1 /* 2 * This file is subject to the terms and conditions of the GNU General Public 3 * License. See the file "COPYING" in the main directory of this archive 4 * for more details. 5 * 6 * Synthesize TLB refill handlers at runtime. 7 * 8 * Copyright (C) 2004, 2005, 2006, 2008 Thiemo Seufer 9 * Copyright (C) 2005, 2007, 2008, 2009 Maciej W. Rozycki 10 * Copyright (C) 2006 Ralf Baechle (ralf@linux-mips.org) 11 * Copyright (C) 2008, 2009 Cavium Networks, Inc. 12 * Copyright (C) 2011 MIPS Technologies, Inc. 13 * 14 * ... and the days got worse and worse and now you see 15 * I've gone completly out of my mind. 16 * 17 * They're coming to take me a away haha 18 * they're coming to take me a away hoho hihi haha 19 * to the funny farm where code is beautiful all the time ... 20 * 21 * (Condolences to Napoleon XIV) 22 */ 23 24 #include <linux/bug.h> 25 #include <linux/kernel.h> 26 #include <linux/types.h> 27 #include <linux/smp.h> 28 #include <linux/string.h> 29 #include <linux/init.h> 30 #include <linux/cache.h> 31 32 #include <asm/cacheflush.h> 33 #include <asm/pgtable.h> 34 #include <asm/war.h> 35 #include <asm/uasm.h> 36 #include <asm/setup.h> 37 38 /* 39 * TLB load/store/modify handlers. 40 * 41 * Only the fastpath gets synthesized at runtime, the slowpath for 42 * do_page_fault remains normal asm. 43 */ 44 extern void tlb_do_page_fault_0(void); 45 extern void tlb_do_page_fault_1(void); 46 47 struct work_registers { 48 int r1; 49 int r2; 50 int r3; 51 }; 52 53 struct tlb_reg_save { 54 unsigned long a; 55 unsigned long b; 56 } ____cacheline_aligned_in_smp; 57 58 static struct tlb_reg_save handler_reg_save[NR_CPUS]; 59 60 static inline int r45k_bvahwbug(void) 61 { 62 /* XXX: We should probe for the presence of this bug, but we don't. */ 63 return 0; 64 } 65 66 static inline int r4k_250MHZhwbug(void) 67 { 68 /* XXX: We should probe for the presence of this bug, but we don't. */ 69 return 0; 70 } 71 72 static inline int __maybe_unused bcm1250_m3_war(void) 73 { 74 return BCM1250_M3_WAR; 75 } 76 77 static inline int __maybe_unused r10000_llsc_war(void) 78 { 79 return R10000_LLSC_WAR; 80 } 81 82 static int use_bbit_insns(void) 83 { 84 switch (current_cpu_type()) { 85 case CPU_CAVIUM_OCTEON: 86 case CPU_CAVIUM_OCTEON_PLUS: 87 case CPU_CAVIUM_OCTEON2: 88 return 1; 89 default: 90 return 0; 91 } 92 } 93 94 static int use_lwx_insns(void) 95 { 96 switch (current_cpu_type()) { 97 case CPU_CAVIUM_OCTEON2: 98 return 1; 99 default: 100 return 0; 101 } 102 } 103 #if defined(CONFIG_CAVIUM_OCTEON_CVMSEG_SIZE) && \ 104 CONFIG_CAVIUM_OCTEON_CVMSEG_SIZE > 0 105 static bool scratchpad_available(void) 106 { 107 return true; 108 } 109 static int scratchpad_offset(int i) 110 { 111 /* 112 * CVMSEG starts at address -32768 and extends for 113 * CAVIUM_OCTEON_CVMSEG_SIZE 128 byte cache lines. 114 */ 115 i += 1; /* Kernel use starts at the top and works down. */ 116 return CONFIG_CAVIUM_OCTEON_CVMSEG_SIZE * 128 - (8 * i) - 32768; 117 } 118 #else 119 static bool scratchpad_available(void) 120 { 121 return false; 122 } 123 static int scratchpad_offset(int i) 124 { 125 BUG(); 126 /* Really unreachable, but evidently some GCC want this. */ 127 return 0; 128 } 129 #endif 130 /* 131 * Found by experiment: At least some revisions of the 4kc throw under 132 * some circumstances a machine check exception, triggered by invalid 133 * values in the index register. Delaying the tlbp instruction until 134 * after the next branch, plus adding an additional nop in front of 135 * tlbwi/tlbwr avoids the invalid index register values. Nobody knows 136 * why; it's not an issue caused by the core RTL. 137 * 138 */ 139 static int __cpuinit m4kc_tlbp_war(void) 140 { 141 return (current_cpu_data.processor_id & 0xffff00) == 142 (PRID_COMP_MIPS | PRID_IMP_4KC); 143 } 144 145 /* Handle labels (which must be positive integers). */ 146 enum label_id { 147 label_second_part = 1, 148 label_leave, 149 label_vmalloc, 150 label_vmalloc_done, 151 label_tlbw_hazard_0, 152 label_split = label_tlbw_hazard_0 + 8, 153 label_tlbl_goaround1, 154 label_tlbl_goaround2, 155 label_nopage_tlbl, 156 label_nopage_tlbs, 157 label_nopage_tlbm, 158 label_smp_pgtable_change, 159 label_r3000_write_probe_fail, 160 label_large_segbits_fault, 161 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 162 label_tlb_huge_update, 163 #endif 164 }; 165 166 UASM_L_LA(_second_part) 167 UASM_L_LA(_leave) 168 UASM_L_LA(_vmalloc) 169 UASM_L_LA(_vmalloc_done) 170 /* _tlbw_hazard_x is handled differently. */ 171 UASM_L_LA(_split) 172 UASM_L_LA(_tlbl_goaround1) 173 UASM_L_LA(_tlbl_goaround2) 174 UASM_L_LA(_nopage_tlbl) 175 UASM_L_LA(_nopage_tlbs) 176 UASM_L_LA(_nopage_tlbm) 177 UASM_L_LA(_smp_pgtable_change) 178 UASM_L_LA(_r3000_write_probe_fail) 179 UASM_L_LA(_large_segbits_fault) 180 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 181 UASM_L_LA(_tlb_huge_update) 182 #endif 183 184 static int __cpuinitdata hazard_instance; 185 186 static void __cpuinit uasm_bgezl_hazard(u32 **p, 187 struct uasm_reloc **r, 188 int instance) 189 { 190 switch (instance) { 191 case 0 ... 7: 192 uasm_il_bgezl(p, r, 0, label_tlbw_hazard_0 + instance); 193 return; 194 default: 195 BUG(); 196 } 197 } 198 199 static void __cpuinit uasm_bgezl_label(struct uasm_label **l, 200 u32 **p, 201 int instance) 202 { 203 switch (instance) { 204 case 0 ... 7: 205 uasm_build_label(l, *p, label_tlbw_hazard_0 + instance); 206 break; 207 default: 208 BUG(); 209 } 210 } 211 212 /* 213 * pgtable bits are assigned dynamically depending on processor feature 214 * and statically based on kernel configuration. This spits out the actual 215 * values the kernel is using. Required to make sense from disassembled 216 * TLB exception handlers. 217 */ 218 static void output_pgtable_bits_defines(void) 219 { 220 #define pr_define(fmt, ...) \ 221 pr_debug("#define " fmt, ##__VA_ARGS__) 222 223 pr_debug("#include <asm/asm.h>\n"); 224 pr_debug("#include <asm/regdef.h>\n"); 225 pr_debug("\n"); 226 227 pr_define("_PAGE_PRESENT_SHIFT %d\n", _PAGE_PRESENT_SHIFT); 228 pr_define("_PAGE_READ_SHIFT %d\n", _PAGE_READ_SHIFT); 229 pr_define("_PAGE_WRITE_SHIFT %d\n", _PAGE_WRITE_SHIFT); 230 pr_define("_PAGE_ACCESSED_SHIFT %d\n", _PAGE_ACCESSED_SHIFT); 231 pr_define("_PAGE_MODIFIED_SHIFT %d\n", _PAGE_MODIFIED_SHIFT); 232 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 233 pr_define("_PAGE_HUGE_SHIFT %d\n", _PAGE_HUGE_SHIFT); 234 pr_define("_PAGE_SPLITTING_SHIFT %d\n", _PAGE_SPLITTING_SHIFT); 235 #endif 236 if (cpu_has_rixi) { 237 #ifdef _PAGE_NO_EXEC_SHIFT 238 pr_define("_PAGE_NO_EXEC_SHIFT %d\n", _PAGE_NO_EXEC_SHIFT); 239 #endif 240 #ifdef _PAGE_NO_READ_SHIFT 241 pr_define("_PAGE_NO_READ_SHIFT %d\n", _PAGE_NO_READ_SHIFT); 242 #endif 243 } 244 pr_define("_PAGE_GLOBAL_SHIFT %d\n", _PAGE_GLOBAL_SHIFT); 245 pr_define("_PAGE_VALID_SHIFT %d\n", _PAGE_VALID_SHIFT); 246 pr_define("_PAGE_DIRTY_SHIFT %d\n", _PAGE_DIRTY_SHIFT); 247 pr_define("_PFN_SHIFT %d\n", _PFN_SHIFT); 248 pr_debug("\n"); 249 } 250 251 static inline void dump_handler(const char *symbol, const u32 *handler, int count) 252 { 253 int i; 254 255 pr_debug("LEAF(%s)\n", symbol); 256 257 pr_debug("\t.set push\n"); 258 pr_debug("\t.set noreorder\n"); 259 260 for (i = 0; i < count; i++) 261 pr_debug("\t.word\t0x%08x\t\t# %p\n", handler[i], &handler[i]); 262 263 pr_debug("\t.set\tpop\n"); 264 265 pr_debug("\tEND(%s)\n", symbol); 266 } 267 268 /* The only general purpose registers allowed in TLB handlers. */ 269 #define K0 26 270 #define K1 27 271 272 /* Some CP0 registers */ 273 #define C0_INDEX 0, 0 274 #define C0_ENTRYLO0 2, 0 275 #define C0_TCBIND 2, 2 276 #define C0_ENTRYLO1 3, 0 277 #define C0_CONTEXT 4, 0 278 #define C0_PAGEMASK 5, 0 279 #define C0_BADVADDR 8, 0 280 #define C0_ENTRYHI 10, 0 281 #define C0_EPC 14, 0 282 #define C0_XCONTEXT 20, 0 283 284 #ifdef CONFIG_64BIT 285 # define GET_CONTEXT(buf, reg) UASM_i_MFC0(buf, reg, C0_XCONTEXT) 286 #else 287 # define GET_CONTEXT(buf, reg) UASM_i_MFC0(buf, reg, C0_CONTEXT) 288 #endif 289 290 /* The worst case length of the handler is around 18 instructions for 291 * R3000-style TLBs and up to 63 instructions for R4000-style TLBs. 292 * Maximum space available is 32 instructions for R3000 and 64 293 * instructions for R4000. 294 * 295 * We deliberately chose a buffer size of 128, so we won't scribble 296 * over anything important on overflow before we panic. 297 */ 298 static u32 tlb_handler[128] __cpuinitdata; 299 300 /* simply assume worst case size for labels and relocs */ 301 static struct uasm_label labels[128] __cpuinitdata; 302 static struct uasm_reloc relocs[128] __cpuinitdata; 303 304 #ifdef CONFIG_64BIT 305 static int check_for_high_segbits __cpuinitdata; 306 #endif 307 308 static int check_for_high_segbits __cpuinitdata; 309 310 static unsigned int kscratch_used_mask __cpuinitdata; 311 312 static int __cpuinit allocate_kscratch(void) 313 { 314 int r; 315 unsigned int a = cpu_data[0].kscratch_mask & ~kscratch_used_mask; 316 317 r = ffs(a); 318 319 if (r == 0) 320 return -1; 321 322 r--; /* make it zero based */ 323 324 kscratch_used_mask |= (1 << r); 325 326 return r; 327 } 328 329 static int scratch_reg __cpuinitdata; 330 static int pgd_reg __cpuinitdata; 331 enum vmalloc64_mode {not_refill, refill_scratch, refill_noscratch}; 332 333 static struct work_registers __cpuinit build_get_work_registers(u32 **p) 334 { 335 struct work_registers r; 336 337 int smp_processor_id_reg; 338 int smp_processor_id_sel; 339 int smp_processor_id_shift; 340 341 if (scratch_reg > 0) { 342 /* Save in CPU local C0_KScratch? */ 343 UASM_i_MTC0(p, 1, 31, scratch_reg); 344 r.r1 = K0; 345 r.r2 = K1; 346 r.r3 = 1; 347 return r; 348 } 349 350 if (num_possible_cpus() > 1) { 351 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 352 smp_processor_id_shift = 51; 353 smp_processor_id_reg = 20; /* XContext */ 354 smp_processor_id_sel = 0; 355 #else 356 # ifdef CONFIG_32BIT 357 smp_processor_id_shift = 25; 358 smp_processor_id_reg = 4; /* Context */ 359 smp_processor_id_sel = 0; 360 # endif 361 # ifdef CONFIG_64BIT 362 smp_processor_id_shift = 26; 363 smp_processor_id_reg = 4; /* Context */ 364 smp_processor_id_sel = 0; 365 # endif 366 #endif 367 /* Get smp_processor_id */ 368 UASM_i_MFC0(p, K0, smp_processor_id_reg, smp_processor_id_sel); 369 UASM_i_SRL_SAFE(p, K0, K0, smp_processor_id_shift); 370 371 /* handler_reg_save index in K0 */ 372 UASM_i_SLL(p, K0, K0, ilog2(sizeof(struct tlb_reg_save))); 373 374 UASM_i_LA(p, K1, (long)&handler_reg_save); 375 UASM_i_ADDU(p, K0, K0, K1); 376 } else { 377 UASM_i_LA(p, K0, (long)&handler_reg_save); 378 } 379 /* K0 now points to save area, save $1 and $2 */ 380 UASM_i_SW(p, 1, offsetof(struct tlb_reg_save, a), K0); 381 UASM_i_SW(p, 2, offsetof(struct tlb_reg_save, b), K0); 382 383 r.r1 = K1; 384 r.r2 = 1; 385 r.r3 = 2; 386 return r; 387 } 388 389 static void __cpuinit build_restore_work_registers(u32 **p) 390 { 391 if (scratch_reg > 0) { 392 UASM_i_MFC0(p, 1, 31, scratch_reg); 393 return; 394 } 395 /* K0 already points to save area, restore $1 and $2 */ 396 UASM_i_LW(p, 1, offsetof(struct tlb_reg_save, a), K0); 397 UASM_i_LW(p, 2, offsetof(struct tlb_reg_save, b), K0); 398 } 399 400 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT 401 402 /* 403 * CONFIG_MIPS_PGD_C0_CONTEXT implies 64 bit and lack of pgd_current, 404 * we cannot do r3000 under these circumstances. 405 * 406 * Declare pgd_current here instead of including mmu_context.h to avoid type 407 * conflicts for tlbmiss_handler_setup_pgd 408 */ 409 extern unsigned long pgd_current[]; 410 411 /* 412 * The R3000 TLB handler is simple. 413 */ 414 static void __cpuinit build_r3000_tlb_refill_handler(void) 415 { 416 long pgdc = (long)pgd_current; 417 u32 *p; 418 419 memset(tlb_handler, 0, sizeof(tlb_handler)); 420 p = tlb_handler; 421 422 uasm_i_mfc0(&p, K0, C0_BADVADDR); 423 uasm_i_lui(&p, K1, uasm_rel_hi(pgdc)); /* cp0 delay */ 424 uasm_i_lw(&p, K1, uasm_rel_lo(pgdc), K1); 425 uasm_i_srl(&p, K0, K0, 22); /* load delay */ 426 uasm_i_sll(&p, K0, K0, 2); 427 uasm_i_addu(&p, K1, K1, K0); 428 uasm_i_mfc0(&p, K0, C0_CONTEXT); 429 uasm_i_lw(&p, K1, 0, K1); /* cp0 delay */ 430 uasm_i_andi(&p, K0, K0, 0xffc); /* load delay */ 431 uasm_i_addu(&p, K1, K1, K0); 432 uasm_i_lw(&p, K0, 0, K1); 433 uasm_i_nop(&p); /* load delay */ 434 uasm_i_mtc0(&p, K0, C0_ENTRYLO0); 435 uasm_i_mfc0(&p, K1, C0_EPC); /* cp0 delay */ 436 uasm_i_tlbwr(&p); /* cp0 delay */ 437 uasm_i_jr(&p, K1); 438 uasm_i_rfe(&p); /* branch delay */ 439 440 if (p > tlb_handler + 32) 441 panic("TLB refill handler space exceeded"); 442 443 pr_debug("Wrote TLB refill handler (%u instructions).\n", 444 (unsigned int)(p - tlb_handler)); 445 446 memcpy((void *)ebase, tlb_handler, 0x80); 447 448 dump_handler("r3000_tlb_refill", (u32 *)ebase, 32); 449 } 450 #endif /* CONFIG_MIPS_PGD_C0_CONTEXT */ 451 452 /* 453 * The R4000 TLB handler is much more complicated. We have two 454 * consecutive handler areas with 32 instructions space each. 455 * Since they aren't used at the same time, we can overflow in the 456 * other one.To keep things simple, we first assume linear space, 457 * then we relocate it to the final handler layout as needed. 458 */ 459 static u32 final_handler[64] __cpuinitdata; 460 461 /* 462 * Hazards 463 * 464 * From the IDT errata for the QED RM5230 (Nevada), processor revision 1.0: 465 * 2. A timing hazard exists for the TLBP instruction. 466 * 467 * stalling_instruction 468 * TLBP 469 * 470 * The JTLB is being read for the TLBP throughout the stall generated by the 471 * previous instruction. This is not really correct as the stalling instruction 472 * can modify the address used to access the JTLB. The failure symptom is that 473 * the TLBP instruction will use an address created for the stalling instruction 474 * and not the address held in C0_ENHI and thus report the wrong results. 475 * 476 * The software work-around is to not allow the instruction preceding the TLBP 477 * to stall - make it an NOP or some other instruction guaranteed not to stall. 478 * 479 * Errata 2 will not be fixed. This errata is also on the R5000. 480 * 481 * As if we MIPS hackers wouldn't know how to nop pipelines happy ... 482 */ 483 static void __cpuinit __maybe_unused build_tlb_probe_entry(u32 **p) 484 { 485 switch (current_cpu_type()) { 486 /* Found by experiment: R4600 v2.0/R4700 needs this, too. */ 487 case CPU_R4600: 488 case CPU_R4700: 489 case CPU_R5000: 490 case CPU_NEVADA: 491 uasm_i_nop(p); 492 uasm_i_tlbp(p); 493 break; 494 495 default: 496 uasm_i_tlbp(p); 497 break; 498 } 499 } 500 501 /* 502 * Write random or indexed TLB entry, and care about the hazards from 503 * the preceding mtc0 and for the following eret. 504 */ 505 enum tlb_write_entry { tlb_random, tlb_indexed }; 506 507 static void __cpuinit build_tlb_write_entry(u32 **p, struct uasm_label **l, 508 struct uasm_reloc **r, 509 enum tlb_write_entry wmode) 510 { 511 void(*tlbw)(u32 **) = NULL; 512 513 switch (wmode) { 514 case tlb_random: tlbw = uasm_i_tlbwr; break; 515 case tlb_indexed: tlbw = uasm_i_tlbwi; break; 516 } 517 518 if (cpu_has_mips_r2) { 519 /* 520 * The architecture spec says an ehb is required here, 521 * but a number of cores do not have the hazard and 522 * using an ehb causes an expensive pipeline stall. 523 */ 524 switch (current_cpu_type()) { 525 case CPU_M14KC: 526 case CPU_74K: 527 break; 528 529 default: 530 uasm_i_ehb(p); 531 break; 532 } 533 tlbw(p); 534 return; 535 } 536 537 switch (current_cpu_type()) { 538 case CPU_R4000PC: 539 case CPU_R4000SC: 540 case CPU_R4000MC: 541 case CPU_R4400PC: 542 case CPU_R4400SC: 543 case CPU_R4400MC: 544 /* 545 * This branch uses up a mtc0 hazard nop slot and saves 546 * two nops after the tlbw instruction. 547 */ 548 uasm_bgezl_hazard(p, r, hazard_instance); 549 tlbw(p); 550 uasm_bgezl_label(l, p, hazard_instance); 551 hazard_instance++; 552 uasm_i_nop(p); 553 break; 554 555 case CPU_R4600: 556 case CPU_R4700: 557 uasm_i_nop(p); 558 tlbw(p); 559 uasm_i_nop(p); 560 break; 561 562 case CPU_R5000: 563 case CPU_NEVADA: 564 uasm_i_nop(p); /* QED specifies 2 nops hazard */ 565 uasm_i_nop(p); /* QED specifies 2 nops hazard */ 566 tlbw(p); 567 break; 568 569 case CPU_R4300: 570 case CPU_5KC: 571 case CPU_TX49XX: 572 case CPU_PR4450: 573 case CPU_XLR: 574 uasm_i_nop(p); 575 tlbw(p); 576 break; 577 578 case CPU_R10000: 579 case CPU_R12000: 580 case CPU_R14000: 581 case CPU_4KC: 582 case CPU_4KEC: 583 case CPU_M14KC: 584 case CPU_SB1: 585 case CPU_SB1A: 586 case CPU_4KSC: 587 case CPU_20KC: 588 case CPU_25KF: 589 case CPU_BMIPS32: 590 case CPU_BMIPS3300: 591 case CPU_BMIPS4350: 592 case CPU_BMIPS4380: 593 case CPU_BMIPS5000: 594 case CPU_LOONGSON2: 595 case CPU_R5500: 596 if (m4kc_tlbp_war()) 597 uasm_i_nop(p); 598 case CPU_ALCHEMY: 599 tlbw(p); 600 break; 601 602 case CPU_RM7000: 603 uasm_i_nop(p); 604 uasm_i_nop(p); 605 uasm_i_nop(p); 606 uasm_i_nop(p); 607 tlbw(p); 608 break; 609 610 case CPU_VR4111: 611 case CPU_VR4121: 612 case CPU_VR4122: 613 case CPU_VR4181: 614 case CPU_VR4181A: 615 uasm_i_nop(p); 616 uasm_i_nop(p); 617 tlbw(p); 618 uasm_i_nop(p); 619 uasm_i_nop(p); 620 break; 621 622 case CPU_VR4131: 623 case CPU_VR4133: 624 case CPU_R5432: 625 uasm_i_nop(p); 626 uasm_i_nop(p); 627 tlbw(p); 628 break; 629 630 case CPU_JZRISC: 631 tlbw(p); 632 uasm_i_nop(p); 633 break; 634 635 default: 636 panic("No TLB refill handler yet (CPU type: %d)", 637 current_cpu_data.cputype); 638 break; 639 } 640 } 641 642 static __cpuinit __maybe_unused void build_convert_pte_to_entrylo(u32 **p, 643 unsigned int reg) 644 { 645 if (cpu_has_rixi) { 646 UASM_i_ROTR(p, reg, reg, ilog2(_PAGE_GLOBAL)); 647 } else { 648 #ifdef CONFIG_64BIT_PHYS_ADDR 649 uasm_i_dsrl_safe(p, reg, reg, ilog2(_PAGE_GLOBAL)); 650 #else 651 UASM_i_SRL(p, reg, reg, ilog2(_PAGE_GLOBAL)); 652 #endif 653 } 654 } 655 656 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 657 658 static __cpuinit void build_restore_pagemask(u32 **p, 659 struct uasm_reloc **r, 660 unsigned int tmp, 661 enum label_id lid, 662 int restore_scratch) 663 { 664 if (restore_scratch) { 665 /* Reset default page size */ 666 if (PM_DEFAULT_MASK >> 16) { 667 uasm_i_lui(p, tmp, PM_DEFAULT_MASK >> 16); 668 uasm_i_ori(p, tmp, tmp, PM_DEFAULT_MASK & 0xffff); 669 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 670 uasm_il_b(p, r, lid); 671 } else if (PM_DEFAULT_MASK) { 672 uasm_i_ori(p, tmp, 0, PM_DEFAULT_MASK); 673 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 674 uasm_il_b(p, r, lid); 675 } else { 676 uasm_i_mtc0(p, 0, C0_PAGEMASK); 677 uasm_il_b(p, r, lid); 678 } 679 if (scratch_reg > 0) 680 UASM_i_MFC0(p, 1, 31, scratch_reg); 681 else 682 UASM_i_LW(p, 1, scratchpad_offset(0), 0); 683 } else { 684 /* Reset default page size */ 685 if (PM_DEFAULT_MASK >> 16) { 686 uasm_i_lui(p, tmp, PM_DEFAULT_MASK >> 16); 687 uasm_i_ori(p, tmp, tmp, PM_DEFAULT_MASK & 0xffff); 688 uasm_il_b(p, r, lid); 689 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 690 } else if (PM_DEFAULT_MASK) { 691 uasm_i_ori(p, tmp, 0, PM_DEFAULT_MASK); 692 uasm_il_b(p, r, lid); 693 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 694 } else { 695 uasm_il_b(p, r, lid); 696 uasm_i_mtc0(p, 0, C0_PAGEMASK); 697 } 698 } 699 } 700 701 static __cpuinit void build_huge_tlb_write_entry(u32 **p, 702 struct uasm_label **l, 703 struct uasm_reloc **r, 704 unsigned int tmp, 705 enum tlb_write_entry wmode, 706 int restore_scratch) 707 { 708 /* Set huge page tlb entry size */ 709 uasm_i_lui(p, tmp, PM_HUGE_MASK >> 16); 710 uasm_i_ori(p, tmp, tmp, PM_HUGE_MASK & 0xffff); 711 uasm_i_mtc0(p, tmp, C0_PAGEMASK); 712 713 build_tlb_write_entry(p, l, r, wmode); 714 715 build_restore_pagemask(p, r, tmp, label_leave, restore_scratch); 716 } 717 718 /* 719 * Check if Huge PTE is present, if so then jump to LABEL. 720 */ 721 static void __cpuinit 722 build_is_huge_pte(u32 **p, struct uasm_reloc **r, unsigned int tmp, 723 unsigned int pmd, int lid) 724 { 725 UASM_i_LW(p, tmp, 0, pmd); 726 if (use_bbit_insns()) { 727 uasm_il_bbit1(p, r, tmp, ilog2(_PAGE_HUGE), lid); 728 } else { 729 uasm_i_andi(p, tmp, tmp, _PAGE_HUGE); 730 uasm_il_bnez(p, r, tmp, lid); 731 } 732 } 733 734 static __cpuinit void build_huge_update_entries(u32 **p, 735 unsigned int pte, 736 unsigned int tmp) 737 { 738 int small_sequence; 739 740 /* 741 * A huge PTE describes an area the size of the 742 * configured huge page size. This is twice the 743 * of the large TLB entry size we intend to use. 744 * A TLB entry half the size of the configured 745 * huge page size is configured into entrylo0 746 * and entrylo1 to cover the contiguous huge PTE 747 * address space. 748 */ 749 small_sequence = (HPAGE_SIZE >> 7) < 0x10000; 750 751 /* We can clobber tmp. It isn't used after this.*/ 752 if (!small_sequence) 753 uasm_i_lui(p, tmp, HPAGE_SIZE >> (7 + 16)); 754 755 build_convert_pte_to_entrylo(p, pte); 756 UASM_i_MTC0(p, pte, C0_ENTRYLO0); /* load it */ 757 /* convert to entrylo1 */ 758 if (small_sequence) 759 UASM_i_ADDIU(p, pte, pte, HPAGE_SIZE >> 7); 760 else 761 UASM_i_ADDU(p, pte, pte, tmp); 762 763 UASM_i_MTC0(p, pte, C0_ENTRYLO1); /* load it */ 764 } 765 766 static __cpuinit void build_huge_handler_tail(u32 **p, 767 struct uasm_reloc **r, 768 struct uasm_label **l, 769 unsigned int pte, 770 unsigned int ptr) 771 { 772 #ifdef CONFIG_SMP 773 UASM_i_SC(p, pte, 0, ptr); 774 uasm_il_beqz(p, r, pte, label_tlb_huge_update); 775 UASM_i_LW(p, pte, 0, ptr); /* Needed because SC killed our PTE */ 776 #else 777 UASM_i_SW(p, pte, 0, ptr); 778 #endif 779 build_huge_update_entries(p, pte, ptr); 780 build_huge_tlb_write_entry(p, l, r, pte, tlb_indexed, 0); 781 } 782 #endif /* CONFIG_MIPS_HUGE_TLB_SUPPORT */ 783 784 #ifdef CONFIG_64BIT 785 /* 786 * TMP and PTR are scratch. 787 * TMP will be clobbered, PTR will hold the pmd entry. 788 */ 789 static void __cpuinit 790 build_get_pmde64(u32 **p, struct uasm_label **l, struct uasm_reloc **r, 791 unsigned int tmp, unsigned int ptr) 792 { 793 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT 794 long pgdc = (long)pgd_current; 795 #endif 796 /* 797 * The vmalloc handling is not in the hotpath. 798 */ 799 uasm_i_dmfc0(p, tmp, C0_BADVADDR); 800 801 if (check_for_high_segbits) { 802 /* 803 * The kernel currently implicitely assumes that the 804 * MIPS SEGBITS parameter for the processor is 805 * (PGDIR_SHIFT+PGDIR_BITS) or less, and will never 806 * allocate virtual addresses outside the maximum 807 * range for SEGBITS = (PGDIR_SHIFT+PGDIR_BITS). But 808 * that doesn't prevent user code from accessing the 809 * higher xuseg addresses. Here, we make sure that 810 * everything but the lower xuseg addresses goes down 811 * the module_alloc/vmalloc path. 812 */ 813 uasm_i_dsrl_safe(p, ptr, tmp, PGDIR_SHIFT + PGD_ORDER + PAGE_SHIFT - 3); 814 uasm_il_bnez(p, r, ptr, label_vmalloc); 815 } else { 816 uasm_il_bltz(p, r, tmp, label_vmalloc); 817 } 818 /* No uasm_i_nop needed here, since the next insn doesn't touch TMP. */ 819 820 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 821 if (pgd_reg != -1) { 822 /* pgd is in pgd_reg */ 823 UASM_i_MFC0(p, ptr, 31, pgd_reg); 824 } else { 825 /* 826 * &pgd << 11 stored in CONTEXT [23..63]. 827 */ 828 UASM_i_MFC0(p, ptr, C0_CONTEXT); 829 830 /* Clear lower 23 bits of context. */ 831 uasm_i_dins(p, ptr, 0, 0, 23); 832 833 /* 1 0 1 0 1 << 6 xkphys cached */ 834 uasm_i_ori(p, ptr, ptr, 0x540); 835 uasm_i_drotr(p, ptr, ptr, 11); 836 } 837 #elif defined(CONFIG_SMP) 838 # ifdef CONFIG_MIPS_MT_SMTC 839 /* 840 * SMTC uses TCBind value as "CPU" index 841 */ 842 uasm_i_mfc0(p, ptr, C0_TCBIND); 843 uasm_i_dsrl_safe(p, ptr, ptr, 19); 844 # else 845 /* 846 * 64 bit SMP running in XKPHYS has smp_processor_id() << 3 847 * stored in CONTEXT. 848 */ 849 uasm_i_dmfc0(p, ptr, C0_CONTEXT); 850 uasm_i_dsrl_safe(p, ptr, ptr, 23); 851 # endif 852 UASM_i_LA_mostly(p, tmp, pgdc); 853 uasm_i_daddu(p, ptr, ptr, tmp); 854 uasm_i_dmfc0(p, tmp, C0_BADVADDR); 855 uasm_i_ld(p, ptr, uasm_rel_lo(pgdc), ptr); 856 #else 857 UASM_i_LA_mostly(p, ptr, pgdc); 858 uasm_i_ld(p, ptr, uasm_rel_lo(pgdc), ptr); 859 #endif 860 861 uasm_l_vmalloc_done(l, *p); 862 863 /* get pgd offset in bytes */ 864 uasm_i_dsrl_safe(p, tmp, tmp, PGDIR_SHIFT - 3); 865 866 uasm_i_andi(p, tmp, tmp, (PTRS_PER_PGD - 1)<<3); 867 uasm_i_daddu(p, ptr, ptr, tmp); /* add in pgd offset */ 868 #ifndef __PAGETABLE_PMD_FOLDED 869 uasm_i_dmfc0(p, tmp, C0_BADVADDR); /* get faulting address */ 870 uasm_i_ld(p, ptr, 0, ptr); /* get pmd pointer */ 871 uasm_i_dsrl_safe(p, tmp, tmp, PMD_SHIFT-3); /* get pmd offset in bytes */ 872 uasm_i_andi(p, tmp, tmp, (PTRS_PER_PMD - 1)<<3); 873 uasm_i_daddu(p, ptr, ptr, tmp); /* add in pmd offset */ 874 #endif 875 } 876 877 /* 878 * BVADDR is the faulting address, PTR is scratch. 879 * PTR will hold the pgd for vmalloc. 880 */ 881 static void __cpuinit 882 build_get_pgd_vmalloc64(u32 **p, struct uasm_label **l, struct uasm_reloc **r, 883 unsigned int bvaddr, unsigned int ptr, 884 enum vmalloc64_mode mode) 885 { 886 long swpd = (long)swapper_pg_dir; 887 int single_insn_swpd; 888 int did_vmalloc_branch = 0; 889 890 single_insn_swpd = uasm_in_compat_space_p(swpd) && !uasm_rel_lo(swpd); 891 892 uasm_l_vmalloc(l, *p); 893 894 if (mode != not_refill && check_for_high_segbits) { 895 if (single_insn_swpd) { 896 uasm_il_bltz(p, r, bvaddr, label_vmalloc_done); 897 uasm_i_lui(p, ptr, uasm_rel_hi(swpd)); 898 did_vmalloc_branch = 1; 899 /* fall through */ 900 } else { 901 uasm_il_bgez(p, r, bvaddr, label_large_segbits_fault); 902 } 903 } 904 if (!did_vmalloc_branch) { 905 if (uasm_in_compat_space_p(swpd) && !uasm_rel_lo(swpd)) { 906 uasm_il_b(p, r, label_vmalloc_done); 907 uasm_i_lui(p, ptr, uasm_rel_hi(swpd)); 908 } else { 909 UASM_i_LA_mostly(p, ptr, swpd); 910 uasm_il_b(p, r, label_vmalloc_done); 911 if (uasm_in_compat_space_p(swpd)) 912 uasm_i_addiu(p, ptr, ptr, uasm_rel_lo(swpd)); 913 else 914 uasm_i_daddiu(p, ptr, ptr, uasm_rel_lo(swpd)); 915 } 916 } 917 if (mode != not_refill && check_for_high_segbits) { 918 uasm_l_large_segbits_fault(l, *p); 919 /* 920 * We get here if we are an xsseg address, or if we are 921 * an xuseg address above (PGDIR_SHIFT+PGDIR_BITS) boundary. 922 * 923 * Ignoring xsseg (assume disabled so would generate 924 * (address errors?), the only remaining possibility 925 * is the upper xuseg addresses. On processors with 926 * TLB_SEGBITS <= PGDIR_SHIFT+PGDIR_BITS, these 927 * addresses would have taken an address error. We try 928 * to mimic that here by taking a load/istream page 929 * fault. 930 */ 931 UASM_i_LA(p, ptr, (unsigned long)tlb_do_page_fault_0); 932 uasm_i_jr(p, ptr); 933 934 if (mode == refill_scratch) { 935 if (scratch_reg > 0) 936 UASM_i_MFC0(p, 1, 31, scratch_reg); 937 else 938 UASM_i_LW(p, 1, scratchpad_offset(0), 0); 939 } else { 940 uasm_i_nop(p); 941 } 942 } 943 } 944 945 #else /* !CONFIG_64BIT */ 946 947 /* 948 * TMP and PTR are scratch. 949 * TMP will be clobbered, PTR will hold the pgd entry. 950 */ 951 static void __cpuinit __maybe_unused 952 build_get_pgde32(u32 **p, unsigned int tmp, unsigned int ptr) 953 { 954 long pgdc = (long)pgd_current; 955 956 /* 32 bit SMP has smp_processor_id() stored in CONTEXT. */ 957 #ifdef CONFIG_SMP 958 #ifdef CONFIG_MIPS_MT_SMTC 959 /* 960 * SMTC uses TCBind value as "CPU" index 961 */ 962 uasm_i_mfc0(p, ptr, C0_TCBIND); 963 UASM_i_LA_mostly(p, tmp, pgdc); 964 uasm_i_srl(p, ptr, ptr, 19); 965 #else 966 /* 967 * smp_processor_id() << 3 is stored in CONTEXT. 968 */ 969 uasm_i_mfc0(p, ptr, C0_CONTEXT); 970 UASM_i_LA_mostly(p, tmp, pgdc); 971 uasm_i_srl(p, ptr, ptr, 23); 972 #endif 973 uasm_i_addu(p, ptr, tmp, ptr); 974 #else 975 UASM_i_LA_mostly(p, ptr, pgdc); 976 #endif 977 uasm_i_mfc0(p, tmp, C0_BADVADDR); /* get faulting address */ 978 uasm_i_lw(p, ptr, uasm_rel_lo(pgdc), ptr); 979 980 if (cpu_has_mips_r2) { 981 uasm_i_ext(p, tmp, tmp, PGDIR_SHIFT, (32 - PGDIR_SHIFT)); 982 uasm_i_ins(p, ptr, tmp, PGD_T_LOG2, (32 - PGDIR_SHIFT)); 983 return; 984 } 985 986 uasm_i_srl(p, tmp, tmp, PGDIR_SHIFT); /* get pgd only bits */ 987 uasm_i_sll(p, tmp, tmp, PGD_T_LOG2); 988 uasm_i_addu(p, ptr, ptr, tmp); /* add in pgd offset */ 989 } 990 991 #endif /* !CONFIG_64BIT */ 992 993 static void __cpuinit build_adjust_context(u32 **p, unsigned int ctx) 994 { 995 unsigned int shift = 4 - (PTE_T_LOG2 + 1) + PAGE_SHIFT - 12; 996 unsigned int mask = (PTRS_PER_PTE / 2 - 1) << (PTE_T_LOG2 + 1); 997 998 switch (current_cpu_type()) { 999 case CPU_VR41XX: 1000 case CPU_VR4111: 1001 case CPU_VR4121: 1002 case CPU_VR4122: 1003 case CPU_VR4131: 1004 case CPU_VR4181: 1005 case CPU_VR4181A: 1006 case CPU_VR4133: 1007 shift += 2; 1008 break; 1009 1010 default: 1011 break; 1012 } 1013 1014 if (shift) 1015 UASM_i_SRL(p, ctx, ctx, shift); 1016 uasm_i_andi(p, ctx, ctx, mask); 1017 } 1018 1019 static void __cpuinit build_get_ptep(u32 **p, unsigned int tmp, unsigned int ptr) 1020 { 1021 if (cpu_has_mips_r2) { 1022 /* PTE ptr offset is obtained from BadVAddr */ 1023 UASM_i_MFC0(p, tmp, C0_BADVADDR); 1024 UASM_i_LW(p, ptr, 0, ptr); 1025 uasm_i_ext(p, tmp, tmp, PAGE_SHIFT+1, PGDIR_SHIFT-PAGE_SHIFT-1); 1026 uasm_i_ins(p, ptr, tmp, PTE_T_LOG2+1, PGDIR_SHIFT-PAGE_SHIFT-1); 1027 return; 1028 } 1029 1030 /* 1031 * Bug workaround for the Nevada. It seems as if under certain 1032 * circumstances the move from cp0_context might produce a 1033 * bogus result when the mfc0 instruction and its consumer are 1034 * in a different cacheline or a load instruction, probably any 1035 * memory reference, is between them. 1036 */ 1037 switch (current_cpu_type()) { 1038 case CPU_NEVADA: 1039 UASM_i_LW(p, ptr, 0, ptr); 1040 GET_CONTEXT(p, tmp); /* get context reg */ 1041 break; 1042 1043 default: 1044 GET_CONTEXT(p, tmp); /* get context reg */ 1045 UASM_i_LW(p, ptr, 0, ptr); 1046 break; 1047 } 1048 1049 build_adjust_context(p, tmp); 1050 UASM_i_ADDU(p, ptr, ptr, tmp); /* add in offset */ 1051 } 1052 1053 static void __cpuinit build_update_entries(u32 **p, unsigned int tmp, 1054 unsigned int ptep) 1055 { 1056 /* 1057 * 64bit address support (36bit on a 32bit CPU) in a 32bit 1058 * Kernel is a special case. Only a few CPUs use it. 1059 */ 1060 #ifdef CONFIG_64BIT_PHYS_ADDR 1061 if (cpu_has_64bits) { 1062 uasm_i_ld(p, tmp, 0, ptep); /* get even pte */ 1063 uasm_i_ld(p, ptep, sizeof(pte_t), ptep); /* get odd pte */ 1064 if (cpu_has_rixi) { 1065 UASM_i_ROTR(p, tmp, tmp, ilog2(_PAGE_GLOBAL)); 1066 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1067 UASM_i_ROTR(p, ptep, ptep, ilog2(_PAGE_GLOBAL)); 1068 } else { 1069 uasm_i_dsrl_safe(p, tmp, tmp, ilog2(_PAGE_GLOBAL)); /* convert to entrylo0 */ 1070 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1071 uasm_i_dsrl_safe(p, ptep, ptep, ilog2(_PAGE_GLOBAL)); /* convert to entrylo1 */ 1072 } 1073 UASM_i_MTC0(p, ptep, C0_ENTRYLO1); /* load it */ 1074 } else { 1075 int pte_off_even = sizeof(pte_t) / 2; 1076 int pte_off_odd = pte_off_even + sizeof(pte_t); 1077 1078 /* The pte entries are pre-shifted */ 1079 uasm_i_lw(p, tmp, pte_off_even, ptep); /* get even pte */ 1080 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1081 uasm_i_lw(p, ptep, pte_off_odd, ptep); /* get odd pte */ 1082 UASM_i_MTC0(p, ptep, C0_ENTRYLO1); /* load it */ 1083 } 1084 #else 1085 UASM_i_LW(p, tmp, 0, ptep); /* get even pte */ 1086 UASM_i_LW(p, ptep, sizeof(pte_t), ptep); /* get odd pte */ 1087 if (r45k_bvahwbug()) 1088 build_tlb_probe_entry(p); 1089 if (cpu_has_rixi) { 1090 UASM_i_ROTR(p, tmp, tmp, ilog2(_PAGE_GLOBAL)); 1091 if (r4k_250MHZhwbug()) 1092 UASM_i_MTC0(p, 0, C0_ENTRYLO0); 1093 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1094 UASM_i_ROTR(p, ptep, ptep, ilog2(_PAGE_GLOBAL)); 1095 } else { 1096 UASM_i_SRL(p, tmp, tmp, ilog2(_PAGE_GLOBAL)); /* convert to entrylo0 */ 1097 if (r4k_250MHZhwbug()) 1098 UASM_i_MTC0(p, 0, C0_ENTRYLO0); 1099 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */ 1100 UASM_i_SRL(p, ptep, ptep, ilog2(_PAGE_GLOBAL)); /* convert to entrylo1 */ 1101 if (r45k_bvahwbug()) 1102 uasm_i_mfc0(p, tmp, C0_INDEX); 1103 } 1104 if (r4k_250MHZhwbug()) 1105 UASM_i_MTC0(p, 0, C0_ENTRYLO1); 1106 UASM_i_MTC0(p, ptep, C0_ENTRYLO1); /* load it */ 1107 #endif 1108 } 1109 1110 struct mips_huge_tlb_info { 1111 int huge_pte; 1112 int restore_scratch; 1113 }; 1114 1115 static struct mips_huge_tlb_info __cpuinit 1116 build_fast_tlb_refill_handler (u32 **p, struct uasm_label **l, 1117 struct uasm_reloc **r, unsigned int tmp, 1118 unsigned int ptr, int c0_scratch) 1119 { 1120 struct mips_huge_tlb_info rv; 1121 unsigned int even, odd; 1122 int vmalloc_branch_delay_filled = 0; 1123 const int scratch = 1; /* Our extra working register */ 1124 1125 rv.huge_pte = scratch; 1126 rv.restore_scratch = 0; 1127 1128 if (check_for_high_segbits) { 1129 UASM_i_MFC0(p, tmp, C0_BADVADDR); 1130 1131 if (pgd_reg != -1) 1132 UASM_i_MFC0(p, ptr, 31, pgd_reg); 1133 else 1134 UASM_i_MFC0(p, ptr, C0_CONTEXT); 1135 1136 if (c0_scratch >= 0) 1137 UASM_i_MTC0(p, scratch, 31, c0_scratch); 1138 else 1139 UASM_i_SW(p, scratch, scratchpad_offset(0), 0); 1140 1141 uasm_i_dsrl_safe(p, scratch, tmp, 1142 PGDIR_SHIFT + PGD_ORDER + PAGE_SHIFT - 3); 1143 uasm_il_bnez(p, r, scratch, label_vmalloc); 1144 1145 if (pgd_reg == -1) { 1146 vmalloc_branch_delay_filled = 1; 1147 /* Clear lower 23 bits of context. */ 1148 uasm_i_dins(p, ptr, 0, 0, 23); 1149 } 1150 } else { 1151 if (pgd_reg != -1) 1152 UASM_i_MFC0(p, ptr, 31, pgd_reg); 1153 else 1154 UASM_i_MFC0(p, ptr, C0_CONTEXT); 1155 1156 UASM_i_MFC0(p, tmp, C0_BADVADDR); 1157 1158 if (c0_scratch >= 0) 1159 UASM_i_MTC0(p, scratch, 31, c0_scratch); 1160 else 1161 UASM_i_SW(p, scratch, scratchpad_offset(0), 0); 1162 1163 if (pgd_reg == -1) 1164 /* Clear lower 23 bits of context. */ 1165 uasm_i_dins(p, ptr, 0, 0, 23); 1166 1167 uasm_il_bltz(p, r, tmp, label_vmalloc); 1168 } 1169 1170 if (pgd_reg == -1) { 1171 vmalloc_branch_delay_filled = 1; 1172 /* 1 0 1 0 1 << 6 xkphys cached */ 1173 uasm_i_ori(p, ptr, ptr, 0x540); 1174 uasm_i_drotr(p, ptr, ptr, 11); 1175 } 1176 1177 #ifdef __PAGETABLE_PMD_FOLDED 1178 #define LOC_PTEP scratch 1179 #else 1180 #define LOC_PTEP ptr 1181 #endif 1182 1183 if (!vmalloc_branch_delay_filled) 1184 /* get pgd offset in bytes */ 1185 uasm_i_dsrl_safe(p, scratch, tmp, PGDIR_SHIFT - 3); 1186 1187 uasm_l_vmalloc_done(l, *p); 1188 1189 /* 1190 * tmp ptr 1191 * fall-through case = badvaddr *pgd_current 1192 * vmalloc case = badvaddr swapper_pg_dir 1193 */ 1194 1195 if (vmalloc_branch_delay_filled) 1196 /* get pgd offset in bytes */ 1197 uasm_i_dsrl_safe(p, scratch, tmp, PGDIR_SHIFT - 3); 1198 1199 #ifdef __PAGETABLE_PMD_FOLDED 1200 GET_CONTEXT(p, tmp); /* get context reg */ 1201 #endif 1202 uasm_i_andi(p, scratch, scratch, (PTRS_PER_PGD - 1) << 3); 1203 1204 if (use_lwx_insns()) { 1205 UASM_i_LWX(p, LOC_PTEP, scratch, ptr); 1206 } else { 1207 uasm_i_daddu(p, ptr, ptr, scratch); /* add in pgd offset */ 1208 uasm_i_ld(p, LOC_PTEP, 0, ptr); /* get pmd pointer */ 1209 } 1210 1211 #ifndef __PAGETABLE_PMD_FOLDED 1212 /* get pmd offset in bytes */ 1213 uasm_i_dsrl_safe(p, scratch, tmp, PMD_SHIFT - 3); 1214 uasm_i_andi(p, scratch, scratch, (PTRS_PER_PMD - 1) << 3); 1215 GET_CONTEXT(p, tmp); /* get context reg */ 1216 1217 if (use_lwx_insns()) { 1218 UASM_i_LWX(p, scratch, scratch, ptr); 1219 } else { 1220 uasm_i_daddu(p, ptr, ptr, scratch); /* add in pmd offset */ 1221 UASM_i_LW(p, scratch, 0, ptr); 1222 } 1223 #endif 1224 /* Adjust the context during the load latency. */ 1225 build_adjust_context(p, tmp); 1226 1227 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1228 uasm_il_bbit1(p, r, scratch, ilog2(_PAGE_HUGE), label_tlb_huge_update); 1229 /* 1230 * The in the LWX case we don't want to do the load in the 1231 * delay slot. It cannot issue in the same cycle and may be 1232 * speculative and unneeded. 1233 */ 1234 if (use_lwx_insns()) 1235 uasm_i_nop(p); 1236 #endif /* CONFIG_MIPS_HUGE_TLB_SUPPORT */ 1237 1238 1239 /* build_update_entries */ 1240 if (use_lwx_insns()) { 1241 even = ptr; 1242 odd = tmp; 1243 UASM_i_LWX(p, even, scratch, tmp); 1244 UASM_i_ADDIU(p, tmp, tmp, sizeof(pte_t)); 1245 UASM_i_LWX(p, odd, scratch, tmp); 1246 } else { 1247 UASM_i_ADDU(p, ptr, scratch, tmp); /* add in offset */ 1248 even = tmp; 1249 odd = ptr; 1250 UASM_i_LW(p, even, 0, ptr); /* get even pte */ 1251 UASM_i_LW(p, odd, sizeof(pte_t), ptr); /* get odd pte */ 1252 } 1253 if (cpu_has_rixi) { 1254 uasm_i_drotr(p, even, even, ilog2(_PAGE_GLOBAL)); 1255 UASM_i_MTC0(p, even, C0_ENTRYLO0); /* load it */ 1256 uasm_i_drotr(p, odd, odd, ilog2(_PAGE_GLOBAL)); 1257 } else { 1258 uasm_i_dsrl_safe(p, even, even, ilog2(_PAGE_GLOBAL)); 1259 UASM_i_MTC0(p, even, C0_ENTRYLO0); /* load it */ 1260 uasm_i_dsrl_safe(p, odd, odd, ilog2(_PAGE_GLOBAL)); 1261 } 1262 UASM_i_MTC0(p, odd, C0_ENTRYLO1); /* load it */ 1263 1264 if (c0_scratch >= 0) { 1265 UASM_i_MFC0(p, scratch, 31, c0_scratch); 1266 build_tlb_write_entry(p, l, r, tlb_random); 1267 uasm_l_leave(l, *p); 1268 rv.restore_scratch = 1; 1269 } else if (PAGE_SHIFT == 14 || PAGE_SHIFT == 13) { 1270 build_tlb_write_entry(p, l, r, tlb_random); 1271 uasm_l_leave(l, *p); 1272 UASM_i_LW(p, scratch, scratchpad_offset(0), 0); 1273 } else { 1274 UASM_i_LW(p, scratch, scratchpad_offset(0), 0); 1275 build_tlb_write_entry(p, l, r, tlb_random); 1276 uasm_l_leave(l, *p); 1277 rv.restore_scratch = 1; 1278 } 1279 1280 uasm_i_eret(p); /* return from trap */ 1281 1282 return rv; 1283 } 1284 1285 /* 1286 * For a 64-bit kernel, we are using the 64-bit XTLB refill exception 1287 * because EXL == 0. If we wrap, we can also use the 32 instruction 1288 * slots before the XTLB refill exception handler which belong to the 1289 * unused TLB refill exception. 1290 */ 1291 #define MIPS64_REFILL_INSNS 32 1292 1293 static void __cpuinit build_r4000_tlb_refill_handler(void) 1294 { 1295 u32 *p = tlb_handler; 1296 struct uasm_label *l = labels; 1297 struct uasm_reloc *r = relocs; 1298 u32 *f; 1299 unsigned int final_len; 1300 struct mips_huge_tlb_info htlb_info __maybe_unused; 1301 enum vmalloc64_mode vmalloc_mode __maybe_unused; 1302 1303 memset(tlb_handler, 0, sizeof(tlb_handler)); 1304 memset(labels, 0, sizeof(labels)); 1305 memset(relocs, 0, sizeof(relocs)); 1306 memset(final_handler, 0, sizeof(final_handler)); 1307 1308 if ((scratch_reg > 0 || scratchpad_available()) && use_bbit_insns()) { 1309 htlb_info = build_fast_tlb_refill_handler(&p, &l, &r, K0, K1, 1310 scratch_reg); 1311 vmalloc_mode = refill_scratch; 1312 } else { 1313 htlb_info.huge_pte = K0; 1314 htlb_info.restore_scratch = 0; 1315 vmalloc_mode = refill_noscratch; 1316 /* 1317 * create the plain linear handler 1318 */ 1319 if (bcm1250_m3_war()) { 1320 unsigned int segbits = 44; 1321 1322 uasm_i_dmfc0(&p, K0, C0_BADVADDR); 1323 uasm_i_dmfc0(&p, K1, C0_ENTRYHI); 1324 uasm_i_xor(&p, K0, K0, K1); 1325 uasm_i_dsrl_safe(&p, K1, K0, 62); 1326 uasm_i_dsrl_safe(&p, K0, K0, 12 + 1); 1327 uasm_i_dsll_safe(&p, K0, K0, 64 + 12 + 1 - segbits); 1328 uasm_i_or(&p, K0, K0, K1); 1329 uasm_il_bnez(&p, &r, K0, label_leave); 1330 /* No need for uasm_i_nop */ 1331 } 1332 1333 #ifdef CONFIG_64BIT 1334 build_get_pmde64(&p, &l, &r, K0, K1); /* get pmd in K1 */ 1335 #else 1336 build_get_pgde32(&p, K0, K1); /* get pgd in K1 */ 1337 #endif 1338 1339 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1340 build_is_huge_pte(&p, &r, K0, K1, label_tlb_huge_update); 1341 #endif 1342 1343 build_get_ptep(&p, K0, K1); 1344 build_update_entries(&p, K0, K1); 1345 build_tlb_write_entry(&p, &l, &r, tlb_random); 1346 uasm_l_leave(&l, p); 1347 uasm_i_eret(&p); /* return from trap */ 1348 } 1349 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1350 uasm_l_tlb_huge_update(&l, p); 1351 build_huge_update_entries(&p, htlb_info.huge_pte, K1); 1352 build_huge_tlb_write_entry(&p, &l, &r, K0, tlb_random, 1353 htlb_info.restore_scratch); 1354 #endif 1355 1356 #ifdef CONFIG_64BIT 1357 build_get_pgd_vmalloc64(&p, &l, &r, K0, K1, vmalloc_mode); 1358 #endif 1359 1360 /* 1361 * Overflow check: For the 64bit handler, we need at least one 1362 * free instruction slot for the wrap-around branch. In worst 1363 * case, if the intended insertion point is a delay slot, we 1364 * need three, with the second nop'ed and the third being 1365 * unused. 1366 */ 1367 /* Loongson2 ebase is different than r4k, we have more space */ 1368 #if defined(CONFIG_32BIT) || defined(CONFIG_CPU_LOONGSON2) 1369 if ((p - tlb_handler) > 64) 1370 panic("TLB refill handler space exceeded"); 1371 #else 1372 if (((p - tlb_handler) > (MIPS64_REFILL_INSNS * 2) - 1) 1373 || (((p - tlb_handler) > (MIPS64_REFILL_INSNS * 2) - 3) 1374 && uasm_insn_has_bdelay(relocs, 1375 tlb_handler + MIPS64_REFILL_INSNS - 3))) 1376 panic("TLB refill handler space exceeded"); 1377 #endif 1378 1379 /* 1380 * Now fold the handler in the TLB refill handler space. 1381 */ 1382 #if defined(CONFIG_32BIT) || defined(CONFIG_CPU_LOONGSON2) 1383 f = final_handler; 1384 /* Simplest case, just copy the handler. */ 1385 uasm_copy_handler(relocs, labels, tlb_handler, p, f); 1386 final_len = p - tlb_handler; 1387 #else /* CONFIG_64BIT */ 1388 f = final_handler + MIPS64_REFILL_INSNS; 1389 if ((p - tlb_handler) <= MIPS64_REFILL_INSNS) { 1390 /* Just copy the handler. */ 1391 uasm_copy_handler(relocs, labels, tlb_handler, p, f); 1392 final_len = p - tlb_handler; 1393 } else { 1394 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1395 const enum label_id ls = label_tlb_huge_update; 1396 #else 1397 const enum label_id ls = label_vmalloc; 1398 #endif 1399 u32 *split; 1400 int ov = 0; 1401 int i; 1402 1403 for (i = 0; i < ARRAY_SIZE(labels) && labels[i].lab != ls; i++) 1404 ; 1405 BUG_ON(i == ARRAY_SIZE(labels)); 1406 split = labels[i].addr; 1407 1408 /* 1409 * See if we have overflown one way or the other. 1410 */ 1411 if (split > tlb_handler + MIPS64_REFILL_INSNS || 1412 split < p - MIPS64_REFILL_INSNS) 1413 ov = 1; 1414 1415 if (ov) { 1416 /* 1417 * Split two instructions before the end. One 1418 * for the branch and one for the instruction 1419 * in the delay slot. 1420 */ 1421 split = tlb_handler + MIPS64_REFILL_INSNS - 2; 1422 1423 /* 1424 * If the branch would fall in a delay slot, 1425 * we must back up an additional instruction 1426 * so that it is no longer in a delay slot. 1427 */ 1428 if (uasm_insn_has_bdelay(relocs, split - 1)) 1429 split--; 1430 } 1431 /* Copy first part of the handler. */ 1432 uasm_copy_handler(relocs, labels, tlb_handler, split, f); 1433 f += split - tlb_handler; 1434 1435 if (ov) { 1436 /* Insert branch. */ 1437 uasm_l_split(&l, final_handler); 1438 uasm_il_b(&f, &r, label_split); 1439 if (uasm_insn_has_bdelay(relocs, split)) 1440 uasm_i_nop(&f); 1441 else { 1442 uasm_copy_handler(relocs, labels, 1443 split, split + 1, f); 1444 uasm_move_labels(labels, f, f + 1, -1); 1445 f++; 1446 split++; 1447 } 1448 } 1449 1450 /* Copy the rest of the handler. */ 1451 uasm_copy_handler(relocs, labels, split, p, final_handler); 1452 final_len = (f - (final_handler + MIPS64_REFILL_INSNS)) + 1453 (p - split); 1454 } 1455 #endif /* CONFIG_64BIT */ 1456 1457 uasm_resolve_relocs(relocs, labels); 1458 pr_debug("Wrote TLB refill handler (%u instructions).\n", 1459 final_len); 1460 1461 memcpy((void *)ebase, final_handler, 0x100); 1462 1463 dump_handler("r4000_tlb_refill", (u32 *)ebase, 64); 1464 } 1465 1466 /* 1467 * 128 instructions for the fastpath handler is generous and should 1468 * never be exceeded. 1469 */ 1470 #define FASTPATH_SIZE 128 1471 1472 u32 handle_tlbl[FASTPATH_SIZE] __cacheline_aligned; 1473 u32 handle_tlbs[FASTPATH_SIZE] __cacheline_aligned; 1474 u32 handle_tlbm[FASTPATH_SIZE] __cacheline_aligned; 1475 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 1476 u32 tlbmiss_handler_setup_pgd[16] __cacheline_aligned; 1477 1478 static void __cpuinit build_r4000_setup_pgd(void) 1479 { 1480 const int a0 = 4; 1481 const int a1 = 5; 1482 u32 *p = tlbmiss_handler_setup_pgd; 1483 struct uasm_label *l = labels; 1484 struct uasm_reloc *r = relocs; 1485 1486 memset(tlbmiss_handler_setup_pgd, 0, sizeof(tlbmiss_handler_setup_pgd)); 1487 memset(labels, 0, sizeof(labels)); 1488 memset(relocs, 0, sizeof(relocs)); 1489 1490 pgd_reg = allocate_kscratch(); 1491 1492 if (pgd_reg == -1) { 1493 /* PGD << 11 in c0_Context */ 1494 /* 1495 * If it is a ckseg0 address, convert to a physical 1496 * address. Shifting right by 29 and adding 4 will 1497 * result in zero for these addresses. 1498 * 1499 */ 1500 UASM_i_SRA(&p, a1, a0, 29); 1501 UASM_i_ADDIU(&p, a1, a1, 4); 1502 uasm_il_bnez(&p, &r, a1, label_tlbl_goaround1); 1503 uasm_i_nop(&p); 1504 uasm_i_dinsm(&p, a0, 0, 29, 64 - 29); 1505 uasm_l_tlbl_goaround1(&l, p); 1506 UASM_i_SLL(&p, a0, a0, 11); 1507 uasm_i_jr(&p, 31); 1508 UASM_i_MTC0(&p, a0, C0_CONTEXT); 1509 } else { 1510 /* PGD in c0_KScratch */ 1511 uasm_i_jr(&p, 31); 1512 UASM_i_MTC0(&p, a0, 31, pgd_reg); 1513 } 1514 if (p - tlbmiss_handler_setup_pgd > ARRAY_SIZE(tlbmiss_handler_setup_pgd)) 1515 panic("tlbmiss_handler_setup_pgd space exceeded"); 1516 uasm_resolve_relocs(relocs, labels); 1517 pr_debug("Wrote tlbmiss_handler_setup_pgd (%u instructions).\n", 1518 (unsigned int)(p - tlbmiss_handler_setup_pgd)); 1519 1520 dump_handler("tlbmiss_handler", 1521 tlbmiss_handler_setup_pgd, 1522 ARRAY_SIZE(tlbmiss_handler_setup_pgd)); 1523 } 1524 #endif 1525 1526 static void __cpuinit 1527 iPTE_LW(u32 **p, unsigned int pte, unsigned int ptr) 1528 { 1529 #ifdef CONFIG_SMP 1530 # ifdef CONFIG_64BIT_PHYS_ADDR 1531 if (cpu_has_64bits) 1532 uasm_i_lld(p, pte, 0, ptr); 1533 else 1534 # endif 1535 UASM_i_LL(p, pte, 0, ptr); 1536 #else 1537 # ifdef CONFIG_64BIT_PHYS_ADDR 1538 if (cpu_has_64bits) 1539 uasm_i_ld(p, pte, 0, ptr); 1540 else 1541 # endif 1542 UASM_i_LW(p, pte, 0, ptr); 1543 #endif 1544 } 1545 1546 static void __cpuinit 1547 iPTE_SW(u32 **p, struct uasm_reloc **r, unsigned int pte, unsigned int ptr, 1548 unsigned int mode) 1549 { 1550 #ifdef CONFIG_64BIT_PHYS_ADDR 1551 unsigned int hwmode = mode & (_PAGE_VALID | _PAGE_DIRTY); 1552 #endif 1553 1554 uasm_i_ori(p, pte, pte, mode); 1555 #ifdef CONFIG_SMP 1556 # ifdef CONFIG_64BIT_PHYS_ADDR 1557 if (cpu_has_64bits) 1558 uasm_i_scd(p, pte, 0, ptr); 1559 else 1560 # endif 1561 UASM_i_SC(p, pte, 0, ptr); 1562 1563 if (r10000_llsc_war()) 1564 uasm_il_beqzl(p, r, pte, label_smp_pgtable_change); 1565 else 1566 uasm_il_beqz(p, r, pte, label_smp_pgtable_change); 1567 1568 # ifdef CONFIG_64BIT_PHYS_ADDR 1569 if (!cpu_has_64bits) { 1570 /* no uasm_i_nop needed */ 1571 uasm_i_ll(p, pte, sizeof(pte_t) / 2, ptr); 1572 uasm_i_ori(p, pte, pte, hwmode); 1573 uasm_i_sc(p, pte, sizeof(pte_t) / 2, ptr); 1574 uasm_il_beqz(p, r, pte, label_smp_pgtable_change); 1575 /* no uasm_i_nop needed */ 1576 uasm_i_lw(p, pte, 0, ptr); 1577 } else 1578 uasm_i_nop(p); 1579 # else 1580 uasm_i_nop(p); 1581 # endif 1582 #else 1583 # ifdef CONFIG_64BIT_PHYS_ADDR 1584 if (cpu_has_64bits) 1585 uasm_i_sd(p, pte, 0, ptr); 1586 else 1587 # endif 1588 UASM_i_SW(p, pte, 0, ptr); 1589 1590 # ifdef CONFIG_64BIT_PHYS_ADDR 1591 if (!cpu_has_64bits) { 1592 uasm_i_lw(p, pte, sizeof(pte_t) / 2, ptr); 1593 uasm_i_ori(p, pte, pte, hwmode); 1594 uasm_i_sw(p, pte, sizeof(pte_t) / 2, ptr); 1595 uasm_i_lw(p, pte, 0, ptr); 1596 } 1597 # endif 1598 #endif 1599 } 1600 1601 /* 1602 * Check if PTE is present, if not then jump to LABEL. PTR points to 1603 * the page table where this PTE is located, PTE will be re-loaded 1604 * with it's original value. 1605 */ 1606 static void __cpuinit 1607 build_pte_present(u32 **p, struct uasm_reloc **r, 1608 int pte, int ptr, int scratch, enum label_id lid) 1609 { 1610 int t = scratch >= 0 ? scratch : pte; 1611 1612 if (cpu_has_rixi) { 1613 if (use_bbit_insns()) { 1614 uasm_il_bbit0(p, r, pte, ilog2(_PAGE_PRESENT), lid); 1615 uasm_i_nop(p); 1616 } else { 1617 uasm_i_andi(p, t, pte, _PAGE_PRESENT); 1618 uasm_il_beqz(p, r, t, lid); 1619 if (pte == t) 1620 /* You lose the SMP race :-(*/ 1621 iPTE_LW(p, pte, ptr); 1622 } 1623 } else { 1624 uasm_i_andi(p, t, pte, _PAGE_PRESENT | _PAGE_READ); 1625 uasm_i_xori(p, t, t, _PAGE_PRESENT | _PAGE_READ); 1626 uasm_il_bnez(p, r, t, lid); 1627 if (pte == t) 1628 /* You lose the SMP race :-(*/ 1629 iPTE_LW(p, pte, ptr); 1630 } 1631 } 1632 1633 /* Make PTE valid, store result in PTR. */ 1634 static void __cpuinit 1635 build_make_valid(u32 **p, struct uasm_reloc **r, unsigned int pte, 1636 unsigned int ptr) 1637 { 1638 unsigned int mode = _PAGE_VALID | _PAGE_ACCESSED; 1639 1640 iPTE_SW(p, r, pte, ptr, mode); 1641 } 1642 1643 /* 1644 * Check if PTE can be written to, if not branch to LABEL. Regardless 1645 * restore PTE with value from PTR when done. 1646 */ 1647 static void __cpuinit 1648 build_pte_writable(u32 **p, struct uasm_reloc **r, 1649 unsigned int pte, unsigned int ptr, int scratch, 1650 enum label_id lid) 1651 { 1652 int t = scratch >= 0 ? scratch : pte; 1653 1654 uasm_i_andi(p, t, pte, _PAGE_PRESENT | _PAGE_WRITE); 1655 uasm_i_xori(p, t, t, _PAGE_PRESENT | _PAGE_WRITE); 1656 uasm_il_bnez(p, r, t, lid); 1657 if (pte == t) 1658 /* You lose the SMP race :-(*/ 1659 iPTE_LW(p, pte, ptr); 1660 else 1661 uasm_i_nop(p); 1662 } 1663 1664 /* Make PTE writable, update software status bits as well, then store 1665 * at PTR. 1666 */ 1667 static void __cpuinit 1668 build_make_write(u32 **p, struct uasm_reloc **r, unsigned int pte, 1669 unsigned int ptr) 1670 { 1671 unsigned int mode = (_PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID 1672 | _PAGE_DIRTY); 1673 1674 iPTE_SW(p, r, pte, ptr, mode); 1675 } 1676 1677 /* 1678 * Check if PTE can be modified, if not branch to LABEL. Regardless 1679 * restore PTE with value from PTR when done. 1680 */ 1681 static void __cpuinit 1682 build_pte_modifiable(u32 **p, struct uasm_reloc **r, 1683 unsigned int pte, unsigned int ptr, int scratch, 1684 enum label_id lid) 1685 { 1686 if (use_bbit_insns()) { 1687 uasm_il_bbit0(p, r, pte, ilog2(_PAGE_WRITE), lid); 1688 uasm_i_nop(p); 1689 } else { 1690 int t = scratch >= 0 ? scratch : pte; 1691 uasm_i_andi(p, t, pte, _PAGE_WRITE); 1692 uasm_il_beqz(p, r, t, lid); 1693 if (pte == t) 1694 /* You lose the SMP race :-(*/ 1695 iPTE_LW(p, pte, ptr); 1696 } 1697 } 1698 1699 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT 1700 1701 1702 /* 1703 * R3000 style TLB load/store/modify handlers. 1704 */ 1705 1706 /* 1707 * This places the pte into ENTRYLO0 and writes it with tlbwi. 1708 * Then it returns. 1709 */ 1710 static void __cpuinit 1711 build_r3000_pte_reload_tlbwi(u32 **p, unsigned int pte, unsigned int tmp) 1712 { 1713 uasm_i_mtc0(p, pte, C0_ENTRYLO0); /* cp0 delay */ 1714 uasm_i_mfc0(p, tmp, C0_EPC); /* cp0 delay */ 1715 uasm_i_tlbwi(p); 1716 uasm_i_jr(p, tmp); 1717 uasm_i_rfe(p); /* branch delay */ 1718 } 1719 1720 /* 1721 * This places the pte into ENTRYLO0 and writes it with tlbwi 1722 * or tlbwr as appropriate. This is because the index register 1723 * may have the probe fail bit set as a result of a trap on a 1724 * kseg2 access, i.e. without refill. Then it returns. 1725 */ 1726 static void __cpuinit 1727 build_r3000_tlb_reload_write(u32 **p, struct uasm_label **l, 1728 struct uasm_reloc **r, unsigned int pte, 1729 unsigned int tmp) 1730 { 1731 uasm_i_mfc0(p, tmp, C0_INDEX); 1732 uasm_i_mtc0(p, pte, C0_ENTRYLO0); /* cp0 delay */ 1733 uasm_il_bltz(p, r, tmp, label_r3000_write_probe_fail); /* cp0 delay */ 1734 uasm_i_mfc0(p, tmp, C0_EPC); /* branch delay */ 1735 uasm_i_tlbwi(p); /* cp0 delay */ 1736 uasm_i_jr(p, tmp); 1737 uasm_i_rfe(p); /* branch delay */ 1738 uasm_l_r3000_write_probe_fail(l, *p); 1739 uasm_i_tlbwr(p); /* cp0 delay */ 1740 uasm_i_jr(p, tmp); 1741 uasm_i_rfe(p); /* branch delay */ 1742 } 1743 1744 static void __cpuinit 1745 build_r3000_tlbchange_handler_head(u32 **p, unsigned int pte, 1746 unsigned int ptr) 1747 { 1748 long pgdc = (long)pgd_current; 1749 1750 uasm_i_mfc0(p, pte, C0_BADVADDR); 1751 uasm_i_lui(p, ptr, uasm_rel_hi(pgdc)); /* cp0 delay */ 1752 uasm_i_lw(p, ptr, uasm_rel_lo(pgdc), ptr); 1753 uasm_i_srl(p, pte, pte, 22); /* load delay */ 1754 uasm_i_sll(p, pte, pte, 2); 1755 uasm_i_addu(p, ptr, ptr, pte); 1756 uasm_i_mfc0(p, pte, C0_CONTEXT); 1757 uasm_i_lw(p, ptr, 0, ptr); /* cp0 delay */ 1758 uasm_i_andi(p, pte, pte, 0xffc); /* load delay */ 1759 uasm_i_addu(p, ptr, ptr, pte); 1760 uasm_i_lw(p, pte, 0, ptr); 1761 uasm_i_tlbp(p); /* load delay */ 1762 } 1763 1764 static void __cpuinit build_r3000_tlb_load_handler(void) 1765 { 1766 u32 *p = handle_tlbl; 1767 struct uasm_label *l = labels; 1768 struct uasm_reloc *r = relocs; 1769 1770 memset(handle_tlbl, 0, sizeof(handle_tlbl)); 1771 memset(labels, 0, sizeof(labels)); 1772 memset(relocs, 0, sizeof(relocs)); 1773 1774 build_r3000_tlbchange_handler_head(&p, K0, K1); 1775 build_pte_present(&p, &r, K0, K1, -1, label_nopage_tlbl); 1776 uasm_i_nop(&p); /* load delay */ 1777 build_make_valid(&p, &r, K0, K1); 1778 build_r3000_tlb_reload_write(&p, &l, &r, K0, K1); 1779 1780 uasm_l_nopage_tlbl(&l, p); 1781 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_0 & 0x0fffffff); 1782 uasm_i_nop(&p); 1783 1784 if ((p - handle_tlbl) > FASTPATH_SIZE) 1785 panic("TLB load handler fastpath space exceeded"); 1786 1787 uasm_resolve_relocs(relocs, labels); 1788 pr_debug("Wrote TLB load handler fastpath (%u instructions).\n", 1789 (unsigned int)(p - handle_tlbl)); 1790 1791 dump_handler("r3000_tlb_load", handle_tlbl, ARRAY_SIZE(handle_tlbl)); 1792 } 1793 1794 static void __cpuinit build_r3000_tlb_store_handler(void) 1795 { 1796 u32 *p = handle_tlbs; 1797 struct uasm_label *l = labels; 1798 struct uasm_reloc *r = relocs; 1799 1800 memset(handle_tlbs, 0, sizeof(handle_tlbs)); 1801 memset(labels, 0, sizeof(labels)); 1802 memset(relocs, 0, sizeof(relocs)); 1803 1804 build_r3000_tlbchange_handler_head(&p, K0, K1); 1805 build_pte_writable(&p, &r, K0, K1, -1, label_nopage_tlbs); 1806 uasm_i_nop(&p); /* load delay */ 1807 build_make_write(&p, &r, K0, K1); 1808 build_r3000_tlb_reload_write(&p, &l, &r, K0, K1); 1809 1810 uasm_l_nopage_tlbs(&l, p); 1811 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff); 1812 uasm_i_nop(&p); 1813 1814 if ((p - handle_tlbs) > FASTPATH_SIZE) 1815 panic("TLB store handler fastpath space exceeded"); 1816 1817 uasm_resolve_relocs(relocs, labels); 1818 pr_debug("Wrote TLB store handler fastpath (%u instructions).\n", 1819 (unsigned int)(p - handle_tlbs)); 1820 1821 dump_handler("r3000_tlb_store", handle_tlbs, ARRAY_SIZE(handle_tlbs)); 1822 } 1823 1824 static void __cpuinit build_r3000_tlb_modify_handler(void) 1825 { 1826 u32 *p = handle_tlbm; 1827 struct uasm_label *l = labels; 1828 struct uasm_reloc *r = relocs; 1829 1830 memset(handle_tlbm, 0, sizeof(handle_tlbm)); 1831 memset(labels, 0, sizeof(labels)); 1832 memset(relocs, 0, sizeof(relocs)); 1833 1834 build_r3000_tlbchange_handler_head(&p, K0, K1); 1835 build_pte_modifiable(&p, &r, K0, K1, -1, label_nopage_tlbm); 1836 uasm_i_nop(&p); /* load delay */ 1837 build_make_write(&p, &r, K0, K1); 1838 build_r3000_pte_reload_tlbwi(&p, K0, K1); 1839 1840 uasm_l_nopage_tlbm(&l, p); 1841 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff); 1842 uasm_i_nop(&p); 1843 1844 if ((p - handle_tlbm) > FASTPATH_SIZE) 1845 panic("TLB modify handler fastpath space exceeded"); 1846 1847 uasm_resolve_relocs(relocs, labels); 1848 pr_debug("Wrote TLB modify handler fastpath (%u instructions).\n", 1849 (unsigned int)(p - handle_tlbm)); 1850 1851 dump_handler("r3000_tlb_modify", handle_tlbm, ARRAY_SIZE(handle_tlbm)); 1852 } 1853 #endif /* CONFIG_MIPS_PGD_C0_CONTEXT */ 1854 1855 /* 1856 * R4000 style TLB load/store/modify handlers. 1857 */ 1858 static struct work_registers __cpuinit 1859 build_r4000_tlbchange_handler_head(u32 **p, struct uasm_label **l, 1860 struct uasm_reloc **r) 1861 { 1862 struct work_registers wr = build_get_work_registers(p); 1863 1864 #ifdef CONFIG_64BIT 1865 build_get_pmde64(p, l, r, wr.r1, wr.r2); /* get pmd in ptr */ 1866 #else 1867 build_get_pgde32(p, wr.r1, wr.r2); /* get pgd in ptr */ 1868 #endif 1869 1870 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1871 /* 1872 * For huge tlb entries, pmd doesn't contain an address but 1873 * instead contains the tlb pte. Check the PAGE_HUGE bit and 1874 * see if we need to jump to huge tlb processing. 1875 */ 1876 build_is_huge_pte(p, r, wr.r1, wr.r2, label_tlb_huge_update); 1877 #endif 1878 1879 UASM_i_MFC0(p, wr.r1, C0_BADVADDR); 1880 UASM_i_LW(p, wr.r2, 0, wr.r2); 1881 UASM_i_SRL(p, wr.r1, wr.r1, PAGE_SHIFT + PTE_ORDER - PTE_T_LOG2); 1882 uasm_i_andi(p, wr.r1, wr.r1, (PTRS_PER_PTE - 1) << PTE_T_LOG2); 1883 UASM_i_ADDU(p, wr.r2, wr.r2, wr.r1); 1884 1885 #ifdef CONFIG_SMP 1886 uasm_l_smp_pgtable_change(l, *p); 1887 #endif 1888 iPTE_LW(p, wr.r1, wr.r2); /* get even pte */ 1889 if (!m4kc_tlbp_war()) 1890 build_tlb_probe_entry(p); 1891 return wr; 1892 } 1893 1894 static void __cpuinit 1895 build_r4000_tlbchange_handler_tail(u32 **p, struct uasm_label **l, 1896 struct uasm_reloc **r, unsigned int tmp, 1897 unsigned int ptr) 1898 { 1899 uasm_i_ori(p, ptr, ptr, sizeof(pte_t)); 1900 uasm_i_xori(p, ptr, ptr, sizeof(pte_t)); 1901 build_update_entries(p, tmp, ptr); 1902 build_tlb_write_entry(p, l, r, tlb_indexed); 1903 uasm_l_leave(l, *p); 1904 build_restore_work_registers(p); 1905 uasm_i_eret(p); /* return from trap */ 1906 1907 #ifdef CONFIG_64BIT 1908 build_get_pgd_vmalloc64(p, l, r, tmp, ptr, not_refill); 1909 #endif 1910 } 1911 1912 static void __cpuinit build_r4000_tlb_load_handler(void) 1913 { 1914 u32 *p = handle_tlbl; 1915 struct uasm_label *l = labels; 1916 struct uasm_reloc *r = relocs; 1917 struct work_registers wr; 1918 1919 memset(handle_tlbl, 0, sizeof(handle_tlbl)); 1920 memset(labels, 0, sizeof(labels)); 1921 memset(relocs, 0, sizeof(relocs)); 1922 1923 if (bcm1250_m3_war()) { 1924 unsigned int segbits = 44; 1925 1926 uasm_i_dmfc0(&p, K0, C0_BADVADDR); 1927 uasm_i_dmfc0(&p, K1, C0_ENTRYHI); 1928 uasm_i_xor(&p, K0, K0, K1); 1929 uasm_i_dsrl_safe(&p, K1, K0, 62); 1930 uasm_i_dsrl_safe(&p, K0, K0, 12 + 1); 1931 uasm_i_dsll_safe(&p, K0, K0, 64 + 12 + 1 - segbits); 1932 uasm_i_or(&p, K0, K0, K1); 1933 uasm_il_bnez(&p, &r, K0, label_leave); 1934 /* No need for uasm_i_nop */ 1935 } 1936 1937 wr = build_r4000_tlbchange_handler_head(&p, &l, &r); 1938 build_pte_present(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbl); 1939 if (m4kc_tlbp_war()) 1940 build_tlb_probe_entry(&p); 1941 1942 if (cpu_has_rixi) { 1943 /* 1944 * If the page is not _PAGE_VALID, RI or XI could not 1945 * have triggered it. Skip the expensive test.. 1946 */ 1947 if (use_bbit_insns()) { 1948 uasm_il_bbit0(&p, &r, wr.r1, ilog2(_PAGE_VALID), 1949 label_tlbl_goaround1); 1950 } else { 1951 uasm_i_andi(&p, wr.r3, wr.r1, _PAGE_VALID); 1952 uasm_il_beqz(&p, &r, wr.r3, label_tlbl_goaround1); 1953 } 1954 uasm_i_nop(&p); 1955 1956 uasm_i_tlbr(&p); 1957 /* Examine entrylo 0 or 1 based on ptr. */ 1958 if (use_bbit_insns()) { 1959 uasm_i_bbit0(&p, wr.r2, ilog2(sizeof(pte_t)), 8); 1960 } else { 1961 uasm_i_andi(&p, wr.r3, wr.r2, sizeof(pte_t)); 1962 uasm_i_beqz(&p, wr.r3, 8); 1963 } 1964 /* load it in the delay slot*/ 1965 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO0); 1966 /* load it if ptr is odd */ 1967 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO1); 1968 /* 1969 * If the entryLo (now in wr.r3) is valid (bit 1), RI or 1970 * XI must have triggered it. 1971 */ 1972 if (use_bbit_insns()) { 1973 uasm_il_bbit1(&p, &r, wr.r3, 1, label_nopage_tlbl); 1974 uasm_i_nop(&p); 1975 uasm_l_tlbl_goaround1(&l, p); 1976 } else { 1977 uasm_i_andi(&p, wr.r3, wr.r3, 2); 1978 uasm_il_bnez(&p, &r, wr.r3, label_nopage_tlbl); 1979 uasm_i_nop(&p); 1980 } 1981 uasm_l_tlbl_goaround1(&l, p); 1982 } 1983 build_make_valid(&p, &r, wr.r1, wr.r2); 1984 build_r4000_tlbchange_handler_tail(&p, &l, &r, wr.r1, wr.r2); 1985 1986 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 1987 /* 1988 * This is the entry point when build_r4000_tlbchange_handler_head 1989 * spots a huge page. 1990 */ 1991 uasm_l_tlb_huge_update(&l, p); 1992 iPTE_LW(&p, wr.r1, wr.r2); 1993 build_pte_present(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbl); 1994 build_tlb_probe_entry(&p); 1995 1996 if (cpu_has_rixi) { 1997 /* 1998 * If the page is not _PAGE_VALID, RI or XI could not 1999 * have triggered it. Skip the expensive test.. 2000 */ 2001 if (use_bbit_insns()) { 2002 uasm_il_bbit0(&p, &r, wr.r1, ilog2(_PAGE_VALID), 2003 label_tlbl_goaround2); 2004 } else { 2005 uasm_i_andi(&p, wr.r3, wr.r1, _PAGE_VALID); 2006 uasm_il_beqz(&p, &r, wr.r3, label_tlbl_goaround2); 2007 } 2008 uasm_i_nop(&p); 2009 2010 uasm_i_tlbr(&p); 2011 /* Examine entrylo 0 or 1 based on ptr. */ 2012 if (use_bbit_insns()) { 2013 uasm_i_bbit0(&p, wr.r2, ilog2(sizeof(pte_t)), 8); 2014 } else { 2015 uasm_i_andi(&p, wr.r3, wr.r2, sizeof(pte_t)); 2016 uasm_i_beqz(&p, wr.r3, 8); 2017 } 2018 /* load it in the delay slot*/ 2019 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO0); 2020 /* load it if ptr is odd */ 2021 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO1); 2022 /* 2023 * If the entryLo (now in wr.r3) is valid (bit 1), RI or 2024 * XI must have triggered it. 2025 */ 2026 if (use_bbit_insns()) { 2027 uasm_il_bbit0(&p, &r, wr.r3, 1, label_tlbl_goaround2); 2028 } else { 2029 uasm_i_andi(&p, wr.r3, wr.r3, 2); 2030 uasm_il_beqz(&p, &r, wr.r3, label_tlbl_goaround2); 2031 } 2032 if (PM_DEFAULT_MASK == 0) 2033 uasm_i_nop(&p); 2034 /* 2035 * We clobbered C0_PAGEMASK, restore it. On the other branch 2036 * it is restored in build_huge_tlb_write_entry. 2037 */ 2038 build_restore_pagemask(&p, &r, wr.r3, label_nopage_tlbl, 0); 2039 2040 uasm_l_tlbl_goaround2(&l, p); 2041 } 2042 uasm_i_ori(&p, wr.r1, wr.r1, (_PAGE_ACCESSED | _PAGE_VALID)); 2043 build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2); 2044 #endif 2045 2046 uasm_l_nopage_tlbl(&l, p); 2047 build_restore_work_registers(&p); 2048 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_0 & 0x0fffffff); 2049 uasm_i_nop(&p); 2050 2051 if ((p - handle_tlbl) > FASTPATH_SIZE) 2052 panic("TLB load handler fastpath space exceeded"); 2053 2054 uasm_resolve_relocs(relocs, labels); 2055 pr_debug("Wrote TLB load handler fastpath (%u instructions).\n", 2056 (unsigned int)(p - handle_tlbl)); 2057 2058 dump_handler("r4000_tlb_load", handle_tlbl, ARRAY_SIZE(handle_tlbl)); 2059 } 2060 2061 static void __cpuinit build_r4000_tlb_store_handler(void) 2062 { 2063 u32 *p = handle_tlbs; 2064 struct uasm_label *l = labels; 2065 struct uasm_reloc *r = relocs; 2066 struct work_registers wr; 2067 2068 memset(handle_tlbs, 0, sizeof(handle_tlbs)); 2069 memset(labels, 0, sizeof(labels)); 2070 memset(relocs, 0, sizeof(relocs)); 2071 2072 wr = build_r4000_tlbchange_handler_head(&p, &l, &r); 2073 build_pte_writable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbs); 2074 if (m4kc_tlbp_war()) 2075 build_tlb_probe_entry(&p); 2076 build_make_write(&p, &r, wr.r1, wr.r2); 2077 build_r4000_tlbchange_handler_tail(&p, &l, &r, wr.r1, wr.r2); 2078 2079 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 2080 /* 2081 * This is the entry point when 2082 * build_r4000_tlbchange_handler_head spots a huge page. 2083 */ 2084 uasm_l_tlb_huge_update(&l, p); 2085 iPTE_LW(&p, wr.r1, wr.r2); 2086 build_pte_writable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbs); 2087 build_tlb_probe_entry(&p); 2088 uasm_i_ori(&p, wr.r1, wr.r1, 2089 _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY); 2090 build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2); 2091 #endif 2092 2093 uasm_l_nopage_tlbs(&l, p); 2094 build_restore_work_registers(&p); 2095 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff); 2096 uasm_i_nop(&p); 2097 2098 if ((p - handle_tlbs) > FASTPATH_SIZE) 2099 panic("TLB store handler fastpath space exceeded"); 2100 2101 uasm_resolve_relocs(relocs, labels); 2102 pr_debug("Wrote TLB store handler fastpath (%u instructions).\n", 2103 (unsigned int)(p - handle_tlbs)); 2104 2105 dump_handler("r4000_tlb_store", handle_tlbs, ARRAY_SIZE(handle_tlbs)); 2106 } 2107 2108 static void __cpuinit build_r4000_tlb_modify_handler(void) 2109 { 2110 u32 *p = handle_tlbm; 2111 struct uasm_label *l = labels; 2112 struct uasm_reloc *r = relocs; 2113 struct work_registers wr; 2114 2115 memset(handle_tlbm, 0, sizeof(handle_tlbm)); 2116 memset(labels, 0, sizeof(labels)); 2117 memset(relocs, 0, sizeof(relocs)); 2118 2119 wr = build_r4000_tlbchange_handler_head(&p, &l, &r); 2120 build_pte_modifiable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbm); 2121 if (m4kc_tlbp_war()) 2122 build_tlb_probe_entry(&p); 2123 /* Present and writable bits set, set accessed and dirty bits. */ 2124 build_make_write(&p, &r, wr.r1, wr.r2); 2125 build_r4000_tlbchange_handler_tail(&p, &l, &r, wr.r1, wr.r2); 2126 2127 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT 2128 /* 2129 * This is the entry point when 2130 * build_r4000_tlbchange_handler_head spots a huge page. 2131 */ 2132 uasm_l_tlb_huge_update(&l, p); 2133 iPTE_LW(&p, wr.r1, wr.r2); 2134 build_pte_modifiable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbm); 2135 build_tlb_probe_entry(&p); 2136 uasm_i_ori(&p, wr.r1, wr.r1, 2137 _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY); 2138 build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2); 2139 #endif 2140 2141 uasm_l_nopage_tlbm(&l, p); 2142 build_restore_work_registers(&p); 2143 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff); 2144 uasm_i_nop(&p); 2145 2146 if ((p - handle_tlbm) > FASTPATH_SIZE) 2147 panic("TLB modify handler fastpath space exceeded"); 2148 2149 uasm_resolve_relocs(relocs, labels); 2150 pr_debug("Wrote TLB modify handler fastpath (%u instructions).\n", 2151 (unsigned int)(p - handle_tlbm)); 2152 2153 dump_handler("r4000_tlb_modify", handle_tlbm, ARRAY_SIZE(handle_tlbm)); 2154 } 2155 2156 void __cpuinit build_tlb_refill_handler(void) 2157 { 2158 /* 2159 * The refill handler is generated per-CPU, multi-node systems 2160 * may have local storage for it. The other handlers are only 2161 * needed once. 2162 */ 2163 static int run_once = 0; 2164 2165 output_pgtable_bits_defines(); 2166 2167 #ifdef CONFIG_64BIT 2168 check_for_high_segbits = current_cpu_data.vmbits > (PGDIR_SHIFT + PGD_ORDER + PAGE_SHIFT - 3); 2169 #endif 2170 2171 switch (current_cpu_type()) { 2172 case CPU_R2000: 2173 case CPU_R3000: 2174 case CPU_R3000A: 2175 case CPU_R3081E: 2176 case CPU_TX3912: 2177 case CPU_TX3922: 2178 case CPU_TX3927: 2179 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT 2180 build_r3000_tlb_refill_handler(); 2181 if (!run_once) { 2182 build_r3000_tlb_load_handler(); 2183 build_r3000_tlb_store_handler(); 2184 build_r3000_tlb_modify_handler(); 2185 run_once++; 2186 } 2187 #else 2188 panic("No R3000 TLB refill handler"); 2189 #endif 2190 break; 2191 2192 case CPU_R6000: 2193 case CPU_R6000A: 2194 panic("No R6000 TLB refill handler yet"); 2195 break; 2196 2197 case CPU_R8000: 2198 panic("No R8000 TLB refill handler yet"); 2199 break; 2200 2201 default: 2202 if (!run_once) { 2203 scratch_reg = allocate_kscratch(); 2204 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 2205 build_r4000_setup_pgd(); 2206 #endif 2207 build_r4000_tlb_load_handler(); 2208 build_r4000_tlb_store_handler(); 2209 build_r4000_tlb_modify_handler(); 2210 run_once++; 2211 } 2212 build_r4000_tlb_refill_handler(); 2213 } 2214 } 2215 2216 void __cpuinit flush_tlb_handlers(void) 2217 { 2218 local_flush_icache_range((unsigned long)handle_tlbl, 2219 (unsigned long)handle_tlbl + sizeof(handle_tlbl)); 2220 local_flush_icache_range((unsigned long)handle_tlbs, 2221 (unsigned long)handle_tlbs + sizeof(handle_tlbs)); 2222 local_flush_icache_range((unsigned long)handle_tlbm, 2223 (unsigned long)handle_tlbm + sizeof(handle_tlbm)); 2224 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT 2225 local_flush_icache_range((unsigned long)tlbmiss_handler_setup_pgd, 2226 (unsigned long)tlbmiss_handler_setup_pgd + sizeof(handle_tlbm)); 2227 #endif 2228 } 2229