xref: /freebsd/sys/powerpc/aim/moea64_native.c (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause AND BSD-4-Clause
3  *
4  * Copyright (c) 2001 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This code is derived from software contributed to The NetBSD Foundation
8  * by Matt Thomas <matt@3am-software.com> of Allegro Networks, Inc.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  */
31 /*-
32  * Copyright (C) 1995, 1996 Wolfgang Solfrank.
33  * Copyright (C) 1995, 1996 TooLs GmbH.
34  * All rights reserved.
35  *
36  * Redistribution and use in source and binary forms, with or without
37  * modification, are permitted provided that the following conditions
38  * are met:
39  * 1. Redistributions of source code must retain the above copyright
40  *    notice, this list of conditions and the following disclaimer.
41  * 2. Redistributions in binary form must reproduce the above copyright
42  *    notice, this list of conditions and the following disclaimer in the
43  *    documentation and/or other materials provided with the distribution.
44  * 3. All advertising materials mentioning features or use of this software
45  *    must display the following acknowledgement:
46  *	This product includes software developed by TooLs GmbH.
47  * 4. The name of TooLs GmbH may not be used to endorse or promote products
48  *    derived from this software without specific prior written permission.
49  *
50  * THIS SOFTWARE IS PROVIDED BY TOOLS GMBH ``AS IS'' AND ANY EXPRESS OR
51  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
52  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
53  * IN NO EVENT SHALL TOOLS GMBH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
54  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
55  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
56  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
57  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
58  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
59  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
60  *
61  * $NetBSD: pmap.c,v 1.28 2000/03/26 20:42:36 kleink Exp $
62  */
63 /*-
64  * Copyright (C) 2001 Benno Rice.
65  * All rights reserved.
66  *
67  * Redistribution and use in source and binary forms, with or without
68  * modification, are permitted provided that the following conditions
69  * are met:
70  * 1. Redistributions of source code must retain the above copyright
71  *    notice, this list of conditions and the following disclaimer.
72  * 2. Redistributions in binary form must reproduce the above copyright
73  *    notice, this list of conditions and the following disclaimer in the
74  *    documentation and/or other materials provided with the distribution.
75  *
76  * THIS SOFTWARE IS PROVIDED BY Benno Rice ``AS IS'' AND ANY EXPRESS OR
77  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
78  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
79  * IN NO EVENT SHALL TOOLS GMBH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
80  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
81  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
82  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
83  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
84  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
85  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
86  */
87 
88 #include <sys/cdefs.h>
89 /*
90  * Native 64-bit page table operations for running without a hypervisor.
91  */
92 
93 #include <sys/param.h>
94 #include <sys/kernel.h>
95 #include <sys/ktr.h>
96 #include <sys/lock.h>
97 #include <sys/mutex.h>
98 #include <sys/proc.h>
99 #include <sys/sched.h>
100 #include <sys/sysctl.h>
101 #include <sys/systm.h>
102 #include <sys/rwlock.h>
103 #include <sys/endian.h>
104 
105 #include <sys/kdb.h>
106 
107 #include <vm/vm.h>
108 #include <vm/vm_param.h>
109 #include <vm/vm_kern.h>
110 #include <vm/vm_page.h>
111 #include <vm/vm_map.h>
112 #include <vm/vm_object.h>
113 #include <vm/vm_extern.h>
114 #include <vm/vm_pageout.h>
115 
116 #include <machine/cpu.h>
117 #include <machine/hid.h>
118 #include <machine/md_var.h>
119 #include <machine/mmuvar.h>
120 
121 #include "mmu_oea64.h"
122 
123 #define	PTESYNC()	__asm __volatile("ptesync");
124 #define	TLBSYNC()	__asm __volatile("tlbsync; ptesync");
125 #define	SYNC()		__asm __volatile("sync");
126 #define	EIEIO()		__asm __volatile("eieio");
127 
128 #define	VSID_HASH_MASK	0x0000007fffffffffULL
129 
130 /* POWER9 only permits a 64k partition table size. */
131 #define	PART_SIZE	0x10000
132 
133 /* Actual page sizes (to be used with tlbie, when L=0) */
134 #define	AP_4K		0x00
135 #define	AP_16M		0x80
136 
137 #define	LPTE_KERNEL_VSID_BIT	(KERNEL_VSID_BIT << \
138 				(16 - (ADDR_API_SHFT64 - ADDR_PIDX_SHFT)))
139 
140 /* Abbreviated Virtual Address Page - high bits */
141 #define	LPTE_AVA_PGNHI_MASK	0x0000000000000F80ULL
142 #define	LPTE_AVA_PGNHI_SHIFT	7
143 
144 /* Effective Address Page - low bits */
145 #define	EA_PAGELO_MASK		0x7ffULL
146 #define	EA_PAGELO_SHIFT		11
147 
148 static bool moea64_crop_tlbie;
149 static bool moea64_need_lock;
150 
151 /*
152  * The tlbie instruction has two forms: an old one used by PowerISA
153  * 2.03 and prior, and a newer one used by PowerISA 2.06 and later.
154  * We need to support both.
155  */
156 static __inline void
157 TLBIE(uint64_t vpn, uint64_t oldptehi)
158 {
159 #ifndef __powerpc64__
160 	register_t vpn_hi, vpn_lo;
161 	register_t msr;
162 	register_t scratch, intr;
163 #endif
164 
165 	static volatile u_int tlbie_lock = 0;
166 	bool need_lock = moea64_need_lock;
167 
168 	vpn <<= ADDR_PIDX_SHFT;
169 
170 	/* Hobo spinlock: we need stronger guarantees than mutexes provide */
171 	if (need_lock) {
172 		while (!atomic_cmpset_int(&tlbie_lock, 0, 1));
173 		isync(); /* Flush instruction queue once lock acquired */
174 
175 		if (moea64_crop_tlbie) {
176 			vpn &= ~(0xffffULL << 48);
177 #ifdef __powerpc64__
178 			if ((oldptehi & LPTE_BIG) != 0)
179 				__asm __volatile("tlbie %0, 1" :: "r"(vpn) :
180 				    "memory");
181 			else
182 				__asm __volatile("tlbie %0, 0" :: "r"(vpn) :
183 				    "memory");
184 			__asm __volatile("eieio; tlbsync; ptesync" :::
185 			    "memory");
186 			goto done;
187 #endif
188 		}
189 	}
190 
191 #ifdef __powerpc64__
192 	/*
193 	 * If this page has LPTE_BIG set and is from userspace, then
194 	 * it must be a superpage with 4KB base/16MB actual page size.
195 	 */
196 	if ((oldptehi & LPTE_BIG) != 0 &&
197 	    (oldptehi & LPTE_KERNEL_VSID_BIT) == 0)
198 		vpn |= AP_16M;
199 
200 	/*
201 	 * Explicitly clobber r0.  The tlbie instruction has two forms: an old
202 	 * one used by PowerISA 2.03 and prior, and a newer one used by PowerISA
203 	 * 2.06 (maybe 2.05?) and later.  We need to support both, and it just
204 	 * so happens that since we use 4k pages we can simply zero out r0, and
205 	 * clobber it, and the assembler will interpret the single-operand form
206 	 * of tlbie as having RB set, and everything else as 0.  The RS operand
207 	 * in the newer form is in the same position as the L(page size) bit of
208 	 * the old form, so a slong as RS is 0, we're good on both sides.
209 	 */
210 	__asm __volatile("li 0, 0 \n tlbie %0, 0" :: "r"(vpn) : "r0", "memory");
211 	__asm __volatile("eieio; tlbsync; ptesync" ::: "memory");
212 done:
213 
214 #else
215 	vpn_hi = (uint32_t)(vpn >> 32);
216 	vpn_lo = (uint32_t)vpn;
217 
218 	intr = intr_disable();
219 	__asm __volatile("\
220 	    mfmsr %0; \
221 	    mr %1, %0; \
222 	    insrdi %1,%5,1,0; \
223 	    mtmsrd %1; isync; \
224 	    \
225 	    sld %1,%2,%4; \
226 	    or %1,%1,%3; \
227 	    tlbie %1; \
228 	    \
229 	    mtmsrd %0; isync; \
230 	    eieio; \
231 	    tlbsync; \
232 	    ptesync;"
233 	: "=r"(msr), "=r"(scratch) : "r"(vpn_hi), "r"(vpn_lo), "r"(32), "r"(1)
234 	    : "memory");
235 	intr_restore(intr);
236 #endif
237 
238 	/* No barriers or special ops -- taken care of by ptesync above */
239 	if (need_lock)
240 		tlbie_lock = 0;
241 }
242 
243 #define DISABLE_TRANS(msr)	msr = mfmsr(); mtmsr(msr & ~PSL_DR)
244 #define ENABLE_TRANS(msr)	mtmsr(msr)
245 
246 /*
247  * PTEG data.
248  */
249 static volatile struct lpte *moea64_pteg_table;
250 static struct rwlock moea64_eviction_lock;
251 
252 static volatile struct pate *moea64_part_table;
253 
254 /*
255  * Dump function.
256  */
257 static void	*moea64_dump_pmap_native(void *ctx, void *buf,
258 		    u_long *nbytes);
259 
260 /*
261  * PTE calls.
262  */
263 static int64_t	moea64_pte_insert_native(struct pvo_entry *);
264 static int64_t	moea64_pte_synch_native(struct pvo_entry *);
265 static int64_t	moea64_pte_clear_native(struct pvo_entry *, uint64_t);
266 static int64_t	moea64_pte_replace_native(struct pvo_entry *, int);
267 static int64_t	moea64_pte_unset_native(struct pvo_entry *);
268 static int64_t	moea64_pte_insert_sp_native(struct pvo_entry *);
269 static int64_t	moea64_pte_unset_sp_native(struct pvo_entry *);
270 static int64_t	moea64_pte_replace_sp_native(struct pvo_entry *);
271 
272 /*
273  * Utility routines.
274  */
275 static void	moea64_bootstrap_native(
276 		    vm_offset_t kernelstart, vm_offset_t kernelend);
277 static void	moea64_cpu_bootstrap_native(int ap);
278 static void	tlbia(void);
279 static void	moea64_install_native(void);
280 
281 static struct pmap_funcs moea64_native_methods = {
282 	.install = moea64_install_native,
283 
284 	/* Internal interfaces */
285 	.bootstrap = moea64_bootstrap_native,
286 	.cpu_bootstrap = moea64_cpu_bootstrap_native,
287         .dumpsys_dump_pmap =         moea64_dump_pmap_native,
288 };
289 
290 static struct moea64_funcs moea64_native_funcs = {
291 	.pte_synch = moea64_pte_synch_native,
292 	.pte_clear = moea64_pte_clear_native,
293 	.pte_unset = moea64_pte_unset_native,
294 	.pte_replace = moea64_pte_replace_native,
295 	.pte_insert = moea64_pte_insert_native,
296 	.pte_insert_sp = moea64_pte_insert_sp_native,
297 	.pte_unset_sp = moea64_pte_unset_sp_native,
298 	.pte_replace_sp = moea64_pte_replace_sp_native,
299 };
300 
301 MMU_DEF_INHERIT(oea64_mmu_native, MMU_TYPE_G5, moea64_native_methods, oea64_mmu);
302 
303 static void
304 moea64_install_native(void)
305 {
306 
307 	/* Install the MOEA64 ops. */
308 	moea64_ops = &moea64_native_funcs;
309 
310 	moea64_install();
311 }
312 
313 static int64_t
314 moea64_pte_synch_native(struct pvo_entry *pvo)
315 {
316 	volatile struct lpte *pt = moea64_pteg_table + pvo->pvo_pte.slot;
317 	uint64_t ptelo, pvo_ptevpn;
318 
319 	PMAP_LOCK_ASSERT(pvo->pvo_pmap, MA_OWNED);
320 
321 	pvo_ptevpn = moea64_pte_vpn_from_pvo_vpn(pvo);
322 
323 	rw_rlock(&moea64_eviction_lock);
324 	if ((be64toh(pt->pte_hi) & LPTE_AVPN_MASK) != pvo_ptevpn) {
325 		/* Evicted */
326 		rw_runlock(&moea64_eviction_lock);
327 		return (-1);
328 	}
329 
330 	PTESYNC();
331 	ptelo = be64toh(pt->pte_lo);
332 
333 	rw_runlock(&moea64_eviction_lock);
334 
335 	return (ptelo & (LPTE_REF | LPTE_CHG));
336 }
337 
338 static int64_t
339 moea64_pte_clear_native(struct pvo_entry *pvo, uint64_t ptebit)
340 {
341 	volatile struct lpte *pt = moea64_pteg_table + pvo->pvo_pte.slot;
342 	struct lpte properpt;
343 	uint64_t ptelo;
344 
345 	PMAP_LOCK_ASSERT(pvo->pvo_pmap, MA_OWNED);
346 
347 	moea64_pte_from_pvo(pvo, &properpt);
348 
349 	rw_rlock(&moea64_eviction_lock);
350 	if ((be64toh(pt->pte_hi) & LPTE_AVPN_MASK) !=
351 	    (properpt.pte_hi & LPTE_AVPN_MASK)) {
352 		/* Evicted */
353 		rw_runlock(&moea64_eviction_lock);
354 		return (-1);
355 	}
356 
357 	if (ptebit == LPTE_REF) {
358 		/* See "Resetting the Reference Bit" in arch manual */
359 		PTESYNC();
360 		/* 2-step here safe: precision is not guaranteed */
361 		ptelo = be64toh(pt->pte_lo);
362 
363 		/* One-byte store to avoid touching the C bit */
364 		((volatile uint8_t *)(&pt->pte_lo))[6] =
365 #if BYTE_ORDER == BIG_ENDIAN
366 		    ((uint8_t *)(&properpt.pte_lo))[6];
367 #else
368 		    ((uint8_t *)(&properpt.pte_lo))[1];
369 #endif
370 		rw_runlock(&moea64_eviction_lock);
371 
372 		critical_enter();
373 		TLBIE(pvo->pvo_vpn, properpt.pte_hi);
374 		critical_exit();
375 	} else {
376 		rw_runlock(&moea64_eviction_lock);
377 		ptelo = moea64_pte_unset_native(pvo);
378 		moea64_pte_insert_native(pvo);
379 	}
380 
381 	return (ptelo & (LPTE_REF | LPTE_CHG));
382 }
383 
384 static __always_inline int64_t
385 moea64_pte_unset_locked(volatile struct lpte *pt, uint64_t vpn)
386 {
387 	uint64_t ptelo, ptehi;
388 
389 	/*
390 	 * Invalidate the pte, briefly locking it to collect RC bits. No
391 	 * atomics needed since this is protected against eviction by the lock.
392 	 */
393 	isync();
394 	critical_enter();
395 	ptehi = (be64toh(pt->pte_hi) & ~LPTE_VALID) | LPTE_LOCKED;
396 	pt->pte_hi = htobe64(ptehi);
397 	PTESYNC();
398 	TLBIE(vpn, ptehi);
399 	ptelo = be64toh(pt->pte_lo);
400 	*((volatile int32_t *)(&pt->pte_hi) + 1) = 0; /* Release lock */
401 	critical_exit();
402 
403 	/* Keep statistics */
404 	STAT_MOEA64(moea64_pte_valid--);
405 
406 	return (ptelo & (LPTE_CHG | LPTE_REF));
407 }
408 
409 static int64_t
410 moea64_pte_unset_native(struct pvo_entry *pvo)
411 {
412 	volatile struct lpte *pt = moea64_pteg_table + pvo->pvo_pte.slot;
413 	int64_t ret;
414 	uint64_t pvo_ptevpn;
415 
416 	pvo_ptevpn = moea64_pte_vpn_from_pvo_vpn(pvo);
417 
418 	rw_rlock(&moea64_eviction_lock);
419 
420 	if ((be64toh(pt->pte_hi) & LPTE_AVPN_MASK) != pvo_ptevpn) {
421 		/* Evicted */
422 		STAT_MOEA64(moea64_pte_overflow--);
423 		ret = -1;
424 	} else
425 		ret = moea64_pte_unset_locked(pt, pvo->pvo_vpn);
426 
427 	rw_runlock(&moea64_eviction_lock);
428 
429 	return (ret);
430 }
431 
432 static int64_t
433 moea64_pte_replace_inval_native(struct pvo_entry *pvo,
434     volatile struct lpte *pt)
435 {
436 	struct lpte properpt;
437 	uint64_t ptelo, ptehi;
438 
439 	moea64_pte_from_pvo(pvo, &properpt);
440 
441 	rw_rlock(&moea64_eviction_lock);
442 	if ((be64toh(pt->pte_hi) & LPTE_AVPN_MASK) !=
443 	    (properpt.pte_hi & LPTE_AVPN_MASK)) {
444 		/* Evicted */
445 		STAT_MOEA64(moea64_pte_overflow--);
446 		rw_runlock(&moea64_eviction_lock);
447 		return (-1);
448 	}
449 
450 	/*
451 	 * Replace the pte, briefly locking it to collect RC bits. No
452 	 * atomics needed since this is protected against eviction by the lock.
453 	 */
454 	isync();
455 	critical_enter();
456 	ptehi = (be64toh(pt->pte_hi) & ~LPTE_VALID) | LPTE_LOCKED;
457 	pt->pte_hi = htobe64(ptehi);
458 	PTESYNC();
459 	TLBIE(pvo->pvo_vpn, ptehi);
460 	ptelo = be64toh(pt->pte_lo);
461 	EIEIO();
462 	pt->pte_lo = htobe64(properpt.pte_lo);
463 	EIEIO();
464 	pt->pte_hi = htobe64(properpt.pte_hi); /* Release lock */
465 	PTESYNC();
466 	critical_exit();
467 	rw_runlock(&moea64_eviction_lock);
468 
469 	return (ptelo & (LPTE_CHG | LPTE_REF));
470 }
471 
472 static int64_t
473 moea64_pte_replace_native(struct pvo_entry *pvo, int flags)
474 {
475 	volatile struct lpte *pt = moea64_pteg_table + pvo->pvo_pte.slot;
476 	struct lpte properpt;
477 	int64_t ptelo;
478 
479 	if (flags == 0) {
480 		/* Just some software bits changing. */
481 		moea64_pte_from_pvo(pvo, &properpt);
482 
483 		rw_rlock(&moea64_eviction_lock);
484 		if ((be64toh(pt->pte_hi) & LPTE_AVPN_MASK) !=
485 		    (properpt.pte_hi & LPTE_AVPN_MASK)) {
486 			rw_runlock(&moea64_eviction_lock);
487 			return (-1);
488 		}
489 		pt->pte_hi = htobe64(properpt.pte_hi);
490 		ptelo = be64toh(pt->pte_lo);
491 		rw_runlock(&moea64_eviction_lock);
492 	} else {
493 		/* Otherwise, need reinsertion and deletion */
494 		ptelo = moea64_pte_replace_inval_native(pvo, pt);
495 	}
496 
497 	return (ptelo);
498 }
499 
500 static void
501 moea64_cpu_bootstrap_native(int ap)
502 {
503 	int i = 0;
504 	#ifdef __powerpc64__
505 	struct slb *slb = PCPU_GET(aim.slb);
506 	register_t seg0;
507 	#endif
508 
509 	/*
510 	 * Initialize segment registers and MMU
511 	 */
512 
513 	mtmsr(mfmsr() & ~PSL_DR & ~PSL_IR);
514 
515 	switch(mfpvr() >> 16) {
516 	case IBMPOWER9:
517 		mtspr(SPR_HID0, mfspr(SPR_HID0) & ~HID0_RADIX);
518 		break;
519 	}
520 
521 	/*
522 	 * Install kernel SLB entries
523 	 */
524 
525 	#ifdef __powerpc64__
526 		__asm __volatile ("slbia");
527 		__asm __volatile ("slbmfee %0,%1; slbie %0;" : "=r"(seg0) :
528 		    "r"(0));
529 
530 		for (i = 0; i < n_slbs; i++) {
531 			if (!(slb[i].slbe & SLBE_VALID))
532 				continue;
533 
534 			__asm __volatile ("slbmte %0, %1" ::
535 			    "r"(slb[i].slbv), "r"(slb[i].slbe));
536 		}
537 	#else
538 		for (i = 0; i < 16; i++)
539 			mtsrin(i << ADDR_SR_SHFT, kernel_pmap->pm_sr[i]);
540 	#endif
541 
542 	/*
543 	 * Install page table
544 	 */
545 
546 	if (cpu_features2 & PPC_FEATURE2_ARCH_3_00)
547 		mtspr(SPR_PTCR,
548 		    ((uintptr_t)moea64_part_table & ~DMAP_BASE_ADDRESS) |
549 		     flsl((PART_SIZE >> 12) - 1));
550 	else
551 		__asm __volatile ("ptesync; mtsdr1 %0; isync"
552 		    :: "r"(((uintptr_t)moea64_pteg_table & ~DMAP_BASE_ADDRESS)
553 			     | (uintptr_t)(flsl(moea64_pteg_mask >> 11))));
554 	tlbia();
555 }
556 
557 static void
558 moea64_bootstrap_native(vm_offset_t kernelstart, vm_offset_t kernelend)
559 {
560 	vm_size_t	size;
561 	vm_offset_t	off;
562 	vm_paddr_t	pa;
563 	register_t	msr;
564 
565 	moea64_early_bootstrap(kernelstart, kernelend);
566 
567 	switch (mfpvr() >> 16) {
568 	case IBMPOWER9:
569 		moea64_need_lock = false;
570 		break;
571 	case IBMPOWER4:
572 	case IBMPOWER4PLUS:
573 	case IBM970:
574 	case IBM970FX:
575 	case IBM970GX:
576 	case IBM970MP:
577 		moea64_crop_tlbie = true;
578 	default:
579 		moea64_need_lock = true;
580 	}
581 	/*
582 	 * Allocate PTEG table.
583 	 */
584 
585 	size = moea64_pteg_count * sizeof(struct lpteg);
586 	CTR2(KTR_PMAP, "moea64_bootstrap: %lu PTEGs, %lu bytes",
587 	    moea64_pteg_count, size);
588 	rw_init(&moea64_eviction_lock, "pte eviction");
589 
590 	/*
591 	 * We now need to allocate memory. This memory, to be allocated,
592 	 * has to reside in a page table. The page table we are about to
593 	 * allocate. We don't have BAT. So drop to data real mode for a minute
594 	 * as a measure of last resort. We do this a couple times.
595 	 */
596 	/*
597 	 * PTEG table must be aligned on a 256k boundary, but can be placed
598 	 * anywhere with that alignment on POWER ISA 3+ systems. On earlier
599 	 * systems, offset addition is done by the CPU with bitwise OR rather
600 	 * than addition, so the table must also be aligned on a boundary of
601 	 * its own size. Pick the larger of the two, which works on all
602 	 * systems.
603 	 */
604 	moea64_pteg_table = (struct lpte *)moea64_bootstrap_alloc(size,
605 	    MAX(256*1024, size));
606 	if (hw_direct_map)
607 		moea64_pteg_table =
608 		    (struct lpte *)PHYS_TO_DMAP((vm_offset_t)moea64_pteg_table);
609 	/* Allocate partition table (ISA 3.0). */
610 	if (cpu_features2 & PPC_FEATURE2_ARCH_3_00) {
611 		moea64_part_table =
612 		    (struct pate *)moea64_bootstrap_alloc(PART_SIZE, PART_SIZE);
613 		moea64_part_table =
614 		    (struct pate *)PHYS_TO_DMAP((vm_offset_t)moea64_part_table);
615 	}
616 	DISABLE_TRANS(msr);
617 	bzero(__DEVOLATILE(void *, moea64_pteg_table), moea64_pteg_count *
618 	    sizeof(struct lpteg));
619 	if (cpu_features2 & PPC_FEATURE2_ARCH_3_00) {
620 		bzero(__DEVOLATILE(void *, moea64_part_table), PART_SIZE);
621 		moea64_part_table[0].pagetab = htobe64(
622 			(DMAP_TO_PHYS((vm_offset_t)moea64_pteg_table)) |
623 			(uintptr_t)(flsl((moea64_pteg_count - 1) >> 11)));
624 	}
625 	ENABLE_TRANS(msr);
626 
627 	CTR1(KTR_PMAP, "moea64_bootstrap: PTEG table at %p", moea64_pteg_table);
628 
629 	moea64_mid_bootstrap(kernelstart, kernelend);
630 
631 	/*
632 	 * Add a mapping for the page table itself if there is no direct map.
633 	 */
634 	if (!hw_direct_map) {
635 		size = moea64_pteg_count * sizeof(struct lpteg);
636 		off = (vm_offset_t)(moea64_pteg_table);
637 		DISABLE_TRANS(msr);
638 		for (pa = off; pa < off + size; pa += PAGE_SIZE)
639 			pmap_kenter(pa, pa);
640 		ENABLE_TRANS(msr);
641 	}
642 
643 	/* Bring up virtual memory */
644 	moea64_late_bootstrap(kernelstart, kernelend);
645 }
646 
647 static void
648 tlbia(void)
649 {
650 	vm_offset_t i;
651 	#ifndef __powerpc64__
652 	register_t msr, scratch;
653 	#endif
654 
655 	i = 0xc00; /* IS = 11 */
656 	switch (mfpvr() >> 16) {
657 	case IBM970:
658 	case IBM970FX:
659 	case IBM970MP:
660 	case IBM970GX:
661 	case IBMPOWER4:
662 	case IBMPOWER4PLUS:
663 	case IBMPOWER5:
664 	case IBMPOWER5PLUS:
665 		i = 0; /* IS not supported */
666 		break;
667 	}
668 
669 	TLBSYNC();
670 
671 	for (; i < 0x400000; i += 0x00001000) {
672 		#ifdef __powerpc64__
673 		__asm __volatile("tlbiel %0" :: "r"(i));
674 		#else
675 		__asm __volatile("\
676 		    mfmsr %0; \
677 		    mr %1, %0; \
678 		    insrdi %1,%3,1,0; \
679 		    mtmsrd %1; \
680 		    isync; \
681 		    \
682 		    tlbiel %2; \
683 		    \
684 		    mtmsrd %0; \
685 		    isync;"
686 		: "=r"(msr), "=r"(scratch) : "r"(i), "r"(1));
687 		#endif
688 	}
689 
690 	EIEIO();
691 	TLBSYNC();
692 }
693 
694 static int
695 atomic_pte_lock(volatile struct lpte *pte, uint64_t bitmask, uint64_t *oldhi)
696 {
697 	int	ret;
698 #ifdef __powerpc64__
699 	uint64_t temp;
700 #else
701 	uint32_t oldhihalf;
702 #endif
703 
704 	/*
705 	 * Note: in principle, if just the locked bit were set here, we
706 	 * could avoid needing the eviction lock. However, eviction occurs
707 	 * so rarely that it isn't worth bothering about in practice.
708 	 */
709 #ifdef __powerpc64__
710 	/*
711 	 * Note: Success of this sequence has the side effect of invalidating
712 	 * the PTE, as we are setting it to LPTE_LOCKED and discarding the
713 	 * other bits, including LPTE_V.
714 	 */
715 	__asm __volatile (
716 		"1:\tldarx %1, 0, %3\n\t"	/* load old value */
717 		"and. %0,%1,%4\n\t"		/* check if any bits set */
718 		"bne 2f\n\t"			/* exit if any set */
719 		"stdcx. %5, 0, %3\n\t"		/* attempt to store */
720 		"bne- 1b\n\t"			/* spin if failed */
721 		"li %0, 1\n\t"			/* success - retval = 1 */
722 		"b 3f\n\t"			/* we've succeeded */
723 		"2:\n\t"
724 		"stdcx. %1, 0, %3\n\t"       	/* clear reservation (74xx) */
725 		"li %0, 0\n\t"			/* failure - retval = 0 */
726 		"3:\n\t"
727 		: "=&r" (ret), "=&r"(temp), "=m" (pte->pte_hi)
728 		: "r" ((volatile char *)&pte->pte_hi),
729 		  "r" (htobe64(bitmask)), "r" (htobe64(LPTE_LOCKED)),
730 		  "m" (pte->pte_hi)
731 		: "cr0", "cr1", "cr2", "memory");
732 	*oldhi = be64toh(temp);
733 #else
734 	/*
735 	 * This code is used on bridge mode only.
736 	 */
737 	__asm __volatile (
738 		"1:\tlwarx %1, 0, %3\n\t"	/* load old value */
739 		"and. %0,%1,%4\n\t"		/* check if any bits set */
740 		"bne 2f\n\t"			/* exit if any set */
741 		"stwcx. %5, 0, %3\n\t"      	/* attempt to store */
742 		"bne- 1b\n\t"			/* spin if failed */
743 		"li %0, 1\n\t"			/* success - retval = 1 */
744 		"b 3f\n\t"			/* we've succeeded */
745 		"2:\n\t"
746 		"stwcx. %1, 0, %3\n\t"       	/* clear reservation (74xx) */
747 		"li %0, 0\n\t"			/* failure - retval = 0 */
748 		"3:\n\t"
749 		: "=&r" (ret), "=&r"(oldhihalf), "=m" (pte->pte_hi)
750 		: "r" ((volatile char *)&pte->pte_hi + 4),
751 		  "r" ((uint32_t)bitmask), "r" ((uint32_t)LPTE_LOCKED),
752 		  "m" (pte->pte_hi)
753 		: "cr0", "cr1", "cr2", "memory");
754 
755 	*oldhi = (pte->pte_hi & 0xffffffff00000000ULL) | oldhihalf;
756 #endif
757 
758 	return (ret);
759 }
760 
761 static uintptr_t
762 moea64_insert_to_pteg_native(struct lpte *pvo_pt, uintptr_t slotbase,
763     uint64_t mask)
764 {
765 	volatile struct lpte *pt;
766 	uint64_t oldptehi, va;
767 	uintptr_t k;
768 	int i, j;
769 
770 	/* Start at a random slot */
771 	i = mftb() % 8;
772 	for (j = 0; j < 8; j++) {
773 		k = slotbase + (i + j) % 8;
774 		pt = &moea64_pteg_table[k];
775 		/* Invalidate and seize lock only if no bits in mask set */
776 		if (atomic_pte_lock(pt, mask, &oldptehi)) /* Lock obtained */
777 			break;
778 	}
779 
780 	if (j == 8)
781 		return (-1);
782 
783 	if (oldptehi & LPTE_VALID) {
784 		KASSERT(!(oldptehi & LPTE_WIRED), ("Unmapped wired entry"));
785 		/*
786 		 * Need to invalidate old entry completely: see
787 		 * "Modifying a Page Table Entry". Need to reconstruct
788 		 * the virtual address for the outgoing entry to do that.
789 		 */
790 		va = oldptehi >> (ADDR_SR_SHFT - ADDR_API_SHFT64);
791 		if (oldptehi & LPTE_HID)
792 			va = (((k >> 3) ^ moea64_pteg_mask) ^ va) &
793 			    (ADDR_PIDX >> ADDR_PIDX_SHFT);
794 		else
795 			va = ((k >> 3) ^ va) & (ADDR_PIDX >> ADDR_PIDX_SHFT);
796 		va |= (oldptehi & LPTE_AVPN_MASK) <<
797 		    (ADDR_API_SHFT64 - ADDR_PIDX_SHFT);
798 		PTESYNC();
799 		TLBIE(va, oldptehi);
800 		STAT_MOEA64(moea64_pte_valid--);
801 		STAT_MOEA64(moea64_pte_overflow++);
802 	}
803 
804 	/*
805 	 * Update the PTE as per "Adding a Page Table Entry". Lock is released
806 	 * by setting the high doubleworld.
807 	 */
808 	pt->pte_lo = htobe64(pvo_pt->pte_lo);
809 	EIEIO();
810 	pt->pte_hi = htobe64(pvo_pt->pte_hi);
811 	PTESYNC();
812 
813 	/* Keep statistics */
814 	STAT_MOEA64(moea64_pte_valid++);
815 
816 	return (k);
817 }
818 
819 static __always_inline int64_t
820 moea64_pte_insert_locked(struct pvo_entry *pvo, struct lpte *insertpt,
821     uint64_t mask)
822 {
823 	uintptr_t slot;
824 
825 	/*
826 	 * First try primary hash.
827 	 */
828 	slot = moea64_insert_to_pteg_native(insertpt, pvo->pvo_pte.slot,
829 	    mask | LPTE_WIRED | LPTE_LOCKED);
830 	if (slot != -1) {
831 		pvo->pvo_pte.slot = slot;
832 		return (0);
833 	}
834 
835 	/*
836 	 * Now try secondary hash.
837 	 */
838 	pvo->pvo_vaddr ^= PVO_HID;
839 	insertpt->pte_hi ^= LPTE_HID;
840 	pvo->pvo_pte.slot ^= (moea64_pteg_mask << 3);
841 	slot = moea64_insert_to_pteg_native(insertpt, pvo->pvo_pte.slot,
842 	    mask | LPTE_WIRED | LPTE_LOCKED);
843 	if (slot != -1) {
844 		pvo->pvo_pte.slot = slot;
845 		return (0);
846 	}
847 
848 	return (-1);
849 }
850 
851 static int64_t
852 moea64_pte_insert_native(struct pvo_entry *pvo)
853 {
854 	struct lpte insertpt;
855 	int64_t ret;
856 
857 	/* Initialize PTE */
858 	moea64_pte_from_pvo(pvo, &insertpt);
859 
860 	/* Make sure further insertion is locked out during evictions */
861 	rw_rlock(&moea64_eviction_lock);
862 
863 	pvo->pvo_pte.slot &= ~7ULL; /* Base slot address */
864 	ret = moea64_pte_insert_locked(pvo, &insertpt, LPTE_VALID);
865 	if (ret == -1) {
866 		/*
867 		 * Out of luck. Find a PTE to sacrifice.
868 		 */
869 
870 		/* Lock out all insertions for a bit */
871 		if (!rw_try_upgrade(&moea64_eviction_lock)) {
872 			rw_runlock(&moea64_eviction_lock);
873 			rw_wlock(&moea64_eviction_lock);
874 		}
875 		/* Don't evict large pages */
876 		ret = moea64_pte_insert_locked(pvo, &insertpt, LPTE_BIG);
877 		rw_wunlock(&moea64_eviction_lock);
878 		/* No freeable slots in either PTEG? We're hosed. */
879 		if (ret == -1)
880 			panic("moea64_pte_insert: overflow");
881 	} else
882 		rw_runlock(&moea64_eviction_lock);
883 
884 	return (0);
885 }
886 
887 static void *
888 moea64_dump_pmap_native(void *ctx, void *buf, u_long *nbytes)
889 {
890 	struct dump_context *dctx;
891 	u_long ptex, ptex_end;
892 
893 	dctx = (struct dump_context *)ctx;
894 	ptex = dctx->ptex;
895 	ptex_end = ptex + dctx->blksz / sizeof(struct lpte);
896 	ptex_end = MIN(ptex_end, dctx->ptex_end);
897 	*nbytes = (ptex_end - ptex) * sizeof(struct lpte);
898 
899 	if (*nbytes == 0)
900 		return (NULL);
901 
902 	dctx->ptex = ptex_end;
903 	return (__DEVOLATILE(struct lpte *, moea64_pteg_table) + ptex);
904 }
905 
906 static __always_inline uint64_t
907 moea64_vpn_from_pte(uint64_t ptehi, uintptr_t slot)
908 {
909 	uint64_t pgn, pgnlo, vsid;
910 
911 	vsid = (ptehi & LPTE_AVA_MASK) >> LPTE_VSID_SHIFT;
912 	if ((ptehi & LPTE_HID) != 0)
913 		slot ^= (moea64_pteg_mask << 3);
914 	pgnlo = ((vsid & VSID_HASH_MASK) ^ (slot >> 3)) & EA_PAGELO_MASK;
915 	pgn = ((ptehi & LPTE_AVA_PGNHI_MASK) << (EA_PAGELO_SHIFT -
916 	    LPTE_AVA_PGNHI_SHIFT)) | pgnlo;
917 	return ((vsid << 16) | pgn);
918 }
919 
920 static __always_inline int64_t
921 moea64_pte_unset_sp_locked(struct pvo_entry *pvo)
922 {
923 	volatile struct lpte *pt;
924 	uint64_t ptehi, refchg, vpn;
925 	vm_offset_t eva;
926 
927 	refchg = 0;
928 	eva = PVO_VADDR(pvo) + HPT_SP_SIZE;
929 
930 	for (; pvo != NULL && PVO_VADDR(pvo) < eva;
931 	    pvo = RB_NEXT(pvo_tree, &pvo->pvo_pmap->pmap_pvo, pvo)) {
932 		pt = moea64_pteg_table + pvo->pvo_pte.slot;
933 		ptehi = be64toh(pt->pte_hi);
934 		if ((ptehi & LPTE_AVPN_MASK) !=
935 		    moea64_pte_vpn_from_pvo_vpn(pvo)) {
936 			/* Evicted: invalidate new entry */
937 			STAT_MOEA64(moea64_pte_overflow--);
938 			vpn = moea64_vpn_from_pte(ptehi, pvo->pvo_pte.slot);
939 			CTR1(KTR_PMAP, "Evicted page in pte_unset_sp: vpn=%jx",
940 			    (uintmax_t)vpn);
941 			/* Assume evicted page was modified */
942 			refchg |= LPTE_CHG;
943 		} else
944 			vpn = pvo->pvo_vpn;
945 
946 		refchg |= moea64_pte_unset_locked(pt, vpn);
947 	}
948 
949 	return (refchg);
950 }
951 
952 static int64_t
953 moea64_pte_unset_sp_native(struct pvo_entry *pvo)
954 {
955 	uint64_t refchg;
956 
957 	PMAP_LOCK_ASSERT(pvo->pvo_pmap, MA_OWNED);
958 	KASSERT((PVO_VADDR(pvo) & HPT_SP_MASK) == 0,
959 	    ("%s: va %#jx unaligned", __func__, (uintmax_t)PVO_VADDR(pvo)));
960 
961 	rw_rlock(&moea64_eviction_lock);
962 	refchg = moea64_pte_unset_sp_locked(pvo);
963 	rw_runlock(&moea64_eviction_lock);
964 
965 	return (refchg);
966 }
967 
968 static __always_inline int64_t
969 moea64_pte_insert_sp_locked(struct pvo_entry *pvo)
970 {
971 	struct lpte insertpt;
972 	int64_t ret;
973 	vm_offset_t eva;
974 
975 	eva = PVO_VADDR(pvo) + HPT_SP_SIZE;
976 
977 	for (; pvo != NULL && PVO_VADDR(pvo) < eva;
978 	    pvo = RB_NEXT(pvo_tree, &pvo->pvo_pmap->pmap_pvo, pvo)) {
979 		moea64_pte_from_pvo(pvo, &insertpt);
980 		pvo->pvo_pte.slot &= ~7ULL; /* Base slot address */
981 
982 		ret = moea64_pte_insert_locked(pvo, &insertpt, LPTE_VALID);
983 		if (ret == -1) {
984 			/* Lock out all insertions for a bit */
985 			if (!rw_try_upgrade(&moea64_eviction_lock)) {
986 				rw_runlock(&moea64_eviction_lock);
987 				rw_wlock(&moea64_eviction_lock);
988 			}
989 			/* Don't evict large pages */
990 			ret = moea64_pte_insert_locked(pvo, &insertpt,
991 			    LPTE_BIG);
992 			rw_downgrade(&moea64_eviction_lock);
993 			/* No freeable slots in either PTEG? We're hosed. */
994 			if (ret == -1)
995 				panic("moea64_pte_insert_sp: overflow");
996 		}
997 	}
998 
999 	return (0);
1000 }
1001 
1002 static int64_t
1003 moea64_pte_insert_sp_native(struct pvo_entry *pvo)
1004 {
1005 	PMAP_LOCK_ASSERT(pvo->pvo_pmap, MA_OWNED);
1006 	KASSERT((PVO_VADDR(pvo) & HPT_SP_MASK) == 0,
1007 	    ("%s: va %#jx unaligned", __func__, (uintmax_t)PVO_VADDR(pvo)));
1008 
1009 	rw_rlock(&moea64_eviction_lock);
1010 	moea64_pte_insert_sp_locked(pvo);
1011 	rw_runlock(&moea64_eviction_lock);
1012 
1013 	return (0);
1014 }
1015 
1016 static int64_t
1017 moea64_pte_replace_sp_native(struct pvo_entry *pvo)
1018 {
1019 	uint64_t refchg;
1020 
1021 	PMAP_LOCK_ASSERT(pvo->pvo_pmap, MA_OWNED);
1022 	KASSERT((PVO_VADDR(pvo) & HPT_SP_MASK) == 0,
1023 	    ("%s: va %#jx unaligned", __func__, (uintmax_t)PVO_VADDR(pvo)));
1024 
1025 	rw_rlock(&moea64_eviction_lock);
1026 	refchg = moea64_pte_unset_sp_locked(pvo);
1027 	moea64_pte_insert_sp_locked(pvo);
1028 	rw_runlock(&moea64_eviction_lock);
1029 
1030 	return (refchg);
1031 }
1032