract a bit from the virtual address and
1104          * insert it into the "PA52" bit of the RPN.
1105          */
1106         rlwimi  r15,r16,32-9,20,20
1107         /* Now we build the MAS:
1108          *
1109          * MAS 0   :    Fully setup with defaults in MAS4 and TLBnCFG
1110          * MAS 1   :    Almost fully setup
1111          *               - PID already updated by caller if necessary
1112          *               - TSIZE for now is base ind page size always
1113          * MAS 2   :    Use defaults
1114          * MAS 3+7 :    Needs to be done
1115          */
1116         ori     r10,r15,(BOOK3E_PAGESZ_4K << MAS3_SPSIZE_SHIFT)
1117 
1118 BEGIN_MMU_FTR_SECTION
1119         srdi    r16,r10,32
1120         mtspr   SPRN_MAS3,r10
1121         mtspr   SPRN_MAS7,r16
1122 MMU_FTR_SECTION_ELSE
1123         mtspr   SPRN_MAS7_MAS3,r10
1124 ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS)
1125 
1126         tlbwe
1127 
1128 htw_tlb_miss_done:
1129         /* We don't bother with restoring DEAR or ESR since we know we are
1130          * level 0 and just going back to userland. They are only needed
1131          * if you are going to take an access fault
1132          */
1133         TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_OK)
1134         TLB_MISS_EPILOG_SUCCESS
1135         rfi
1136 
1137 htw_tlb_miss_fault:
1138         /* We need to check if it was an instruction miss. We know this
1139          * though because r14 would contain -1
1140          */
1141         cmpdi   cr0,r14,-1
1142         beq     1f
1143         mtspr   SPRN_DEAR,r16
1144         mtspr   SPRN_ESR,r14
1145         TLB_MISS_STATS_D(MMSTAT_TLB_MISS_PT_FAULT)
1146         TLB_MISS_EPILOG_ERROR
1147         b       exc_data_storage_book3e
1148 1:      TLB_MISS_STATS_I(MMSTAT_TLB_MISS_PT_FAULT)
1149         TLB_MISS_EPILOG_ERROR
1150         b       exc_instruction_storage_book3e
1151 
1152 /*
1153  * This is the guts of "any" level TLB miss handler for kernel linear
1154  * mapping misses. We are entered with:
1155  *
1156  *
1157  * r16 = faulting address
1158  * r15 = crap (free to use)
1159  * r14 = ESR (data) or -1 (instruction)
1160  * r13 = PACA
1161  * r12 = TLB exception frame in PACA
1162  * r11 = crap (free to use)
1163  * r10 = crap (free to use)
1164  *
1165  * In addition we know that we will not re-enter, so in theory, we could
1166  * use a simpler epilog not restoring SRR0/1 etc.. but we'll do that later.
1167  *
1168  * We also need to be careful about MAS registers here & TLB reservation,
1169  * as we know we'll have clobbered them if we interrupt the main TLB miss
1170  * handlers in which case we probably want to do a full restart at level
1171  * 0 rather than saving / restoring the MAS.
1172  *
1173  * Note: If we care about performance of that core, we can easily shuffle
1174  *       a few things around
1175  */
1176 tlb_load_linear:
1177         /* For now, we assume the linear mapping is contiguous and stops at
1178          * linear_map_top. We also assume the size is a multiple of 1G, thus
1179          * we only use 1G pages for now. That might have to be changed in a
1180          * final implementation, especially when dealing with hypervisors
1181          */
1182         ld      r11,PACATOC(r13)
1183         ld      r11,linear_map_top@got(r11)
1184         ld      r10,0(r11)
1185         tovirt(10,10)
1186         cmpld   cr0,r16,r10
1187         bge     tlb_load_linear_fault
1188 
1189         /* MAS1 need whole new setup. */
1190         li      r15,(BOOK3E_PAGESZ_1GB<<MAS1_TSIZE_SHIFT)
1191         oris    r15,r15,MAS1_VALID@h    /* MAS1 needs V and TSIZE */
1192         mtspr   SPRN_MAS1,r15
1193 
1194         /* Already somebody there ? */
1195         PPC_TLBSRX_DOT(0,R16)
1196         beq     tlb_load_linear_done
1197 
1198         /* Now we build the remaining MAS. MAS0 and 2 should be fine
1199          * with their defaults, which leaves us with MAS 3 and 7. The
1200          * mapping is linear, so we just take the address, clear the
1201          * region bits, and or in the permission bits which are currently
1202          * hard wired
1203          */
1204         clrrdi  r10,r16,30              /* 1G page index */
1205         clrldi  r10,r10,4               /* clear region bits */
1206         ori     r10,r10,MAS3_SR|MAS3_SW|MAS3_SX
1207 
1208 BEGIN_MMU_FTR_SECTION
1209         srdi    r16,r10,32
1210         mtspr   SPRN_MAS3,r10
1211         mtspr   SPRN_MAS7,r16
1212 MMU_FTR_SECTION_ELSE
1213         mtspr   SPRN_MAS7_MAS3,r10
1214 ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS)
1215 
1216         tlbwe
1217 
1218 tlb_load_linear_done:
1219         /* We use the "error" epilog for success as we do want to
1220          * restore to the initial faulting context, whatever it was.
1221          * We do that because we can't resume a fault within a TLB
1222          * miss handler, due to MAS and TLB reservation being clobbered.
1223          */
1224         TLB_MISS_STATS_X(MMSTAT_TLB_MISS_LINEAR)
1225         TLB_MISS_EPILOG_ERROR
1226         rfi
1227 
1228 tlb_load_linear_fault:
1229         /* We keep the DEAR and ESR around, this shouldn't have happened */
1230         cmpdi   cr0,r14,-1
1231         beq     1f
1232         TLB_MISS_EPILOG_ERROR_SPECIAL
1233         b       exc_data_storage_book3e
1234 1:      TLB_MISS_EPILOG_ERROR_SPECIAL
1235         b       exc_instruction_storage_book3e
1236 
1237 
1238 #ifdef CONFIG_BOOK3E_MMU_TLB_STATS
1239 .tlb_stat_inc:
1240 1:      ldarx   r8,0,r9
1241         addi    r8,r8,1
1242         stdcx.  r8,0,r9
1243         bne-    1b
1244         blr
1245 #endif