1/* 2 * Low level TLB miss handlers for Book3E 3 * 4 * Copyright (C) 2008-2009 5 * Ben. Herrenschmidt (benh@kernel.crashing.org), IBM Corp. 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License 9 * as published by the Free Software Foundation; either version 10 * 2 of the License, or (at your option) any later version. 11 */ 12 13#include <asm/processor.h> 14#include <asm/reg.h> 15#include <asm/page.h> 16#include <asm/mmu.h> 17#include <asm/ppc_asm.h> 18#include <asm/asm-offsets.h> 19#include <asm/cputable.h> 20#include <asm/pgtable.h> 21#include <asm/exception-64e.h> 22#include <asm/ppc-opcode.h> 23 24#ifdef CONFIG_PPC_64K_PAGES 25#define VPTE_PMD_SHIFT (PTE_INDEX_SIZE+1) 26#else 27#define VPTE_PMD_SHIFT (PTE_INDEX_SIZE) 28#endif 29#define VPTE_PUD_SHIFT (VPTE_PMD_SHIFT + PMD_INDEX_SIZE) 30#define VPTE_PGD_SHIFT (VPTE_PUD_SHIFT + PUD_INDEX_SIZE) 31#define VPTE_INDEX_SIZE (VPTE_PGD_SHIFT + PGD_INDEX_SIZE) 32 33 34/********************************************************************** 35 * * 36 * TLB miss handling for Book3E with TLB reservation and HES support * 37 * * 38 **********************************************************************/ 39 40 41/* Data TLB miss */ 42 START_EXCEPTION(data_tlb_miss) 43 TLB_MISS_PROLOG 44 45 /* Now we handle the fault proper. We only save DEAR in normal 46 * fault case since that's the only interesting values here. 47 * We could probably also optimize by not saving SRR0/1 in the 48 * linear mapping case but I'll leave that for later 49 */ 50 mfspr r14,SPRN_ESR 51 mfspr r16,SPRN_DEAR /* get faulting address */ 52 srdi r15,r16,60 /* get region */ 53 cmpldi cr0,r15,0xc /* linear mapping ? */ 54 TLB_MISS_STATS_SAVE_INFO 55 beq tlb_load_linear /* yes -> go to linear map load */ 56 57 /* The page tables are mapped virtually linear. At this point, though, 58 * we don't know whether we are trying to fault in a first level 59 * virtual address or a virtual page table address. We can get that 60 * from bit 0x1 of the region ID which we have set for a page table 61 */ 62 andi. r10,r15,0x1 63 bne- virt_page_table_tlb_miss 64 65 std r14,EX_TLB_ESR(r12); /* save ESR */ 66 std r16,EX_TLB_DEAR(r12); /* save DEAR */ 67 68 /* We need _PAGE_PRESENT and _PAGE_ACCESSED set */ 69 li r11,_PAGE_PRESENT 70 oris r11,r11,_PAGE_ACCESSED@h 71 72 /* We do the user/kernel test for the PID here along with the RW test 73 */ 74 cmpldi cr0,r15,0 /* Check for user region */ 75 76 /* We pre-test some combination of permissions to avoid double 77 * faults: 78 * 79 * We move the ESR:ST bit into the position of _PAGE_BAP_SW in the PTE 80 * ESR_ST is 0x00800000 81 * _PAGE_BAP_SW is 0x00000010 82 * So the shift is >> 19. This tests for supervisor writeability. 83 * If the page happens to be supervisor writeable and not user 84 * writeable, we will take a new fault later, but that should be 85 * a rare enough case. 86 * 87 * We also move ESR_ST in _PAGE_DIRTY position 88 * _PAGE_DIRTY is 0x00001000 so the shift is >> 11 89 * 90 * MAS1 is preset for all we need except for TID that needs to 91 * be cleared for kernel translations 92 */ 93 rlwimi r11,r14,32-19,27,27 94 rlwimi r11,r14,32-16,19,19 95 beq normal_tlb_miss 96 /* XXX replace the RMW cycles with immediate loads + writes */ 971: mfspr r10,SPRN_MAS1 98 cmpldi cr0,r15,8 /* Check for vmalloc region */ 99 rlwinm r10,r10,0,16,1 /* Clear TID */ 100 mtspr SPRN_MAS1,r10 101 beq+ normal_tlb_miss 102 103 /* We got a crappy address, just fault with whatever DEAR and ESR 104 * are here 105 */ 106 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT) 107 TLB_MISS_EPILOG_ERROR 108 b exc_data_storage_book3e 109 110/* Instruction TLB miss */ 111 START_EXCEPTION(instruction_tlb_miss) 112 TLB_MISS_PROLOG 113 114 /* If we take a recursive fault, the second level handler may need 115 * to know whether we are handling a data or instruction fault in 116 * order to get to the right store fault handler. We provide that 117 * info by writing a crazy value in ESR in our exception frame 118 */ 119 li r14,-1 /* store to exception frame is done later */ 120 121 /* Now we handle the fault proper. We only save DEAR in the non 122 * linear mapping case since we know the linear mapping case will 123 * not re-enter. We could indeed optimize and also not save SRR0/1 124 * in the linear mapping case but I'll leave that for later 125 * 126 * Faulting address is SRR0 which is already in r16 127 */ 128 srdi r15,r16,60 /* get region */ 129 cmpldi cr0,r15,0xc /* linear mapping ? */ 130 TLB_MISS_STATS_SAVE_INFO 131 beq tlb_load_linear /* yes -> go to linear map load */ 132 133 /* We do the user/kernel test for the PID here along with the RW test 134 */ 135 li r11,_PAGE_PRESENT|_PAGE_EXEC /* Base perm */ 136 oris r11,r11,_PAGE_ACCESSED@h 137 138 cmpldi cr0,r15,0 /* Check for user region */ 139 std r14,EX_TLB_ESR(r12) /* write crazy -1 to frame */ 140 beq normal_tlb_miss 141 142 li r11,_PAGE_PRESENT|_PAGE_BAP_SX /* Base perm */ 143 oris r11,r11,_PAGE_ACCESSED@h 144 /* XXX replace the RMW cycles with immediate loads + writes */ 145 mfspr r10,SPRN_MAS1 146 cmpldi cr0,r15,8 /* Check for vmalloc region */ 147 rlwinm r10,r10,0,16,1 /* Clear TID */ 148 mtspr SPRN_MAS1,r10 149 beq+ normal_tlb_miss 150 151 /* We got a crappy address, just fault */ 152 TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT) 153 TLB_MISS_EPILOG_ERROR 154 b exc_instruction_storage_book3e 155 156/* 157 * This is the guts of the first-level TLB miss handler for direct 158 * misses. We are entered with: 159 * 160 * r16 = faulting address 161 * r15 = region ID 162 * r14 = crap (free to use) 163 * r13 = PACA 164 * r12 = TLB exception frame in PACA 165 * r11 = PTE permission mask 166 * r10 = crap (free to use) 167 */ 168normal_tlb_miss: 169 /* So we first construct the page table address. We do that by 170 * shifting the bottom of the address (not the region ID) by 171 * PAGE_SHIFT-3, clearing the bottom 3 bits (get a PTE ptr) and 172 * or'ing the fourth high bit. 173 * 174 * NOTE: For 64K pages, we do things slightly differently in 175 * order to handle the weird page table format used by linux 176 */ 177 ori r10,r15,0x1 178#ifdef CONFIG_PPC_64K_PAGES 179 /* For the top bits, 16 bytes per PTE */ 180 rldicl r14,r16,64-(PAGE_SHIFT-4),PAGE_SHIFT-4+4 181 /* Now create the bottom bits as 0 in position 0x8000 and 182 * the rest calculated for 8 bytes per PTE 183 */ 184 rldicl r15,r16,64-(PAGE_SHIFT-3),64-15 185 /* Insert the bottom bits in */ 186 rlwimi r14,r15,0,16,31 187#else 188 rldicl r14,r16,64-(PAGE_SHIFT-3),PAGE_SHIFT-3+4 189#endif 190 sldi r15,r10,60 191 clrrdi r14,r14,3 192 or r10,r15,r14 193 194BEGIN_MMU_FTR_SECTION 195 /* Set the TLB reservation and seach for existing entry. Then load 196 * the entry. 197 */ 198 PPC_TLBSRX_DOT(0,r16) 199 ld r14,0(r10) 200 beq normal_tlb_miss_done 201MMU_FTR_SECTION_ELSE 202 ld r14,0(r10) 203ALT_MMU_FTR_SECTION_END_IFSET(MMU_FTR_USE_TLBRSRV) 204 205finish_normal_tlb_miss: 206 /* Check if required permissions are met */ 207 andc. r15,r11,r14 208 bne- normal_tlb_miss_access_fault 209 210 /* Now we build the MAS: 211 * 212 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG 213 * MAS 1 : Almost fully setup 214 * - PID already updated by caller if necessary 215 * - TSIZE need change if !base page size, not 216 * yet implemented for now 217 * MAS 2 : Defaults not useful, need to be redone 218 * MAS 3+7 : Needs to be done 219 * 220 * TODO: mix up code below for better scheduling 221 */ 222 clrrdi r11,r16,12 /* Clear low crap in EA */ 223 rlwimi r11,r14,32-19,27,31 /* Insert WIMGE */ 224 mtspr SPRN_MAS2,r11 225 226 /* Check page size, if not standard, update MAS1 */ 227 rldicl r11,r14,64-8,64-8 228#ifdef CONFIG_PPC_64K_PAGES 229 cmpldi cr0,r11,BOOK3E_PAGESZ_64K 230#else 231 cmpldi cr0,r11,BOOK3E_PAGESZ_4K 232#endif 233 beq- 1f 234 mfspr r11,SPRN_MAS1 235 rlwimi r11,r14,31,21,24 236 rlwinm r11,r11,0,21,19 237 mtspr SPRN_MAS1,r11 2381: 239 /* Move RPN in position */ 240 rldicr r11,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT 241 clrldi r15,r11,12 /* Clear crap at the top */ 242 rlwimi r15,r14,32-8,22,25 /* Move in U bits */ 243 rlwimi r15,r14,32-2,26,31 /* Move in BAP bits */ 244 245 /* Mask out SW and UW if !DIRTY (XXX optimize this !) */ 246 andi. r11,r14,_PAGE_DIRTY 247 bne 1f 248 li r11,MAS3_SW|MAS3_UW 249 andc r15,r15,r11 2501: 251BEGIN_MMU_FTR_SECTION 252 srdi r16,r15,32 253 mtspr SPRN_MAS3,r15 254 mtspr SPRN_MAS7,r16 255MMU_FTR_SECTION_ELSE 256 mtspr SPRN_MAS7_MAS3,r15 257ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) 258 259 tlbwe 260 261normal_tlb_miss_done: 262 /* We don't bother with restoring DEAR or ESR since we know we are 263 * level 0 and just going back to userland. They are only needed 264 * if you are going to take an access fault 265 */ 266 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_NORM_OK) 267 TLB_MISS_EPILOG_SUCCESS 268 rfi 269 270normal_tlb_miss_access_fault: 271 /* We need to check if it was an instruction miss */ 272 andi. r10,r11,_PAGE_EXEC 273 bne 1f 274 ld r14,EX_TLB_DEAR(r12) 275 ld r15,EX_TLB_ESR(r12) 276 mtspr SPRN_DEAR,r14 277 mtspr SPRN_ESR,r15 278 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT) 279 TLB_MISS_EPILOG_ERROR 280 b exc_data_storage_book3e 2811: TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT) 282 TLB_MISS_EPILOG_ERROR 283 b exc_instruction_storage_book3e 284 285 286/* 287 * This is the guts of the second-level TLB miss handler for direct 288 * misses. We are entered with: 289 * 290 * r16 = virtual page table faulting address 291 * r15 = region (top 4 bits of address) 292 * r14 = crap (free to use) 293 * r13 = PACA 294 * r12 = TLB exception frame in PACA 295 * r11 = crap (free to use) 296 * r10 = crap (free to use) 297 * 298 * Note that this should only ever be called as a second level handler 299 * with the current scheme when using SW load. 300 * That means we can always get the original fault DEAR at 301 * EX_TLB_DEAR-EX_TLB_SIZE(r12) 302 * 303 * It can be re-entered by the linear mapping miss handler. However, to 304 * avoid too much complication, it will restart the whole fault at level 305 * 0 so we don't care too much about clobbers 306 * 307 * XXX That code was written back when we couldn't clobber r14. We can now, 308 * so we could probably optimize things a bit 309 */ 310virt_page_table_tlb_miss: 311 /* Are we hitting a kernel page table ? */ 312 andi. r10,r15,0x8 313 314 /* The cool thing now is that r10 contains 0 for user and 8 for kernel, 315 * and we happen to have the swapper_pg_dir at offset 8 from the user 316 * pgdir in the PACA :-). 317 */ 318 add r11,r10,r13 319 320 /* If kernel, we need to clear MAS1 TID */ 321 beq 1f 322 /* XXX replace the RMW cycles with immediate loads + writes */ 323 mfspr r10,SPRN_MAS1 324 rlwinm r10,r10,0,16,1 /* Clear TID */ 325 mtspr SPRN_MAS1,r10 3261: 327BEGIN_MMU_FTR_SECTION 328 /* Search if we already have a TLB entry for that virtual address, and 329 * if we do, bail out. 330 */ 331 PPC_TLBSRX_DOT(0,r16) 332 beq virt_page_table_tlb_miss_done 333END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_TLBRSRV) 334 335 /* Now, we need to walk the page tables. First check if we are in 336 * range. 337 */ 338 rldicl. r10,r16,64-(VPTE_INDEX_SIZE+3),VPTE_INDEX_SIZE+3+4 339 bne- virt_page_table_tlb_miss_fault 340 341 /* Get the PGD pointer */ 342 ld r15,PACAPGD(r11) 343 cmpldi cr0,r15,0 344 beq- virt_page_table_tlb_miss_fault 345 346 /* Get to PGD entry */ 347 rldicl r11,r16,64-VPTE_PGD_SHIFT,64-PGD_INDEX_SIZE-3 348 clrrdi r10,r11,3 349 ldx r15,r10,r15 350 cmpldi cr0,r15,0 351 beq virt_page_table_tlb_miss_fault 352 353#ifndef CONFIG_PPC_64K_PAGES 354 /* Get to PUD entry */ 355 rldicl r11,r16,64-VPTE_PUD_SHIFT,64-PUD_INDEX_SIZE-3 356 clrrdi r10,r11,3 357 ldx r15,r10,r15 358 cmpldi cr0,r15,0 359 beq virt_page_table_tlb_miss_fault 360#endif /* CONFIG_PPC_64K_PAGES */ 361 362 /* Get to PMD entry */ 363 rldicl r11,r16,64-VPTE_PMD_SHIFT,64-PMD_INDEX_SIZE-3 364 clrrdi r10,r11,3 365 ldx r15,r10,r15 366 cmpldi cr0,r15,0 367 beq virt_page_table_tlb_miss_fault 368 369 /* Ok, we're all right, we can now create a kernel translation for 370 * a 4K or 64K page from r16 -> r15. 371 */ 372 /* Now we build the MAS: 373 * 374 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG 375 * MAS 1 : Almost fully setup 376 * - PID already updated by caller if necessary 377 * - TSIZE for now is base page size always 378 * MAS 2 : Use defaults 379 * MAS 3+7 : Needs to be done 380 * 381 * So we only do MAS 2 and 3 for now... 382 */ 383 clrldi r11,r15,4 /* remove region ID from RPN */ 384 ori r10,r11,1 /* Or-in SR */ 385 386BEGIN_MMU_FTR_SECTION 387 srdi r16,r10,32 388 mtspr SPRN_MAS3,r10 389 mtspr SPRN_MAS7,r16 390MMU_FTR_SECTION_ELSE 391 mtspr SPRN_MAS7_MAS3,r10 392ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) 393 394 tlbwe 395 396BEGIN_MMU_FTR_SECTION 397virt_page_table_tlb_miss_done: 398 399 /* We have overriden MAS2:EPN but currently our primary TLB miss 400 * handler will always restore it so that should not be an issue, 401 * if we ever optimize the primary handler to not write MAS2 on 402 * some cases, we'll have to restore MAS2:EPN here based on the 403 * original fault's DEAR. If we do that we have to modify the 404 * ITLB miss handler to also store SRR0 in the exception frame 405 * as DEAR. 406 * 407 * However, one nasty thing we did is we cleared the reservation 408 * (well, potentially we did). We do a trick here thus if we 409 * are not a level 0 exception (we interrupted the TLB miss) we 410 * offset the return address by -4 in order to replay the tlbsrx 411 * instruction there 412 */ 413 subf r10,r13,r12 414 cmpldi cr0,r10,PACA_EXTLB+EX_TLB_SIZE 415 bne- 1f 416 ld r11,PACA_EXTLB+EX_TLB_SIZE+EX_TLB_SRR0(r13) 417 addi r10,r11,-4 418 std r10,PACA_EXTLB+EX_TLB_SIZE+EX_TLB_SRR0(r13) 4191: 420END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_TLBRSRV) 421 /* Return to caller, normal case */ 422 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_OK); 423 TLB_MISS_EPILOG_SUCCESS 424 rfi 425 426virt_page_table_tlb_miss_fault: 427 /* If we fault here, things are a little bit tricky. We need to call 428 * either data or instruction store fault, and we need to retreive 429 * the original fault address and ESR (for data). 430 * 431 * The thing is, we know that in normal circumstances, this is 432 * always called as a second level tlb miss for SW load or as a first 433 * level TLB miss for HW load, so we should be able to peek at the 434 * relevant informations in the first exception frame in the PACA. 435 * 436 * However, we do need to double check that, because we may just hit 437 * a stray kernel pointer or a userland attack trying to hit those 438 * areas. If that is the case, we do a data fault. (We can't get here 439 * from an instruction tlb miss anyway). 440 * 441 * Note also that when going to a fault, we must unwind the previous 442 * level as well. Since we are doing that, we don't need to clear or 443 * restore the TLB reservation neither. 444 */ 445 subf r10,r13,r12 446 cmpldi cr0,r10,PACA_EXTLB+EX_TLB_SIZE 447 bne- virt_page_table_tlb_miss_whacko_fault 448 449 /* We dig the original DEAR and ESR from slot 0 */ 450 ld r15,EX_TLB_DEAR+PACA_EXTLB(r13) 451 ld r16,EX_TLB_ESR+PACA_EXTLB(r13) 452 453 /* We check for the "special" ESR value for instruction faults */ 454 cmpdi cr0,r16,-1 455 beq 1f 456 mtspr SPRN_DEAR,r15 457 mtspr SPRN_ESR,r16 458 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_PT_FAULT); 459 TLB_MISS_EPILOG_ERROR 460 b exc_data_storage_book3e 4611: TLB_MISS_STATS_I(MMSTAT_TLB_MISS_PT_FAULT); 462 TLB_MISS_EPILOG_ERROR 463 b exc_instruction_storage_book3e 464 465virt_page_table_tlb_miss_whacko_fault: 466 /* The linear fault will restart everything so ESR and DEAR will 467 * not have been clobbered, let's just fault with what we have 468 */ 469 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_FAULT); 470 TLB_MISS_EPILOG_ERROR 471 b exc_data_storage_book3e 472 473 474/************************************************************** 475 * * 476 * TLB miss handling for Book3E with hw page table support * 477 * * 478 **************************************************************/ 479 480 481/* Data TLB miss */ 482 START_EXCEPTION(data_tlb_miss_htw) 483 TLB_MISS_PROLOG 484 485 /* Now we handle the fault proper. We only save DEAR in normal 486 * fault case since that's the only interesting values here. 487 * We could probably also optimize by not saving SRR0/1 in the 488 * linear mapping case but I'll leave that for later 489 */ 490 mfspr r14,SPRN_ESR 491 mfspr r16,SPRN_DEAR /* get faulting address */ 492 srdi r11,r16,60 /* get region */ 493 cmpldi cr0,r11,0xc /* linear mapping ? */ 494 TLB_MISS_STATS_SAVE_INFO 495 beq tlb_load_linear /* yes -> go to linear map load */ 496 497 /* We do the user/kernel test for the PID here along with the RW test 498 */ 499 cmpldi cr0,r11,0 /* Check for user region */ 500 ld r15,PACAPGD(r13) /* Load user pgdir */ 501 beq htw_tlb_miss 502 503 /* XXX replace the RMW cycles with immediate loads + writes */ 5041: mfspr r10,SPRN_MAS1 505 cmpldi cr0,r11,8 /* Check for vmalloc region */ 506 rlwinm r10,r10,0,16,1 /* Clear TID */ 507 mtspr SPRN_MAS1,r10 508 ld r15,PACA_KERNELPGD(r13) /* Load kernel pgdir */ 509 beq+ htw_tlb_miss 510 511 /* We got a crappy address, just fault with whatever DEAR and ESR 512 * are here 513 */ 514 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_NORM_FAULT) 515 TLB_MISS_EPILOG_ERROR 516 b exc_data_storage_book3e 517 518/* Instruction TLB miss */ 519 START_EXCEPTION(instruction_tlb_miss_htw) 520 TLB_MISS_PROLOG 521 522 /* If we take a recursive fault, the second level handler may need 523 * to know whether we are handling a data or instruction fault in 524 * order to get to the right store fault handler. We provide that 525 * info by keeping a crazy value for ESR in r14 526 */ 527 li r14,-1 /* store to exception frame is done later */ 528 529 /* Now we handle the fault proper. We only save DEAR in the non 530 * linear mapping case since we know the linear mapping case will 531 * not re-enter. We could indeed optimize and also not save SRR0/1 532 * in the linear mapping case but I'll leave that for later 533 * 534 * Faulting address is SRR0 which is already in r16 535 */ 536 srdi r11,r16,60 /* get region */ 537 cmpldi cr0,r11,0xc /* linear mapping ? */ 538 TLB_MISS_STATS_SAVE_INFO 539 beq tlb_load_linear /* yes -> go to linear map load */ 540 541 /* We do the user/kernel test for the PID here along with the RW test 542 */ 543 cmpldi cr0,r11,0 /* Check for user region */ 544 ld r15,PACAPGD(r13) /* Load user pgdir */ 545 beq htw_tlb_miss 546 547 /* XXX replace the RMW cycles with immediate loads + writes */ 5481: mfspr r10,SPRN_MAS1 549 cmpldi cr0,r11,8 /* Check for vmalloc region */ 550 rlwinm r10,r10,0,16,1 /* Clear TID */ 551 mtspr SPRN_MAS1,r10 552 ld r15,PACA_KERNELPGD(r13) /* Load kernel pgdir */ 553 beq+ htw_tlb_miss 554 555 /* We got a crappy address, just fault */ 556 TLB_MISS_STATS_I(MMSTAT_TLB_MISS_NORM_FAULT) 557 TLB_MISS_EPILOG_ERROR 558 b exc_instruction_storage_book3e 559 560 561/* 562 * This is the guts of the second-level TLB miss handler for direct 563 * misses. We are entered with: 564 * 565 * r16 = virtual page table faulting address 566 * r15 = PGD pointer 567 * r14 = ESR 568 * r13 = PACA 569 * r12 = TLB exception frame in PACA 570 * r11 = crap (free to use) 571 * r10 = crap (free to use) 572 * 573 * It can be re-entered by the linear mapping miss handler. However, to 574 * avoid too much complication, it will save/restore things for us 575 */ 576htw_tlb_miss: 577 /* Search if we already have a TLB entry for that virtual address, and 578 * if we do, bail out. 579 * 580 * MAS1:IND should be already set based on MAS4 581 */ 582 PPC_TLBSRX_DOT(0,r16) 583 beq htw_tlb_miss_done 584 585 /* Now, we need to walk the page tables. First check if we are in 586 * range. 587 */ 588 rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4 589 bne- htw_tlb_miss_fault 590 591 /* Get the PGD pointer */ 592 cmpldi cr0,r15,0 593 beq- htw_tlb_miss_fault 594 595 /* Get to PGD entry */ 596 rldicl r11,r16,64-(PGDIR_SHIFT-3),64-PGD_INDEX_SIZE-3 597 clrrdi r10,r11,3 598 ldx r15,r10,r15 599 cmpldi cr0,r15,0 600 beq htw_tlb_miss_fault 601 602#ifndef CONFIG_PPC_64K_PAGES 603 /* Get to PUD entry */ 604 rldicl r11,r16,64-(PUD_SHIFT-3),64-PUD_INDEX_SIZE-3 605 clrrdi r10,r11,3 606 ldx r15,r10,r15 607 cmpldi cr0,r15,0 608 beq htw_tlb_miss_fault 609#endif /* CONFIG_PPC_64K_PAGES */ 610 611 /* Get to PMD entry */ 612 rldicl r11,r16,64-(PMD_SHIFT-3),64-PMD_INDEX_SIZE-3 613 clrrdi r10,r11,3 614 ldx r15,r10,r15 615 cmpldi cr0,r15,0 616 beq htw_tlb_miss_fault 617 618 /* Ok, we're all right, we can now create an indirect entry for 619 * a 1M or 256M page. 620 * 621 * The last trick is now that because we use "half" pages for 622 * the HTW (1M IND is 2K and 256M IND is 32K) we need to account 623 * for an added LSB bit to the RPN. For 64K pages, there is no 624 * problem as we already use 32K arrays (half PTE pages), but for 625 * 4K page we need to extract a bit from the virtual address and 626 * insert it into the "PA52" bit of the RPN. 627 */ 628#ifndef CONFIG_PPC_64K_PAGES 629 rlwimi r15,r16,32-9,20,20 630#endif 631 /* Now we build the MAS: 632 * 633 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG 634 * MAS 1 : Almost fully setup 635 * - PID already updated by caller if necessary 636 * - TSIZE for now is base ind page size always 637 * MAS 2 : Use defaults 638 * MAS 3+7 : Needs to be done 639 */ 640#ifdef CONFIG_PPC_64K_PAGES 641 ori r10,r15,(BOOK3E_PAGESZ_64K << MAS3_SPSIZE_SHIFT) 642#else 643 ori r10,r15,(BOOK3E_PAGESZ_4K << MAS3_SPSIZE_SHIFT) 644#endif 645 646BEGIN_MMU_FTR_SECTION 647 srdi r16,r10,32 648 mtspr SPRN_MAS3,r10 649 mtspr SPRN_MAS7,r16 650MMU_FTR_SECTION_ELSE 651 mtspr SPRN_MAS7_MAS3,r10 652ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) 653 654 tlbwe 655 656htw_tlb_miss_done: 657 /* We don't bother with restoring DEAR or ESR since we know we are 658 * level 0 and just going back to userland. They are only needed 659 * if you are going to take an access fault 660 */ 661 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_PT_OK) 662 TLB_MISS_EPILOG_SUCCESS 663 rfi 664 665htw_tlb_miss_fault: 666 /* We need to check if it was an instruction miss. We know this 667 * though because r14 would contain -1 668 */ 669 cmpdi cr0,r14,-1 670 beq 1f 671 mtspr SPRN_DEAR,r16 672 mtspr SPRN_ESR,r14 673 TLB_MISS_STATS_D(MMSTAT_TLB_MISS_PT_FAULT) 674 TLB_MISS_EPILOG_ERROR 675 b exc_data_storage_book3e 6761: TLB_MISS_STATS_I(MMSTAT_TLB_MISS_PT_FAULT) 677 TLB_MISS_EPILOG_ERROR 678 b exc_instruction_storage_book3e 679 680/* 681 * This is the guts of "any" level TLB miss handler for kernel linear 682 * mapping misses. We are entered with: 683 * 684 * 685 * r16 = faulting address 686 * r15 = crap (free to use) 687 * r14 = ESR (data) or -1 (instruction) 688 * r13 = PACA 689 * r12 = TLB exception frame in PACA 690 * r11 = crap (free to use) 691 * r10 = crap (free to use) 692 * 693 * In addition we know that we will not re-enter, so in theory, we could 694 * use a simpler epilog not restoring SRR0/1 etc.. but we'll do that later. 695 * 696 * We also need to be careful about MAS registers here & TLB reservation, 697 * as we know we'll have clobbered them if we interrupt the main TLB miss 698 * handlers in which case we probably want to do a full restart at level 699 * 0 rather than saving / restoring the MAS. 700 * 701 * Note: If we care about performance of that core, we can easily shuffle 702 * a few things around 703 */ 704tlb_load_linear: 705 /* For now, we assume the linear mapping is contiguous and stops at 706 * linear_map_top. We also assume the size is a multiple of 1G, thus 707 * we only use 1G pages for now. That might have to be changed in a 708 * final implementation, especially when dealing with hypervisors 709 */ 710 ld r11,PACATOC(r13) 711 ld r11,linear_map_top@got(r11) 712 ld r10,0(r11) 713 cmpld cr0,r10,r16 714 bge tlb_load_linear_fault 715 716 /* MAS1 need whole new setup. */ 717 li r15,(BOOK3E_PAGESZ_1GB<<MAS1_TSIZE_SHIFT) 718 oris r15,r15,MAS1_VALID@h /* MAS1 needs V and TSIZE */ 719 mtspr SPRN_MAS1,r15 720 721 /* Already somebody there ? */ 722 PPC_TLBSRX_DOT(0,r16) 723 beq tlb_load_linear_done 724 725 /* Now we build the remaining MAS. MAS0 and 2 should be fine 726 * with their defaults, which leaves us with MAS 3 and 7. The 727 * mapping is linear, so we just take the address, clear the 728 * region bits, and or in the permission bits which are currently 729 * hard wired 730 */ 731 clrrdi r10,r16,30 /* 1G page index */ 732 clrldi r10,r10,4 /* clear region bits */ 733 ori r10,r10,MAS3_SR|MAS3_SW|MAS3_SX 734 735BEGIN_MMU_FTR_SECTION 736 srdi r16,r10,32 737 mtspr SPRN_MAS3,r10 738 mtspr SPRN_MAS7,r16 739MMU_FTR_SECTION_ELSE 740 mtspr SPRN_MAS7_MAS3,r10 741ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) 742 743 tlbwe 744 745tlb_load_linear_done: 746 /* We use the "error" epilog for success as we do want to 747 * restore to the initial faulting context, whatever it was. 748 * We do that because we can't resume a fault within a TLB 749 * miss handler, due to MAS and TLB reservation being clobbered. 750 */ 751 TLB_MISS_STATS_X(MMSTAT_TLB_MISS_LINEAR) 752 TLB_MISS_EPILOG_ERROR 753 rfi 754 755tlb_load_linear_fault: 756 /* We keep the DEAR and ESR around, this shouldn't have happened */ 757 cmpdi cr0,r14,-1 758 beq 1f 759 TLB_MISS_EPILOG_ERROR_SPECIAL 760 b exc_data_storage_book3e 7611: TLB_MISS_EPILOG_ERROR_SPECIAL 762 b exc_instruction_storage_book3e 763 764 765#ifdef CONFIG_BOOK3E_MMU_TLB_STATS 766.tlb_stat_inc: 7671: ldarx r8,0,r9 768 addi r8,r8,1 769 stdcx. r8,0,r9 770 bne- 1b 771 blr 772#endif 773