search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MIPS: eBPF: Fix icache flush end address
[linux/fpc-iii.git] / arch / mips / mm / tlbex.c
blob06771429164317c3e8bfe5da8e02e33445fb0b14
1 /*
2 * This file is subject to the terms and conditions of the GNU General Public
3 * License. See the file "COPYING" in the main directory of this archive
4 * for more details.
5 *
6 * Synthesize TLB refill handlers at runtime.
7 *
8 * Copyright (C) 2004, 2005, 2006, 2008 Thiemo Seufer
9 * Copyright (C) 2005, 2007, 2008, 2009 Maciej W. Rozycki
10 * Copyright (C) 2006 Ralf Baechle (ralf@linux-mips.org)
11 * Copyright (C) 2008, 2009 Cavium Networks, Inc.
12 * Copyright (C) 2011 MIPS Technologies, Inc.
13 *
14 * ... and the days got worse and worse and now you see
15 * I've gone completely out of my mind.
16 *
17 * They're coming to take me a away haha
18 * they're coming to take me a away hoho hihi haha
19 * to the funny farm where code is beautiful all the time ...
20 *
21 * (Condolences to Napoleon XIV)
22 */
23
24 #include <linux/bug.h>
25 #include <linux/export.h>
26 #include <linux/kernel.h>
27 #include <linux/types.h>
28 #include <linux/smp.h>
29 #include <linux/string.h>
30 #include <linux/cache.h>
31
32 #include <asm/cacheflush.h>
33 #include <asm/cpu-type.h>
34 #include <asm/mmu_context.h>
35 #include <asm/pgtable.h>
36 #include <asm/war.h>
37 #include <asm/uasm.h>
38 #include <asm/setup.h>
39 #include <asm/tlbex.h>
40
41 static int mips_xpa_disabled;
42
43 static int __init xpa_disable(char *s)
44 {
45 mips_xpa_disabled = 1;
46
47 return 1;
48 }
49
50 __setup("noxpa", xpa_disable);
51
52 /*
53 * TLB load/store/modify handlers.
54 *
55 * Only the fastpath gets synthesized at runtime, the slowpath for
56 * do_page_fault remains normal asm.
57 */
58 extern void tlb_do_page_fault_0(void);
59 extern void tlb_do_page_fault_1(void);
60
61 struct work_registers {
62 int r1;
63 int r2;
64 int r3;
65 };
66
67 struct tlb_reg_save {
68 unsigned long a;
69 unsigned long b;
70 } ____cacheline_aligned_in_smp;
71
72 static struct tlb_reg_save handler_reg_save[NR_CPUS];
73
74 static inline int r45k_bvahwbug(void)
75 {
76 /* XXX: We should probe for the presence of this bug, but we don't. */
77 return 0;
78 }
79
80 static inline int r4k_250MHZhwbug(void)
81 {
82 /* XXX: We should probe for the presence of this bug, but we don't. */
83 return 0;
84 }
85
86 static inline int __maybe_unused bcm1250_m3_war(void)
87 {
88 return BCM1250_M3_WAR;
89 }
90
91 static inline int __maybe_unused r10000_llsc_war(void)
92 {
93 return R10000_LLSC_WAR;
94 }
95
96 static int use_bbit_insns(void)
97 {
98 switch (current_cpu_type()) {
99 case CPU_CAVIUM_OCTEON:
100 case CPU_CAVIUM_OCTEON_PLUS:
101 case CPU_CAVIUM_OCTEON2:
102 case CPU_CAVIUM_OCTEON3:
103 return 1;
104 default:
105 return 0;
106 }
107 }
108
109 static int use_lwx_insns(void)
110 {
111 switch (current_cpu_type()) {
112 case CPU_CAVIUM_OCTEON2:
113 case CPU_CAVIUM_OCTEON3:
114 return 1;
115 default:
116 return 0;
117 }
118 }
119 #if defined(CONFIG_CAVIUM_OCTEON_CVMSEG_SIZE) && \
120 CONFIG_CAVIUM_OCTEON_CVMSEG_SIZE > 0
121 static bool scratchpad_available(void)
122 {
123 return true;
124 }
125 static int scratchpad_offset(int i)
126 {
127 /*
128 * CVMSEG starts at address -32768 and extends for
129 * CAVIUM_OCTEON_CVMSEG_SIZE 128 byte cache lines.
130 */
131 i += 1; /* Kernel use starts at the top and works down. */
132 return CONFIG_CAVIUM_OCTEON_CVMSEG_SIZE * 128 - (8 * i) - 32768;
133 }
134 #else
135 static bool scratchpad_available(void)
136 {
137 return false;
138 }
139 static int scratchpad_offset(int i)
140 {
141 BUG();
142 /* Really unreachable, but evidently some GCC want this. */
143 return 0;
144 }
145 #endif
146 /*
147 * Found by experiment: At least some revisions of the 4kc throw under
148 * some circumstances a machine check exception, triggered by invalid
149 * values in the index register. Delaying the tlbp instruction until
150 * after the next branch, plus adding an additional nop in front of
151 * tlbwi/tlbwr avoids the invalid index register values. Nobody knows
152 * why; it's not an issue caused by the core RTL.
153 *
154 */
155 static int m4kc_tlbp_war(void)
156 {
157 return current_cpu_type() == CPU_4KC;
158 }
159
160 /* Handle labels (which must be positive integers). */
161 enum label_id {
162 label_second_part = 1,
163 label_leave,
164 label_vmalloc,
165 label_vmalloc_done,
166 label_tlbw_hazard_0,
167 label_split = label_tlbw_hazard_0 + 8,
168 label_tlbl_goaround1,
169 label_tlbl_goaround2,
170 label_nopage_tlbl,
171 label_nopage_tlbs,
172 label_nopage_tlbm,
173 label_smp_pgtable_change,
174 label_r3000_write_probe_fail,
175 label_large_segbits_fault,
176 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
177 label_tlb_huge_update,
178 #endif
179 };
180
181 UASM_L_LA(_second_part)
182 UASM_L_LA(_leave)
183 UASM_L_LA(_vmalloc)
184 UASM_L_LA(_vmalloc_done)
185 /* _tlbw_hazard_x is handled differently. */
186 UASM_L_LA(_split)
187 UASM_L_LA(_tlbl_goaround1)
188 UASM_L_LA(_tlbl_goaround2)
189 UASM_L_LA(_nopage_tlbl)
190 UASM_L_LA(_nopage_tlbs)
191 UASM_L_LA(_nopage_tlbm)
192 UASM_L_LA(_smp_pgtable_change)
193 UASM_L_LA(_r3000_write_probe_fail)
194 UASM_L_LA(_large_segbits_fault)
195 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
196 UASM_L_LA(_tlb_huge_update)
197 #endif
198
199 static int hazard_instance;
200
201 static void uasm_bgezl_hazard(u32 **p, struct uasm_reloc **r, int instance)
202 {
203 switch (instance) {
204 case 0 ... 7:
205 uasm_il_bgezl(p, r, 0, label_tlbw_hazard_0 + instance);
206 return;
207 default:
208 BUG();
209 }
210 }
211
212 static void uasm_bgezl_label(struct uasm_label **l, u32 **p, int instance)
213 {
214 switch (instance) {
215 case 0 ... 7:
216 uasm_build_label(l, *p, label_tlbw_hazard_0 + instance);
217 break;
218 default:
219 BUG();
220 }
221 }
222
223 /*
224 * pgtable bits are assigned dynamically depending on processor feature
225 * and statically based on kernel configuration. This spits out the actual
226 * values the kernel is using. Required to make sense from disassembled
227 * TLB exception handlers.
228 */
229 static void output_pgtable_bits_defines(void)
230 {
231 #define pr_define(fmt, ...) \
232 pr_debug("#define " fmt, ##__VA_ARGS__)
233
234 pr_debug("#include <asm/asm.h>\n");
235 pr_debug("#include <asm/regdef.h>\n");
236 pr_debug("\n");
237
238 pr_define("_PAGE_PRESENT_SHIFT %d\n", _PAGE_PRESENT_SHIFT);
239 pr_define("_PAGE_NO_READ_SHIFT %d\n", _PAGE_NO_READ_SHIFT);
240 pr_define("_PAGE_WRITE_SHIFT %d\n", _PAGE_WRITE_SHIFT);
241 pr_define("_PAGE_ACCESSED_SHIFT %d\n", _PAGE_ACCESSED_SHIFT);
242 pr_define("_PAGE_MODIFIED_SHIFT %d\n", _PAGE_MODIFIED_SHIFT);
243 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
244 pr_define("_PAGE_HUGE_SHIFT %d\n", _PAGE_HUGE_SHIFT);
245 #endif
246 #ifdef _PAGE_NO_EXEC_SHIFT
247 if (cpu_has_rixi)
248 pr_define("_PAGE_NO_EXEC_SHIFT %d\n", _PAGE_NO_EXEC_SHIFT);
249 #endif
250 pr_define("_PAGE_GLOBAL_SHIFT %d\n", _PAGE_GLOBAL_SHIFT);
251 pr_define("_PAGE_VALID_SHIFT %d\n", _PAGE_VALID_SHIFT);
252 pr_define("_PAGE_DIRTY_SHIFT %d\n", _PAGE_DIRTY_SHIFT);
253 pr_define("_PFN_SHIFT %d\n", _PFN_SHIFT);
254 pr_debug("\n");
255 }
256
257 static inline void dump_handler(const char *symbol, const void *start, const void *end)
258 {
259 unsigned int count = (end - start) / sizeof(u32);
260 const u32 *handler = start;
261 int i;
262
263 pr_debug("LEAF(%s)\n", symbol);
264
265 pr_debug("\t.set push\n");
266 pr_debug("\t.set noreorder\n");
267
268 for (i = 0; i < count; i++)
269 pr_debug("\t.word\t0x%08x\t\t# %p\n", handler[i], &handler[i]);
270
271 pr_debug("\t.set\tpop\n");
272
273 pr_debug("\tEND(%s)\n", symbol);
274 }
275
276 /* The only general purpose registers allowed in TLB handlers. */
277 #define K0 26
278 #define K1 27
279
280 /* Some CP0 registers */
281 #define C0_INDEX 0, 0
282 #define C0_ENTRYLO0 2, 0
283 #define C0_TCBIND 2, 2
284 #define C0_ENTRYLO1 3, 0
285 #define C0_CONTEXT 4, 0
286 #define C0_PAGEMASK 5, 0
287 #define C0_PWBASE 5, 5
288 #define C0_PWFIELD 5, 6
289 #define C0_PWSIZE 5, 7
290 #define C0_PWCTL 6, 6
291 #define C0_BADVADDR 8, 0
292 #define C0_PGD 9, 7
293 #define C0_ENTRYHI 10, 0
294 #define C0_EPC 14, 0
295 #define C0_XCONTEXT 20, 0
296
297 #ifdef CONFIG_64BIT
298 # define GET_CONTEXT(buf, reg) UASM_i_MFC0(buf, reg, C0_XCONTEXT)
299 #else
300 # define GET_CONTEXT(buf, reg) UASM_i_MFC0(buf, reg, C0_CONTEXT)
301 #endif
302
303 /* The worst case length of the handler is around 18 instructions for
304 * R3000-style TLBs and up to 63 instructions for R4000-style TLBs.
305 * Maximum space available is 32 instructions for R3000 and 64
306 * instructions for R4000.
307 *
308 * We deliberately chose a buffer size of 128, so we won't scribble
309 * over anything important on overflow before we panic.
310 */
311 static u32 tlb_handler[128];
312
313 /* simply assume worst case size for labels and relocs */
314 static struct uasm_label labels[128];
315 static struct uasm_reloc relocs[128];
316
317 static int check_for_high_segbits;
318 static bool fill_includes_sw_bits;
319
320 static unsigned int kscratch_used_mask;
321
322 static inline int __maybe_unused c0_kscratch(void)
323 {
324 switch (current_cpu_type()) {
325 case CPU_XLP:
326 case CPU_XLR:
327 return 22;
328 default:
329 return 31;
330 }
331 }
332
333 static int allocate_kscratch(void)
334 {
335 int r;
336 unsigned int a = cpu_data[0].kscratch_mask & ~kscratch_used_mask;
337
338 r = ffs(a);
339
340 if (r == 0)
341 return -1;
342
343 r--; /* make it zero based */
344
345 kscratch_used_mask |= (1 << r);
346
347 return r;
348 }
349
350 static int scratch_reg;
351 int pgd_reg;
352 EXPORT_SYMBOL_GPL(pgd_reg);
353 enum vmalloc64_mode {not_refill, refill_scratch, refill_noscratch};
354
355 static struct work_registers build_get_work_registers(u32 **p)
356 {
357 struct work_registers r;
358
359 if (scratch_reg >= 0) {
360 /* Save in CPU local C0_KScratch? */
361 UASM_i_MTC0(p, 1, c0_kscratch(), scratch_reg);
362 r.r1 = K0;
363 r.r2 = K1;
364 r.r3 = 1;
365 return r;
366 }
367
368 if (num_possible_cpus() > 1) {
369 /* Get smp_processor_id */
370 UASM_i_CPUID_MFC0(p, K0, SMP_CPUID_REG);
371 UASM_i_SRL_SAFE(p, K0, K0, SMP_CPUID_REGSHIFT);
372
373 /* handler_reg_save index in K0 */
374 UASM_i_SLL(p, K0, K0, ilog2(sizeof(struct tlb_reg_save)));
375
376 UASM_i_LA(p, K1, (long)&handler_reg_save);
377 UASM_i_ADDU(p, K0, K0, K1);
378 } else {
379 UASM_i_LA(p, K0, (long)&handler_reg_save);
380 }
381 /* K0 now points to save area, save $1 and $2 */
382 UASM_i_SW(p, 1, offsetof(struct tlb_reg_save, a), K0);
383 UASM_i_SW(p, 2, offsetof(struct tlb_reg_save, b), K0);
384
385 r.r1 = K1;
386 r.r2 = 1;
387 r.r3 = 2;
388 return r;
389 }
390
391 static void build_restore_work_registers(u32 **p)
392 {
393 if (scratch_reg >= 0) {
394 UASM_i_MFC0(p, 1, c0_kscratch(), scratch_reg);
395 return;
396 }
397 /* K0 already points to save area, restore $1 and $2 */
398 UASM_i_LW(p, 1, offsetof(struct tlb_reg_save, a), K0);
399 UASM_i_LW(p, 2, offsetof(struct tlb_reg_save, b), K0);
400 }
401
402 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT
403
404 /*
405 * CONFIG_MIPS_PGD_C0_CONTEXT implies 64 bit and lack of pgd_current,
406 * we cannot do r3000 under these circumstances.
407 *
408 * The R3000 TLB handler is simple.
409 */
410 static void build_r3000_tlb_refill_handler(void)
411 {
412 long pgdc = (long)pgd_current;
413 u32 *p;
414
415 memset(tlb_handler, 0, sizeof(tlb_handler));
416 p = tlb_handler;
417
418 uasm_i_mfc0(&p, K0, C0_BADVADDR);
419 uasm_i_lui(&p, K1, uasm_rel_hi(pgdc)); /* cp0 delay */
420 uasm_i_lw(&p, K1, uasm_rel_lo(pgdc), K1);
421 uasm_i_srl(&p, K0, K0, 22); /* load delay */
422 uasm_i_sll(&p, K0, K0, 2);
423 uasm_i_addu(&p, K1, K1, K0);
424 uasm_i_mfc0(&p, K0, C0_CONTEXT);
425 uasm_i_lw(&p, K1, 0, K1); /* cp0 delay */
426 uasm_i_andi(&p, K0, K0, 0xffc); /* load delay */
427 uasm_i_addu(&p, K1, K1, K0);
428 uasm_i_lw(&p, K0, 0, K1);
429 uasm_i_nop(&p); /* load delay */
430 uasm_i_mtc0(&p, K0, C0_ENTRYLO0);
431 uasm_i_mfc0(&p, K1, C0_EPC); /* cp0 delay */
432 uasm_i_tlbwr(&p); /* cp0 delay */
433 uasm_i_jr(&p, K1);
434 uasm_i_rfe(&p); /* branch delay */
435
436 if (p > tlb_handler + 32)
437 panic("TLB refill handler space exceeded");
438
439 pr_debug("Wrote TLB refill handler (%u instructions).\n",
440 (unsigned int)(p - tlb_handler));
441
442 memcpy((void *)ebase, tlb_handler, 0x80);
443 local_flush_icache_range(ebase, ebase + 0x80);
444 dump_handler("r3000_tlb_refill", (u32 *)ebase, (u32 *)(ebase + 0x80));
445 }
446 #endif /* CONFIG_MIPS_PGD_C0_CONTEXT */
447
448 /*
449 * The R4000 TLB handler is much more complicated. We have two
450 * consecutive handler areas with 32 instructions space each.
451 * Since they aren't used at the same time, we can overflow in the
452 * other one.To keep things simple, we first assume linear space,
453 * then we relocate it to the final handler layout as needed.
454 */
455 static u32 final_handler[64];
456
457 /*
458 * Hazards
459 *
460 * From the IDT errata for the QED RM5230 (Nevada), processor revision 1.0:
461 * 2. A timing hazard exists for the TLBP instruction.
462 *
463 * stalling_instruction
464 * TLBP
465 *
466 * The JTLB is being read for the TLBP throughout the stall generated by the
467 * previous instruction. This is not really correct as the stalling instruction
468 * can modify the address used to access the JTLB. The failure symptom is that
469 * the TLBP instruction will use an address created for the stalling instruction
470 * and not the address held in C0_ENHI and thus report the wrong results.
471 *
472 * The software work-around is to not allow the instruction preceding the TLBP
473 * to stall - make it an NOP or some other instruction guaranteed not to stall.
474 *
475 * Errata 2 will not be fixed. This errata is also on the R5000.
476 *
477 * As if we MIPS hackers wouldn't know how to nop pipelines happy ...
478 */
479 static void __maybe_unused build_tlb_probe_entry(u32 **p)
480 {
481 switch (current_cpu_type()) {
482 /* Found by experiment: R4600 v2.0/R4700 needs this, too. */
483 case CPU_R4600:
484 case CPU_R4700:
485 case CPU_R5000:
486 case CPU_NEVADA:
487 uasm_i_nop(p);
488 uasm_i_tlbp(p);
489 break;
490
491 default:
492 uasm_i_tlbp(p);
493 break;
494 }
495 }
496
497 void build_tlb_write_entry(u32 **p, struct uasm_label **l,
498 struct uasm_reloc **r,
499 enum tlb_write_entry wmode)
500 {
501 void(*tlbw)(u32 **) = NULL;
502
503 switch (wmode) {
504 case tlb_random: tlbw = uasm_i_tlbwr; break;
505 case tlb_indexed: tlbw = uasm_i_tlbwi; break;
506 }
507
508 if (cpu_has_mips_r2_r6) {
509 if (cpu_has_mips_r2_exec_hazard)
510 uasm_i_ehb(p);
511 tlbw(p);
512 return;
513 }
514
515 switch (current_cpu_type()) {
516 case CPU_R4000PC:
517 case CPU_R4000SC:
518 case CPU_R4000MC:
519 case CPU_R4400PC:
520 case CPU_R4400SC:
521 case CPU_R4400MC:
522 /*
523 * This branch uses up a mtc0 hazard nop slot and saves
524 * two nops after the tlbw instruction.
525 */
526 uasm_bgezl_hazard(p, r, hazard_instance);
527 tlbw(p);
528 uasm_bgezl_label(l, p, hazard_instance);
529 hazard_instance++;
530 uasm_i_nop(p);
531 break;
532
533 case CPU_R4600:
534 case CPU_R4700:
535 uasm_i_nop(p);
536 tlbw(p);
537 uasm_i_nop(p);
538 break;
539
540 case CPU_R5000:
541 case CPU_NEVADA:
542 uasm_i_nop(p); /* QED specifies 2 nops hazard */
543 uasm_i_nop(p); /* QED specifies 2 nops hazard */
544 tlbw(p);
545 break;
546
547 case CPU_R4300:
548 case CPU_5KC:
549 case CPU_TX49XX:
550 case CPU_PR4450:
551 case CPU_XLR:
552 uasm_i_nop(p);
553 tlbw(p);
554 break;
555
556 case CPU_R10000:
557 case CPU_R12000:
558 case CPU_R14000:
559 case CPU_R16000:
560 case CPU_4KC:
561 case CPU_4KEC:
562 case CPU_M14KC:
563 case CPU_M14KEC:
564 case CPU_SB1:
565 case CPU_SB1A:
566 case CPU_4KSC:
567 case CPU_20KC:
568 case CPU_25KF:
569 case CPU_BMIPS32:
570 case CPU_BMIPS3300:
571 case CPU_BMIPS4350:
572 case CPU_BMIPS4380:
573 case CPU_BMIPS5000:
574 case CPU_LOONGSON2:
575 case CPU_LOONGSON3:
576 case CPU_R5500:
577 if (m4kc_tlbp_war())
578 uasm_i_nop(p);
579 case CPU_ALCHEMY:
580 tlbw(p);
581 break;
582
583 case CPU_RM7000:
584 uasm_i_nop(p);
585 uasm_i_nop(p);
586 uasm_i_nop(p);
587 uasm_i_nop(p);
588 tlbw(p);
589 break;
590
591 case CPU_VR4111:
592 case CPU_VR4121:
593 case CPU_VR4122:
594 case CPU_VR4181:
595 case CPU_VR4181A:
596 uasm_i_nop(p);
597 uasm_i_nop(p);
598 tlbw(p);
599 uasm_i_nop(p);
600 uasm_i_nop(p);
601 break;
602
603 case CPU_VR4131:
604 case CPU_VR4133:
605 case CPU_R5432:
606 uasm_i_nop(p);
607 uasm_i_nop(p);
608 tlbw(p);
609 break;
610
611 case CPU_JZRISC:
612 tlbw(p);
613 uasm_i_nop(p);
614 break;
615
616 default:
617 panic("No TLB refill handler yet (CPU type: %d)",
618 current_cpu_type());
619 break;
620 }
621 }
622 EXPORT_SYMBOL_GPL(build_tlb_write_entry);
623
624 static __maybe_unused void build_convert_pte_to_entrylo(u32 **p,
625 unsigned int reg)
626 {
627 if (_PAGE_GLOBAL_SHIFT == 0) {
628 /* pte_t is already in EntryLo format */
629 return;
630 }
631
632 if (cpu_has_rixi && _PAGE_NO_EXEC) {
633 if (fill_includes_sw_bits) {
634 UASM_i_ROTR(p, reg, reg, ilog2(_PAGE_GLOBAL));
635 } else {
636 UASM_i_SRL(p, reg, reg, ilog2(_PAGE_NO_EXEC));
637 UASM_i_ROTR(p, reg, reg,
638 ilog2(_PAGE_GLOBAL) - ilog2(_PAGE_NO_EXEC));
639 }
640 } else {
641 #ifdef CONFIG_PHYS_ADDR_T_64BIT
642 uasm_i_dsrl_safe(p, reg, reg, ilog2(_PAGE_GLOBAL));
643 #else
644 UASM_i_SRL(p, reg, reg, ilog2(_PAGE_GLOBAL));
645 #endif
646 }
647 }
648
649 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
650
651 static void build_restore_pagemask(u32 **p, struct uasm_reloc **r,
652 unsigned int tmp, enum label_id lid,
653 int restore_scratch)
654 {
655 if (restore_scratch) {
656 /* Reset default page size */
657 if (PM_DEFAULT_MASK >> 16) {
658 uasm_i_lui(p, tmp, PM_DEFAULT_MASK >> 16);
659 uasm_i_ori(p, tmp, tmp, PM_DEFAULT_MASK & 0xffff);
660 uasm_i_mtc0(p, tmp, C0_PAGEMASK);
661 uasm_il_b(p, r, lid);
662 } else if (PM_DEFAULT_MASK) {
663 uasm_i_ori(p, tmp, 0, PM_DEFAULT_MASK);
664 uasm_i_mtc0(p, tmp, C0_PAGEMASK);
665 uasm_il_b(p, r, lid);
666 } else {
667 uasm_i_mtc0(p, 0, C0_PAGEMASK);
668 uasm_il_b(p, r, lid);
669 }
670 if (scratch_reg >= 0)
671 UASM_i_MFC0(p, 1, c0_kscratch(), scratch_reg);
672 else
673 UASM_i_LW(p, 1, scratchpad_offset(0), 0);
674 } else {
675 /* Reset default page size */
676 if (PM_DEFAULT_MASK >> 16) {
677 uasm_i_lui(p, tmp, PM_DEFAULT_MASK >> 16);
678 uasm_i_ori(p, tmp, tmp, PM_DEFAULT_MASK & 0xffff);
679 uasm_il_b(p, r, lid);
680 uasm_i_mtc0(p, tmp, C0_PAGEMASK);
681 } else if (PM_DEFAULT_MASK) {
682 uasm_i_ori(p, tmp, 0, PM_DEFAULT_MASK);
683 uasm_il_b(p, r, lid);
684 uasm_i_mtc0(p, tmp, C0_PAGEMASK);
685 } else {
686 uasm_il_b(p, r, lid);
687 uasm_i_mtc0(p, 0, C0_PAGEMASK);
688 }
689 }
690 }
691
692 static void build_huge_tlb_write_entry(u32 **p, struct uasm_label **l,
693 struct uasm_reloc **r,
694 unsigned int tmp,
695 enum tlb_write_entry wmode,
696 int restore_scratch)
697 {
698 /* Set huge page tlb entry size */
699 uasm_i_lui(p, tmp, PM_HUGE_MASK >> 16);
700 uasm_i_ori(p, tmp, tmp, PM_HUGE_MASK & 0xffff);
701 uasm_i_mtc0(p, tmp, C0_PAGEMASK);
702
703 build_tlb_write_entry(p, l, r, wmode);
704
705 build_restore_pagemask(p, r, tmp, label_leave, restore_scratch);
706 }
707
708 /*
709 * Check if Huge PTE is present, if so then jump to LABEL.
710 */
711 static void
712 build_is_huge_pte(u32 **p, struct uasm_reloc **r, unsigned int tmp,
713 unsigned int pmd, int lid)
714 {
715 UASM_i_LW(p, tmp, 0, pmd);
716 if (use_bbit_insns()) {
717 uasm_il_bbit1(p, r, tmp, ilog2(_PAGE_HUGE), lid);
718 } else {
719 uasm_i_andi(p, tmp, tmp, _PAGE_HUGE);
720 uasm_il_bnez(p, r, tmp, lid);
721 }
722 }
723
724 static void build_huge_update_entries(u32 **p, unsigned int pte,
725 unsigned int tmp)
726 {
727 int small_sequence;
728
729 /*
730 * A huge PTE describes an area the size of the
731 * configured huge page size. This is twice the
732 * of the large TLB entry size we intend to use.
733 * A TLB entry half the size of the configured
734 * huge page size is configured into entrylo0
735 * and entrylo1 to cover the contiguous huge PTE
736 * address space.
737 */
738 small_sequence = (HPAGE_SIZE >> 7) < 0x10000;
739
740 /* We can clobber tmp. It isn't used after this.*/
741 if (!small_sequence)
742 uasm_i_lui(p, tmp, HPAGE_SIZE >> (7 + 16));
743
744 build_convert_pte_to_entrylo(p, pte);
745 UASM_i_MTC0(p, pte, C0_ENTRYLO0); /* load it */
746 /* convert to entrylo1 */
747 if (small_sequence)
748 UASM_i_ADDIU(p, pte, pte, HPAGE_SIZE >> 7);
749 else
750 UASM_i_ADDU(p, pte, pte, tmp);
751
752 UASM_i_MTC0(p, pte, C0_ENTRYLO1); /* load it */
753 }
754
755 static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r,
756 struct uasm_label **l,
757 unsigned int pte,
758 unsigned int ptr,
759 unsigned int flush)
760 {
761 #ifdef CONFIG_SMP
762 UASM_i_SC(p, pte, 0, ptr);
763 uasm_il_beqz(p, r, pte, label_tlb_huge_update);
764 UASM_i_LW(p, pte, 0, ptr); /* Needed because SC killed our PTE */
765 #else
766 UASM_i_SW(p, pte, 0, ptr);
767 #endif
768 if (cpu_has_ftlb && flush) {
769 BUG_ON(!cpu_has_tlbinv);
770
771 UASM_i_MFC0(p, ptr, C0_ENTRYHI);
772 uasm_i_ori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
773 UASM_i_MTC0(p, ptr, C0_ENTRYHI);
774 build_tlb_write_entry(p, l, r, tlb_indexed);
775
776 uasm_i_xori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
777 UASM_i_MTC0(p, ptr, C0_ENTRYHI);
778 build_huge_update_entries(p, pte, ptr);
779 build_huge_tlb_write_entry(p, l, r, pte, tlb_random, 0);
780
781 return;
782 }
783
784 build_huge_update_entries(p, pte, ptr);
785 build_huge_tlb_write_entry(p, l, r, pte, tlb_indexed, 0);
786 }
787 #endif /* CONFIG_MIPS_HUGE_TLB_SUPPORT */
788
789 #ifdef CONFIG_64BIT
790 /*
791 * TMP and PTR are scratch.
792 * TMP will be clobbered, PTR will hold the pmd entry.
793 */
794 void build_get_pmde64(u32 **p, struct uasm_label **l, struct uasm_reloc **r,
795 unsigned int tmp, unsigned int ptr)
796 {
797 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT
798 long pgdc = (long)pgd_current;
799 #endif
800 /*
801 * The vmalloc handling is not in the hotpath.
802 */
803 uasm_i_dmfc0(p, tmp, C0_BADVADDR);
804
805 if (check_for_high_segbits) {
806 /*
807 * The kernel currently implicitely assumes that the
808 * MIPS SEGBITS parameter for the processor is
809 * (PGDIR_SHIFT+PGDIR_BITS) or less, and will never
810 * allocate virtual addresses outside the maximum
811 * range for SEGBITS = (PGDIR_SHIFT+PGDIR_BITS). But
812 * that doesn't prevent user code from accessing the
813 * higher xuseg addresses. Here, we make sure that
814 * everything but the lower xuseg addresses goes down
815 * the module_alloc/vmalloc path.
816 */
817 uasm_i_dsrl_safe(p, ptr, tmp, PGDIR_SHIFT + PGD_ORDER + PAGE_SHIFT - 3);
818 uasm_il_bnez(p, r, ptr, label_vmalloc);
819 } else {
820 uasm_il_bltz(p, r, tmp, label_vmalloc);
821 }
822 /* No uasm_i_nop needed here, since the next insn doesn't touch TMP. */
823
824 if (pgd_reg != -1) {
825 /* pgd is in pgd_reg */
826 if (cpu_has_ldpte)
827 UASM_i_MFC0(p, ptr, C0_PWBASE);
828 else
829 UASM_i_MFC0(p, ptr, c0_kscratch(), pgd_reg);
830 } else {
831 #if defined(CONFIG_MIPS_PGD_C0_CONTEXT)
832 /*
833 * &pgd << 11 stored in CONTEXT [23..63].
834 */
835 UASM_i_MFC0(p, ptr, C0_CONTEXT);
836
837 /* Clear lower 23 bits of context. */
838 uasm_i_dins(p, ptr, 0, 0, 23);
839
840 /* 1 0 1 0 1 << 6 xkphys cached */
841 uasm_i_ori(p, ptr, ptr, 0x540);
842 uasm_i_drotr(p, ptr, ptr, 11);
843 #elif defined(CONFIG_SMP)
844 UASM_i_CPUID_MFC0(p, ptr, SMP_CPUID_REG);
845 uasm_i_dsrl_safe(p, ptr, ptr, SMP_CPUID_PTRSHIFT);
846 UASM_i_LA_mostly(p, tmp, pgdc);
847 uasm_i_daddu(p, ptr, ptr, tmp);
848 uasm_i_dmfc0(p, tmp, C0_BADVADDR);
849 uasm_i_ld(p, ptr, uasm_rel_lo(pgdc), ptr);
850 #else
851 UASM_i_LA_mostly(p, ptr, pgdc);
852 uasm_i_ld(p, ptr, uasm_rel_lo(pgdc), ptr);
853 #endif
854 }
855
856 uasm_l_vmalloc_done(l, *p);
857
858 /* get pgd offset in bytes */
859 uasm_i_dsrl_safe(p, tmp, tmp, PGDIR_SHIFT - 3);
860
861 uasm_i_andi(p, tmp, tmp, (PTRS_PER_PGD - 1)<<3);
862 uasm_i_daddu(p, ptr, ptr, tmp); /* add in pgd offset */
863 #ifndef __PAGETABLE_PUD_FOLDED
864 uasm_i_dmfc0(p, tmp, C0_BADVADDR); /* get faulting address */
865 uasm_i_ld(p, ptr, 0, ptr); /* get pud pointer */
866 uasm_i_dsrl_safe(p, tmp, tmp, PUD_SHIFT - 3); /* get pud offset in bytes */
867 uasm_i_andi(p, tmp, tmp, (PTRS_PER_PUD - 1) << 3);
868 uasm_i_daddu(p, ptr, ptr, tmp); /* add in pud offset */
869 #endif
870 #ifndef __PAGETABLE_PMD_FOLDED
871 uasm_i_dmfc0(p, tmp, C0_BADVADDR); /* get faulting address */
872 uasm_i_ld(p, ptr, 0, ptr); /* get pmd pointer */
873 uasm_i_dsrl_safe(p, tmp, tmp, PMD_SHIFT-3); /* get pmd offset in bytes */
874 uasm_i_andi(p, tmp, tmp, (PTRS_PER_PMD - 1)<<3);
875 uasm_i_daddu(p, ptr, ptr, tmp); /* add in pmd offset */
876 #endif
877 }
878 EXPORT_SYMBOL_GPL(build_get_pmde64);
879
880 /*
881 * BVADDR is the faulting address, PTR is scratch.
882 * PTR will hold the pgd for vmalloc.
883 */
884 static void
885 build_get_pgd_vmalloc64(u32 **p, struct uasm_label **l, struct uasm_reloc **r,
886 unsigned int bvaddr, unsigned int ptr,
887 enum vmalloc64_mode mode)
888 {
889 long swpd = (long)swapper_pg_dir;
890 int single_insn_swpd;
891 int did_vmalloc_branch = 0;
892
893 single_insn_swpd = uasm_in_compat_space_p(swpd) && !uasm_rel_lo(swpd);
894
895 uasm_l_vmalloc(l, *p);
896
897 if (mode != not_refill && check_for_high_segbits) {
898 if (single_insn_swpd) {
899 uasm_il_bltz(p, r, bvaddr, label_vmalloc_done);
900 uasm_i_lui(p, ptr, uasm_rel_hi(swpd));
901 did_vmalloc_branch = 1;
902 /* fall through */
903 } else {
904 uasm_il_bgez(p, r, bvaddr, label_large_segbits_fault);
905 }
906 }
907 if (!did_vmalloc_branch) {
908 if (single_insn_swpd) {
909 uasm_il_b(p, r, label_vmalloc_done);
910 uasm_i_lui(p, ptr, uasm_rel_hi(swpd));
911 } else {
912 UASM_i_LA_mostly(p, ptr, swpd);
913 uasm_il_b(p, r, label_vmalloc_done);
914 if (uasm_in_compat_space_p(swpd))
915 uasm_i_addiu(p, ptr, ptr, uasm_rel_lo(swpd));
916 else
917 uasm_i_daddiu(p, ptr, ptr, uasm_rel_lo(swpd));
918 }
919 }
920 if (mode != not_refill && check_for_high_segbits) {
921 uasm_l_large_segbits_fault(l, *p);
922 /*
923 * We get here if we are an xsseg address, or if we are
924 * an xuseg address above (PGDIR_SHIFT+PGDIR_BITS) boundary.
925 *
926 * Ignoring xsseg (assume disabled so would generate
927 * (address errors?), the only remaining possibility
928 * is the upper xuseg addresses. On processors with
929 * TLB_SEGBITS <= PGDIR_SHIFT+PGDIR_BITS, these
930 * addresses would have taken an address error. We try
931 * to mimic that here by taking a load/istream page
932 * fault.
933 */
934 UASM_i_LA(p, ptr, (unsigned long)tlb_do_page_fault_0);
935 uasm_i_jr(p, ptr);
936
937 if (mode == refill_scratch) {
938 if (scratch_reg >= 0)
939 UASM_i_MFC0(p, 1, c0_kscratch(), scratch_reg);
940 else
941 UASM_i_LW(p, 1, scratchpad_offset(0), 0);
942 } else {
943 uasm_i_nop(p);
944 }
945 }
946 }
947
948 #else /* !CONFIG_64BIT */
949
950 /*
951 * TMP and PTR are scratch.
952 * TMP will be clobbered, PTR will hold the pgd entry.
953 */
954 void build_get_pgde32(u32 **p, unsigned int tmp, unsigned int ptr)
955 {
956 if (pgd_reg != -1) {
957 /* pgd is in pgd_reg */
958 uasm_i_mfc0(p, ptr, c0_kscratch(), pgd_reg);
959 uasm_i_mfc0(p, tmp, C0_BADVADDR); /* get faulting address */
960 } else {
961 long pgdc = (long)pgd_current;
962
963 /* 32 bit SMP has smp_processor_id() stored in CONTEXT. */
964 #ifdef CONFIG_SMP
965 uasm_i_mfc0(p, ptr, SMP_CPUID_REG);
966 UASM_i_LA_mostly(p, tmp, pgdc);
967 uasm_i_srl(p, ptr, ptr, SMP_CPUID_PTRSHIFT);
968 uasm_i_addu(p, ptr, tmp, ptr);
969 #else
970 UASM_i_LA_mostly(p, ptr, pgdc);
971 #endif
972 uasm_i_mfc0(p, tmp, C0_BADVADDR); /* get faulting address */
973 uasm_i_lw(p, ptr, uasm_rel_lo(pgdc), ptr);
974 }
975 uasm_i_srl(p, tmp, tmp, PGDIR_SHIFT); /* get pgd only bits */
976 uasm_i_sll(p, tmp, tmp, PGD_T_LOG2);
977 uasm_i_addu(p, ptr, ptr, tmp); /* add in pgd offset */
978 }
979 EXPORT_SYMBOL_GPL(build_get_pgde32);
980
981 #endif /* !CONFIG_64BIT */
982
983 static void build_adjust_context(u32 **p, unsigned int ctx)
984 {
985 unsigned int shift = 4 - (PTE_T_LOG2 + 1) + PAGE_SHIFT - 12;
986 unsigned int mask = (PTRS_PER_PTE / 2 - 1) << (PTE_T_LOG2 + 1);
987
988 switch (current_cpu_type()) {
989 case CPU_VR41XX:
990 case CPU_VR4111:
991 case CPU_VR4121:
992 case CPU_VR4122:
993 case CPU_VR4131:
994 case CPU_VR4181:
995 case CPU_VR4181A:
996 case CPU_VR4133:
997 shift += 2;
998 break;
999
1000 default:
1001 break;
1002 }
1003
1004 if (shift)
1005 UASM_i_SRL(p, ctx, ctx, shift);
1006 uasm_i_andi(p, ctx, ctx, mask);
1007 }
1008
1009 void build_get_ptep(u32 **p, unsigned int tmp, unsigned int ptr)
1010 {
1011 /*
1012 * Bug workaround for the Nevada. It seems as if under certain
1013 * circumstances the move from cp0_context might produce a
1014 * bogus result when the mfc0 instruction and its consumer are
1015 * in a different cacheline or a load instruction, probably any
1016 * memory reference, is between them.
1017 */
1018 switch (current_cpu_type()) {
1019 case CPU_NEVADA:
1020 UASM_i_LW(p, ptr, 0, ptr);
1021 GET_CONTEXT(p, tmp); /* get context reg */
1022 break;
1023
1024 default:
1025 GET_CONTEXT(p, tmp); /* get context reg */
1026 UASM_i_LW(p, ptr, 0, ptr);
1027 break;
1028 }
1029
1030 build_adjust_context(p, tmp);
1031 UASM_i_ADDU(p, ptr, ptr, tmp); /* add in offset */
1032 }
1033 EXPORT_SYMBOL_GPL(build_get_ptep);
1034
1035 void build_update_entries(u32 **p, unsigned int tmp, unsigned int ptep)
1036 {
1037 int pte_off_even = 0;
1038 int pte_off_odd = sizeof(pte_t);
1039
1040 #if defined(CONFIG_CPU_MIPS32) && defined(CONFIG_PHYS_ADDR_T_64BIT)
1041 /* The low 32 bits of EntryLo is stored in pte_high */
1042 pte_off_even += offsetof(pte_t, pte_high);
1043 pte_off_odd += offsetof(pte_t, pte_high);
1044 #endif
1045
1046 if (IS_ENABLED(CONFIG_XPA)) {
1047 uasm_i_lw(p, tmp, pte_off_even, ptep); /* even pte */
1048 UASM_i_ROTR(p, tmp, tmp, ilog2(_PAGE_GLOBAL));
1049 UASM_i_MTC0(p, tmp, C0_ENTRYLO0);
1050
1051 if (cpu_has_xpa && !mips_xpa_disabled) {
1052 uasm_i_lw(p, tmp, 0, ptep);
1053 uasm_i_ext(p, tmp, tmp, 0, 24);
1054 uasm_i_mthc0(p, tmp, C0_ENTRYLO0);
1055 }
1056
1057 uasm_i_lw(p, tmp, pte_off_odd, ptep); /* odd pte */
1058 UASM_i_ROTR(p, tmp, tmp, ilog2(_PAGE_GLOBAL));
1059 UASM_i_MTC0(p, tmp, C0_ENTRYLO1);
1060
1061 if (cpu_has_xpa && !mips_xpa_disabled) {
1062 uasm_i_lw(p, tmp, sizeof(pte_t), ptep);
1063 uasm_i_ext(p, tmp, tmp, 0, 24);
1064 uasm_i_mthc0(p, tmp, C0_ENTRYLO1);
1065 }
1066 return;
1067 }
1068
1069 UASM_i_LW(p, tmp, pte_off_even, ptep); /* get even pte */
1070 UASM_i_LW(p, ptep, pte_off_odd, ptep); /* get odd pte */
1071 if (r45k_bvahwbug())
1072 build_tlb_probe_entry(p);
1073 build_convert_pte_to_entrylo(p, tmp);
1074 if (r4k_250MHZhwbug())
1075 UASM_i_MTC0(p, 0, C0_ENTRYLO0);
1076 UASM_i_MTC0(p, tmp, C0_ENTRYLO0); /* load it */
1077 build_convert_pte_to_entrylo(p, ptep);
1078 if (r45k_bvahwbug())
1079 uasm_i_mfc0(p, tmp, C0_INDEX);
1080 if (r4k_250MHZhwbug())
1081 UASM_i_MTC0(p, 0, C0_ENTRYLO1);
1082 UASM_i_MTC0(p, ptep, C0_ENTRYLO1); /* load it */
1083 }
1084 EXPORT_SYMBOL_GPL(build_update_entries);
1085
1086 struct mips_huge_tlb_info {
1087 int huge_pte;
1088 int restore_scratch;
1089 bool need_reload_pte;
1090 };
1091
1092 static struct mips_huge_tlb_info
1093 build_fast_tlb_refill_handler (u32 **p, struct uasm_label **l,
1094 struct uasm_reloc **r, unsigned int tmp,
1095 unsigned int ptr, int c0_scratch_reg)
1096 {
1097 struct mips_huge_tlb_info rv;
1098 unsigned int even, odd;
1099 int vmalloc_branch_delay_filled = 0;
1100 const int scratch = 1; /* Our extra working register */
1101
1102 rv.huge_pte = scratch;
1103 rv.restore_scratch = 0;
1104 rv.need_reload_pte = false;
1105
1106 if (check_for_high_segbits) {
1107 UASM_i_MFC0(p, tmp, C0_BADVADDR);
1108
1109 if (pgd_reg != -1)
1110 UASM_i_MFC0(p, ptr, c0_kscratch(), pgd_reg);
1111 else
1112 UASM_i_MFC0(p, ptr, C0_CONTEXT);
1113
1114 if (c0_scratch_reg >= 0)
1115 UASM_i_MTC0(p, scratch, c0_kscratch(), c0_scratch_reg);
1116 else
1117 UASM_i_SW(p, scratch, scratchpad_offset(0), 0);
1118
1119 uasm_i_dsrl_safe(p, scratch, tmp,
1120 PGDIR_SHIFT + PGD_ORDER + PAGE_SHIFT - 3);
1121 uasm_il_bnez(p, r, scratch, label_vmalloc);
1122
1123 if (pgd_reg == -1) {
1124 vmalloc_branch_delay_filled = 1;
1125 /* Clear lower 23 bits of context. */
1126 uasm_i_dins(p, ptr, 0, 0, 23);
1127 }
1128 } else {
1129 if (pgd_reg != -1)
1130 UASM_i_MFC0(p, ptr, c0_kscratch(), pgd_reg);
1131 else
1132 UASM_i_MFC0(p, ptr, C0_CONTEXT);
1133
1134 UASM_i_MFC0(p, tmp, C0_BADVADDR);
1135
1136 if (c0_scratch_reg >= 0)
1137 UASM_i_MTC0(p, scratch, c0_kscratch(), c0_scratch_reg);
1138 else
1139 UASM_i_SW(p, scratch, scratchpad_offset(0), 0);
1140
1141 if (pgd_reg == -1)
1142 /* Clear lower 23 bits of context. */
1143 uasm_i_dins(p, ptr, 0, 0, 23);
1144
1145 uasm_il_bltz(p, r, tmp, label_vmalloc);
1146 }
1147
1148 if (pgd_reg == -1) {
1149 vmalloc_branch_delay_filled = 1;
1150 /* 1 0 1 0 1 << 6 xkphys cached */
1151 uasm_i_ori(p, ptr, ptr, 0x540);
1152 uasm_i_drotr(p, ptr, ptr, 11);
1153 }
1154
1155 #ifdef __PAGETABLE_PMD_FOLDED
1156 #define LOC_PTEP scratch
1157 #else
1158 #define LOC_PTEP ptr
1159 #endif
1160
1161 if (!vmalloc_branch_delay_filled)
1162 /* get pgd offset in bytes */
1163 uasm_i_dsrl_safe(p, scratch, tmp, PGDIR_SHIFT - 3);
1164
1165 uasm_l_vmalloc_done(l, *p);
1166
1167 /*
1168 * tmp ptr
1169 * fall-through case = badvaddr *pgd_current
1170 * vmalloc case = badvaddr swapper_pg_dir
1171 */
1172
1173 if (vmalloc_branch_delay_filled)
1174 /* get pgd offset in bytes */
1175 uasm_i_dsrl_safe(p, scratch, tmp, PGDIR_SHIFT - 3);
1176
1177 #ifdef __PAGETABLE_PMD_FOLDED
1178 GET_CONTEXT(p, tmp); /* get context reg */
1179 #endif
1180 uasm_i_andi(p, scratch, scratch, (PTRS_PER_PGD - 1) << 3);
1181
1182 if (use_lwx_insns()) {
1183 UASM_i_LWX(p, LOC_PTEP, scratch, ptr);
1184 } else {
1185 uasm_i_daddu(p, ptr, ptr, scratch); /* add in pgd offset */
1186 uasm_i_ld(p, LOC_PTEP, 0, ptr); /* get pmd pointer */
1187 }
1188
1189 #ifndef __PAGETABLE_PUD_FOLDED
1190 /* get pud offset in bytes */
1191 uasm_i_dsrl_safe(p, scratch, tmp, PUD_SHIFT - 3);
1192 uasm_i_andi(p, scratch, scratch, (PTRS_PER_PUD - 1) << 3);
1193
1194 if (use_lwx_insns()) {
1195 UASM_i_LWX(p, ptr, scratch, ptr);
1196 } else {
1197 uasm_i_daddu(p, ptr, ptr, scratch); /* add in pmd offset */
1198 UASM_i_LW(p, ptr, 0, ptr);
1199 }
1200 /* ptr contains a pointer to PMD entry */
1201 /* tmp contains the address */
1202 #endif
1203
1204 #ifndef __PAGETABLE_PMD_FOLDED
1205 /* get pmd offset in bytes */
1206 uasm_i_dsrl_safe(p, scratch, tmp, PMD_SHIFT - 3);
1207 uasm_i_andi(p, scratch, scratch, (PTRS_PER_PMD - 1) << 3);
1208 GET_CONTEXT(p, tmp); /* get context reg */
1209
1210 if (use_lwx_insns()) {
1211 UASM_i_LWX(p, scratch, scratch, ptr);
1212 } else {
1213 uasm_i_daddu(p, ptr, ptr, scratch); /* add in pmd offset */
1214 UASM_i_LW(p, scratch, 0, ptr);
1215 }
1216 #endif
1217 /* Adjust the context during the load latency. */
1218 build_adjust_context(p, tmp);
1219
1220 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
1221 uasm_il_bbit1(p, r, scratch, ilog2(_PAGE_HUGE), label_tlb_huge_update);
1222 /*
1223 * The in the LWX case we don't want to do the load in the
1224 * delay slot. It cannot issue in the same cycle and may be
1225 * speculative and unneeded.
1226 */
1227 if (use_lwx_insns())
1228 uasm_i_nop(p);
1229 #endif /* CONFIG_MIPS_HUGE_TLB_SUPPORT */
1230
1231
1232 /* build_update_entries */
1233 if (use_lwx_insns()) {
1234 even = ptr;
1235 odd = tmp;
1236 UASM_i_LWX(p, even, scratch, tmp);
1237 UASM_i_ADDIU(p, tmp, tmp, sizeof(pte_t));
1238 UASM_i_LWX(p, odd, scratch, tmp);
1239 } else {
1240 UASM_i_ADDU(p, ptr, scratch, tmp); /* add in offset */
1241 even = tmp;
1242 odd = ptr;
1243 UASM_i_LW(p, even, 0, ptr); /* get even pte */
1244 UASM_i_LW(p, odd, sizeof(pte_t), ptr); /* get odd pte */
1245 }
1246 if (cpu_has_rixi) {
1247 uasm_i_drotr(p, even, even, ilog2(_PAGE_GLOBAL));
1248 UASM_i_MTC0(p, even, C0_ENTRYLO0); /* load it */
1249 uasm_i_drotr(p, odd, odd, ilog2(_PAGE_GLOBAL));
1250 } else {
1251 uasm_i_dsrl_safe(p, even, even, ilog2(_PAGE_GLOBAL));
1252 UASM_i_MTC0(p, even, C0_ENTRYLO0); /* load it */
1253 uasm_i_dsrl_safe(p, odd, odd, ilog2(_PAGE_GLOBAL));
1254 }
1255 UASM_i_MTC0(p, odd, C0_ENTRYLO1); /* load it */
1256
1257 if (c0_scratch_reg >= 0) {
1258 UASM_i_MFC0(p, scratch, c0_kscratch(), c0_scratch_reg);
1259 build_tlb_write_entry(p, l, r, tlb_random);
1260 uasm_l_leave(l, *p);
1261 rv.restore_scratch = 1;
1262 } else if (PAGE_SHIFT == 14 || PAGE_SHIFT == 13) {
1263 build_tlb_write_entry(p, l, r, tlb_random);
1264 uasm_l_leave(l, *p);
1265 UASM_i_LW(p, scratch, scratchpad_offset(0), 0);
1266 } else {
1267 UASM_i_LW(p, scratch, scratchpad_offset(0), 0);
1268 build_tlb_write_entry(p, l, r, tlb_random);
1269 uasm_l_leave(l, *p);
1270 rv.restore_scratch = 1;
1271 }
1272
1273 uasm_i_eret(p); /* return from trap */
1274
1275 return rv;
1276 }
1277
1278 /*
1279 * For a 64-bit kernel, we are using the 64-bit XTLB refill exception
1280 * because EXL == 0. If we wrap, we can also use the 32 instruction
1281 * slots before the XTLB refill exception handler which belong to the
1282 * unused TLB refill exception.
1283 */
1284 #define MIPS64_REFILL_INSNS 32
1285
1286 static void build_r4000_tlb_refill_handler(void)
1287 {
1288 u32 *p = tlb_handler;
1289 struct uasm_label *l = labels;
1290 struct uasm_reloc *r = relocs;
1291 u32 *f;
1292 unsigned int final_len;
1293 struct mips_huge_tlb_info htlb_info __maybe_unused;
1294 enum vmalloc64_mode vmalloc_mode __maybe_unused;
1295
1296 memset(tlb_handler, 0, sizeof(tlb_handler));
1297 memset(labels, 0, sizeof(labels));
1298 memset(relocs, 0, sizeof(relocs));
1299 memset(final_handler, 0, sizeof(final_handler));
1300
1301 if (IS_ENABLED(CONFIG_64BIT) && (scratch_reg >= 0 || scratchpad_available()) && use_bbit_insns()) {
1302 htlb_info = build_fast_tlb_refill_handler(&p, &l, &r, K0, K1,
1303 scratch_reg);
1304 vmalloc_mode = refill_scratch;
1305 } else {
1306 htlb_info.huge_pte = K0;
1307 htlb_info.restore_scratch = 0;
1308 htlb_info.need_reload_pte = true;
1309 vmalloc_mode = refill_noscratch;
1310 /*
1311 * create the plain linear handler
1312 */
1313 if (bcm1250_m3_war()) {
1314 unsigned int segbits = 44;
1315
1316 uasm_i_dmfc0(&p, K0, C0_BADVADDR);
1317 uasm_i_dmfc0(&p, K1, C0_ENTRYHI);
1318 uasm_i_xor(&p, K0, K0, K1);
1319 uasm_i_dsrl_safe(&p, K1, K0, 62);
1320 uasm_i_dsrl_safe(&p, K0, K0, 12 + 1);
1321 uasm_i_dsll_safe(&p, K0, K0, 64 + 12 + 1 - segbits);
1322 uasm_i_or(&p, K0, K0, K1);
1323 uasm_il_bnez(&p, &r, K0, label_leave);
1324 /* No need for uasm_i_nop */
1325 }
1326
1327 #ifdef CONFIG_64BIT
1328 build_get_pmde64(&p, &l, &r, K0, K1); /* get pmd in K1 */
1329 #else
1330 build_get_pgde32(&p, K0, K1); /* get pgd in K1 */
1331 #endif
1332
1333 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
1334 build_is_huge_pte(&p, &r, K0, K1, label_tlb_huge_update);
1335 #endif
1336
1337 build_get_ptep(&p, K0, K1);
1338 build_update_entries(&p, K0, K1);
1339 build_tlb_write_entry(&p, &l, &r, tlb_random);
1340 uasm_l_leave(&l, p);
1341 uasm_i_eret(&p); /* return from trap */
1342 }
1343 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
1344 uasm_l_tlb_huge_update(&l, p);
1345 if (htlb_info.need_reload_pte)
1346 UASM_i_LW(&p, htlb_info.huge_pte, 0, K1);
1347 build_huge_update_entries(&p, htlb_info.huge_pte, K1);
1348 build_huge_tlb_write_entry(&p, &l, &r, K0, tlb_random,
1349 htlb_info.restore_scratch);
1350 #endif
1351
1352 #ifdef CONFIG_64BIT
1353 build_get_pgd_vmalloc64(&p, &l, &r, K0, K1, vmalloc_mode);
1354 #endif
1355
1356 /*
1357 * Overflow check: For the 64bit handler, we need at least one
1358 * free instruction slot for the wrap-around branch. In worst
1359 * case, if the intended insertion point is a delay slot, we
1360 * need three, with the second nop'ed and the third being
1361 * unused.
1362 */
1363 switch (boot_cpu_type()) {
1364 default:
1365 if (sizeof(long) == 4) {
1366 case CPU_LOONGSON2:
1367 /* Loongson2 ebase is different than r4k, we have more space */
1368 if ((p - tlb_handler) > 64)
1369 panic("TLB refill handler space exceeded");
1370 /*
1371 * Now fold the handler in the TLB refill handler space.
1372 */
1373 f = final_handler;
1374 /* Simplest case, just copy the handler. */
1375 uasm_copy_handler(relocs, labels, tlb_handler, p, f);
1376 final_len = p - tlb_handler;
1377 break;
1378 } else {
1379 if (((p - tlb_handler) > (MIPS64_REFILL_INSNS * 2) - 1)
1380 || (((p - tlb_handler) > (MIPS64_REFILL_INSNS * 2) - 3)
1381 && uasm_insn_has_bdelay(relocs,
1382 tlb_handler + MIPS64_REFILL_INSNS - 3)))
1383 panic("TLB refill handler space exceeded");
1384 /*
1385 * Now fold the handler in the TLB refill handler space.
1386 */
1387 f = final_handler + MIPS64_REFILL_INSNS;
1388 if ((p - tlb_handler) <= MIPS64_REFILL_INSNS) {
1389 /* Just copy the handler. */
1390 uasm_copy_handler(relocs, labels, tlb_handler, p, f);
1391 final_len = p - tlb_handler;
1392 } else {
1393 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
1394 const enum label_id ls = label_tlb_huge_update;
1395 #else
1396 const enum label_id ls = label_vmalloc;
1397 #endif
1398 u32 *split;
1399 int ov = 0;
1400 int i;
1401
1402 for (i = 0; i < ARRAY_SIZE(labels) && labels[i].lab != ls; i++)
1403 ;
1404 BUG_ON(i == ARRAY_SIZE(labels));
1405 split = labels[i].addr;
1406
1407 /*
1408 * See if we have overflown one way or the other.
1409 */
1410 if (split > tlb_handler + MIPS64_REFILL_INSNS ||
1411 split < p - MIPS64_REFILL_INSNS)
1412 ov = 1;
1413
1414 if (ov) {
1415 /*
1416 * Split two instructions before the end. One
1417 * for the branch and one for the instruction
1418 * in the delay slot.
1419 */
1420 split = tlb_handler + MIPS64_REFILL_INSNS - 2;
1421
1422 /*
1423 * If the branch would fall in a delay slot,
1424 * we must back up an additional instruction
1425 * so that it is no longer in a delay slot.
1426 */
1427 if (uasm_insn_has_bdelay(relocs, split - 1))
1428 split--;
1429 }
1430 /* Copy first part of the handler. */
1431 uasm_copy_handler(relocs, labels, tlb_handler, split, f);
1432 f += split - tlb_handler;
1433
1434 if (ov) {
1435 /* Insert branch. */
1436 uasm_l_split(&l, final_handler);
1437 uasm_il_b(&f, &r, label_split);
1438 if (uasm_insn_has_bdelay(relocs, split))
1439 uasm_i_nop(&f);
1440 else {
1441 uasm_copy_handler(relocs, labels,
1442 split, split + 1, f);
1443 uasm_move_labels(labels, f, f + 1, -1);
1444 f++;
1445 split++;
1446 }
1447 }
1448
1449 /* Copy the rest of the handler. */
1450 uasm_copy_handler(relocs, labels, split, p, final_handler);
1451 final_len = (f - (final_handler + MIPS64_REFILL_INSNS)) +
1452 (p - split);
1453 }
1454 }
1455 break;
1456 }
1457
1458 uasm_resolve_relocs(relocs, labels);
1459 pr_debug("Wrote TLB refill handler (%u instructions).\n",
1460 final_len);
1461
1462 memcpy((void *)ebase, final_handler, 0x100);
1463 local_flush_icache_range(ebase, ebase + 0x100);
1464 dump_handler("r4000_tlb_refill", (u32 *)ebase, (u32 *)(ebase + 0x100));
1465 }
1466
1467 static void setup_pw(void)
1468 {
1469 unsigned long pgd_i, pgd_w;
1470 #ifndef __PAGETABLE_PMD_FOLDED
1471 unsigned long pmd_i, pmd_w;
1472 #endif
1473 unsigned long pt_i, pt_w;
1474 unsigned long pte_i, pte_w;
1475 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
1476 unsigned long psn;
1477
1478 psn = ilog2(_PAGE_HUGE); /* bit used to indicate huge page */
1479 #endif
1480 pgd_i = PGDIR_SHIFT; /* 1st level PGD */
1481 #ifndef __PAGETABLE_PMD_FOLDED
1482 pgd_w = PGDIR_SHIFT - PMD_SHIFT + PGD_ORDER;
1483
1484 pmd_i = PMD_SHIFT; /* 2nd level PMD */
1485 pmd_w = PMD_SHIFT - PAGE_SHIFT;
1486 #else
1487 pgd_w = PGDIR_SHIFT - PAGE_SHIFT + PGD_ORDER;
1488 #endif
1489
1490 pt_i = PAGE_SHIFT; /* 3rd level PTE */
1491 pt_w = PAGE_SHIFT - 3;
1492
1493 pte_i = ilog2(_PAGE_GLOBAL);
1494 pte_w = 0;
1495
1496 #ifndef __PAGETABLE_PMD_FOLDED
1497 write_c0_pwfield(pgd_i << 24 | pmd_i << 12 | pt_i << 6 | pte_i);
1498 write_c0_pwsize(1 << 30 | pgd_w << 24 | pmd_w << 12 | pt_w << 6 | pte_w);
1499 #else
1500 write_c0_pwfield(pgd_i << 24 | pt_i << 6 | pte_i);
1501 write_c0_pwsize(1 << 30 | pgd_w << 24 | pt_w << 6 | pte_w);
1502 #endif
1503
1504 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
1505 write_c0_pwctl(1 << 6 | psn);
1506 #endif
1507 write_c0_kpgd((long)swapper_pg_dir);
1508 kscratch_used_mask |= (1 << 7); /* KScratch6 is used for KPGD */
1509 }
1510
1511 static void build_loongson3_tlb_refill_handler(void)
1512 {
1513 u32 *p = tlb_handler;
1514 struct uasm_label *l = labels;
1515 struct uasm_reloc *r = relocs;
1516
1517 memset(labels, 0, sizeof(labels));
1518 memset(relocs, 0, sizeof(relocs));
1519 memset(tlb_handler, 0, sizeof(tlb_handler));
1520
1521 if (check_for_high_segbits) {
1522 uasm_i_dmfc0(&p, K0, C0_BADVADDR);
1523 uasm_i_dsrl_safe(&p, K1, K0, PGDIR_SHIFT + PGD_ORDER + PAGE_SHIFT - 3);
1524 uasm_il_beqz(&p, &r, K1, label_vmalloc);
1525 uasm_i_nop(&p);
1526
1527 uasm_il_bgez(&p, &r, K0, label_large_segbits_fault);
1528 uasm_i_nop(&p);
1529 uasm_l_vmalloc(&l, p);
1530 }
1531
1532 uasm_i_dmfc0(&p, K1, C0_PGD);
1533
1534 uasm_i_lddir(&p, K0, K1, 3); /* global page dir */
1535 #ifndef __PAGETABLE_PMD_FOLDED
1536 uasm_i_lddir(&p, K1, K0, 1); /* middle page dir */
1537 #endif
1538 uasm_i_ldpte(&p, K1, 0); /* even */
1539 uasm_i_ldpte(&p, K1, 1); /* odd */
1540 uasm_i_tlbwr(&p);
1541
1542 /* restore page mask */
1543 if (PM_DEFAULT_MASK >> 16) {
1544 uasm_i_lui(&p, K0, PM_DEFAULT_MASK >> 16);
1545 uasm_i_ori(&p, K0, K0, PM_DEFAULT_MASK & 0xffff);
1546 uasm_i_mtc0(&p, K0, C0_PAGEMASK);
1547 } else if (PM_DEFAULT_MASK) {
1548 uasm_i_ori(&p, K0, 0, PM_DEFAULT_MASK);
1549 uasm_i_mtc0(&p, K0, C0_PAGEMASK);
1550 } else {
1551 uasm_i_mtc0(&p, 0, C0_PAGEMASK);
1552 }
1553
1554 uasm_i_eret(&p);
1555
1556 if (check_for_high_segbits) {
1557 uasm_l_large_segbits_fault(&l, p);
1558 UASM_i_LA(&p, K1, (unsigned long)tlb_do_page_fault_0);
1559 uasm_i_jr(&p, K1);
1560 uasm_i_nop(&p);
1561 }
1562
1563 uasm_resolve_relocs(relocs, labels);
1564 memcpy((void *)(ebase + 0x80), tlb_handler, 0x80);
1565 local_flush_icache_range(ebase + 0x80, ebase + 0x100);
1566 dump_handler("loongson3_tlb_refill",
1567 (u32 *)(ebase + 0x80), (u32 *)(ebase + 0x100));
1568 }
1569
1570 static void build_setup_pgd(void)
1571 {
1572 const int a0 = 4;
1573 const int __maybe_unused a1 = 5;
1574 const int __maybe_unused a2 = 6;
1575 u32 *p = (u32 *)msk_isa16_mode((ulong)tlbmiss_handler_setup_pgd);
1576 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT
1577 long pgdc = (long)pgd_current;
1578 #endif
1579
1580 memset(p, 0, tlbmiss_handler_setup_pgd_end - (char *)p);
1581 memset(labels, 0, sizeof(labels));
1582 memset(relocs, 0, sizeof(relocs));
1583 pgd_reg = allocate_kscratch();
1584 #ifdef CONFIG_MIPS_PGD_C0_CONTEXT
1585 if (pgd_reg == -1) {
1586 struct uasm_label *l = labels;
1587 struct uasm_reloc *r = relocs;
1588
1589 /* PGD << 11 in c0_Context */
1590 /*
1591 * If it is a ckseg0 address, convert to a physical
1592 * address. Shifting right by 29 and adding 4 will
1593 * result in zero for these addresses.
1594 *
1595 */
1596 UASM_i_SRA(&p, a1, a0, 29);
1597 UASM_i_ADDIU(&p, a1, a1, 4);
1598 uasm_il_bnez(&p, &r, a1, label_tlbl_goaround1);
1599 uasm_i_nop(&p);
1600 uasm_i_dinsm(&p, a0, 0, 29, 64 - 29);
1601 uasm_l_tlbl_goaround1(&l, p);
1602 UASM_i_SLL(&p, a0, a0, 11);
1603 uasm_i_jr(&p, 31);
1604 UASM_i_MTC0(&p, a0, C0_CONTEXT);
1605 } else {
1606 /* PGD in c0_KScratch */
1607 uasm_i_jr(&p, 31);
1608 if (cpu_has_ldpte)
1609 UASM_i_MTC0(&p, a0, C0_PWBASE);
1610 else
1611 UASM_i_MTC0(&p, a0, c0_kscratch(), pgd_reg);
1612 }
1613 #else
1614 #ifdef CONFIG_SMP
1615 /* Save PGD to pgd_current[smp_processor_id()] */
1616 UASM_i_CPUID_MFC0(&p, a1, SMP_CPUID_REG);
1617 UASM_i_SRL_SAFE(&p, a1, a1, SMP_CPUID_PTRSHIFT);
1618 UASM_i_LA_mostly(&p, a2, pgdc);
1619 UASM_i_ADDU(&p, a2, a2, a1);
1620 UASM_i_SW(&p, a0, uasm_rel_lo(pgdc), a2);
1621 #else
1622 UASM_i_LA_mostly(&p, a2, pgdc);
1623 UASM_i_SW(&p, a0, uasm_rel_lo(pgdc), a2);
1624 #endif /* SMP */
1625 uasm_i_jr(&p, 31);
1626
1627 /* if pgd_reg is allocated, save PGD also to scratch register */
1628 if (pgd_reg != -1)
1629 UASM_i_MTC0(&p, a0, c0_kscratch(), pgd_reg);
1630 else
1631 uasm_i_nop(&p);
1632 #endif
1633 if (p >= (u32 *)tlbmiss_handler_setup_pgd_end)
1634 panic("tlbmiss_handler_setup_pgd space exceeded");
1635
1636 uasm_resolve_relocs(relocs, labels);
1637 pr_debug("Wrote tlbmiss_handler_setup_pgd (%u instructions).\n",
1638 (unsigned int)(p - (u32 *)tlbmiss_handler_setup_pgd));
1639
1640 dump_handler("tlbmiss_handler", tlbmiss_handler_setup_pgd,
1641 tlbmiss_handler_setup_pgd_end);
1642 }
1643
1644 static void
1645 iPTE_LW(u32 **p, unsigned int pte, unsigned int ptr)
1646 {
1647 #ifdef CONFIG_SMP
1648 # ifdef CONFIG_PHYS_ADDR_T_64BIT
1649 if (cpu_has_64bits)
1650 uasm_i_lld(p, pte, 0, ptr);
1651 else
1652 # endif
1653 UASM_i_LL(p, pte, 0, ptr);
1654 #else
1655 # ifdef CONFIG_PHYS_ADDR_T_64BIT
1656 if (cpu_has_64bits)
1657 uasm_i_ld(p, pte, 0, ptr);
1658 else
1659 # endif
1660 UASM_i_LW(p, pte, 0, ptr);
1661 #endif
1662 }
1663
1664 static void
1665 iPTE_SW(u32 **p, struct uasm_reloc **r, unsigned int pte, unsigned int ptr,
1666 unsigned int mode, unsigned int scratch)
1667 {
1668 unsigned int hwmode = mode & (_PAGE_VALID | _PAGE_DIRTY);
1669 unsigned int swmode = mode & ~hwmode;
1670
1671 if (IS_ENABLED(CONFIG_XPA) && !cpu_has_64bits) {
1672 uasm_i_lui(p, scratch, swmode >> 16);
1673 uasm_i_or(p, pte, pte, scratch);
1674 BUG_ON(swmode & 0xffff);
1675 } else {
1676 uasm_i_ori(p, pte, pte, mode);
1677 }
1678
1679 #ifdef CONFIG_SMP
1680 # ifdef CONFIG_PHYS_ADDR_T_64BIT
1681 if (cpu_has_64bits)
1682 uasm_i_scd(p, pte, 0, ptr);
1683 else
1684 # endif
1685 UASM_i_SC(p, pte, 0, ptr);
1686
1687 if (r10000_llsc_war())
1688 uasm_il_beqzl(p, r, pte, label_smp_pgtable_change);
1689 else
1690 uasm_il_beqz(p, r, pte, label_smp_pgtable_change);
1691
1692 # ifdef CONFIG_PHYS_ADDR_T_64BIT
1693 if (!cpu_has_64bits) {
1694 /* no uasm_i_nop needed */
1695 uasm_i_ll(p, pte, sizeof(pte_t) / 2, ptr);
1696 uasm_i_ori(p, pte, pte, hwmode);
1697 BUG_ON(hwmode & ~0xffff);
1698 uasm_i_sc(p, pte, sizeof(pte_t) / 2, ptr);
1699 uasm_il_beqz(p, r, pte, label_smp_pgtable_change);
1700 /* no uasm_i_nop needed */
1701 uasm_i_lw(p, pte, 0, ptr);
1702 } else
1703 uasm_i_nop(p);
1704 # else
1705 uasm_i_nop(p);
1706 # endif
1707 #else
1708 # ifdef CONFIG_PHYS_ADDR_T_64BIT
1709 if (cpu_has_64bits)
1710 uasm_i_sd(p, pte, 0, ptr);
1711 else
1712 # endif
1713 UASM_i_SW(p, pte, 0, ptr);
1714
1715 # ifdef CONFIG_PHYS_ADDR_T_64BIT
1716 if (!cpu_has_64bits) {
1717 uasm_i_lw(p, pte, sizeof(pte_t) / 2, ptr);
1718 uasm_i_ori(p, pte, pte, hwmode);
1719 BUG_ON(hwmode & ~0xffff);
1720 uasm_i_sw(p, pte, sizeof(pte_t) / 2, ptr);
1721 uasm_i_lw(p, pte, 0, ptr);
1722 }
1723 # endif
1724 #endif
1725 }
1726
1727 /*
1728 * Check if PTE is present, if not then jump to LABEL. PTR points to
1729 * the page table where this PTE is located, PTE will be re-loaded
1730 * with it's original value.
1731 */
1732 static void
1733 build_pte_present(u32 **p, struct uasm_reloc **r,
1734 int pte, int ptr, int scratch, enum label_id lid)
1735 {
1736 int t = scratch >= 0 ? scratch : pte;
1737 int cur = pte;
1738
1739 if (cpu_has_rixi) {
1740 if (use_bbit_insns()) {
1741 uasm_il_bbit0(p, r, pte, ilog2(_PAGE_PRESENT), lid);
1742 uasm_i_nop(p);
1743 } else {
1744 if (_PAGE_PRESENT_SHIFT) {
1745 uasm_i_srl(p, t, cur, _PAGE_PRESENT_SHIFT);
1746 cur = t;
1747 }
1748 uasm_i_andi(p, t, cur, 1);
1749 uasm_il_beqz(p, r, t, lid);
1750 if (pte == t)
1751 /* You lose the SMP race :-(*/
1752 iPTE_LW(p, pte, ptr);
1753 }
1754 } else {
1755 if (_PAGE_PRESENT_SHIFT) {
1756 uasm_i_srl(p, t, cur, _PAGE_PRESENT_SHIFT);
1757 cur = t;
1758 }
1759 uasm_i_andi(p, t, cur,
1760 (_PAGE_PRESENT | _PAGE_NO_READ) >> _PAGE_PRESENT_SHIFT);
1761 uasm_i_xori(p, t, t, _PAGE_PRESENT >> _PAGE_PRESENT_SHIFT);
1762 uasm_il_bnez(p, r, t, lid);
1763 if (pte == t)
1764 /* You lose the SMP race :-(*/
1765 iPTE_LW(p, pte, ptr);
1766 }
1767 }
1768
1769 /* Make PTE valid, store result in PTR. */
1770 static void
1771 build_make_valid(u32 **p, struct uasm_reloc **r, unsigned int pte,
1772 unsigned int ptr, unsigned int scratch)
1773 {
1774 unsigned int mode = _PAGE_VALID | _PAGE_ACCESSED;
1775
1776 iPTE_SW(p, r, pte, ptr, mode, scratch);
1777 }
1778
1779 /*
1780 * Check if PTE can be written to, if not branch to LABEL. Regardless
1781 * restore PTE with value from PTR when done.
1782 */
1783 static void
1784 build_pte_writable(u32 **p, struct uasm_reloc **r,
1785 unsigned int pte, unsigned int ptr, int scratch,
1786 enum label_id lid)
1787 {
1788 int t = scratch >= 0 ? scratch : pte;
1789 int cur = pte;
1790
1791 if (_PAGE_PRESENT_SHIFT) {
1792 uasm_i_srl(p, t, cur, _PAGE_PRESENT_SHIFT);
1793 cur = t;
1794 }
1795 uasm_i_andi(p, t, cur,
1796 (_PAGE_PRESENT | _PAGE_WRITE) >> _PAGE_PRESENT_SHIFT);
1797 uasm_i_xori(p, t, t,
1798 (_PAGE_PRESENT | _PAGE_WRITE) >> _PAGE_PRESENT_SHIFT);
1799 uasm_il_bnez(p, r, t, lid);
1800 if (pte == t)
1801 /* You lose the SMP race :-(*/
1802 iPTE_LW(p, pte, ptr);
1803 else
1804 uasm_i_nop(p);
1805 }
1806
1807 /* Make PTE writable, update software status bits as well, then store
1808 * at PTR.
1809 */
1810 static void
1811 build_make_write(u32 **p, struct uasm_reloc **r, unsigned int pte,
1812 unsigned int ptr, unsigned int scratch)
1813 {
1814 unsigned int mode = (_PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID
1815 | _PAGE_DIRTY);
1816
1817 iPTE_SW(p, r, pte, ptr, mode, scratch);
1818 }
1819
1820 /*
1821 * Check if PTE can be modified, if not branch to LABEL. Regardless
1822 * restore PTE with value from PTR when done.
1823 */
1824 static void
1825 build_pte_modifiable(u32 **p, struct uasm_reloc **r,
1826 unsigned int pte, unsigned int ptr, int scratch,
1827 enum label_id lid)
1828 {
1829 if (use_bbit_insns()) {
1830 uasm_il_bbit0(p, r, pte, ilog2(_PAGE_WRITE), lid);
1831 uasm_i_nop(p);
1832 } else {
1833 int t = scratch >= 0 ? scratch : pte;
1834 uasm_i_srl(p, t, pte, _PAGE_WRITE_SHIFT);
1835 uasm_i_andi(p, t, t, 1);
1836 uasm_il_beqz(p, r, t, lid);
1837 if (pte == t)
1838 /* You lose the SMP race :-(*/
1839 iPTE_LW(p, pte, ptr);
1840 }
1841 }
1842
1843 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT
1844
1845
1846 /*
1847 * R3000 style TLB load/store/modify handlers.
1848 */
1849
1850 /*
1851 * This places the pte into ENTRYLO0 and writes it with tlbwi.
1852 * Then it returns.
1853 */
1854 static void
1855 build_r3000_pte_reload_tlbwi(u32 **p, unsigned int pte, unsigned int tmp)
1856 {
1857 uasm_i_mtc0(p, pte, C0_ENTRYLO0); /* cp0 delay */
1858 uasm_i_mfc0(p, tmp, C0_EPC); /* cp0 delay */
1859 uasm_i_tlbwi(p);
1860 uasm_i_jr(p, tmp);
1861 uasm_i_rfe(p); /* branch delay */
1862 }
1863
1864 /*
1865 * This places the pte into ENTRYLO0 and writes it with tlbwi
1866 * or tlbwr as appropriate. This is because the index register
1867 * may have the probe fail bit set as a result of a trap on a
1868 * kseg2 access, i.e. without refill. Then it returns.
1869 */
1870 static void
1871 build_r3000_tlb_reload_write(u32 **p, struct uasm_label **l,
1872 struct uasm_reloc **r, unsigned int pte,
1873 unsigned int tmp)
1874 {
1875 uasm_i_mfc0(p, tmp, C0_INDEX);
1876 uasm_i_mtc0(p, pte, C0_ENTRYLO0); /* cp0 delay */
1877 uasm_il_bltz(p, r, tmp, label_r3000_write_probe_fail); /* cp0 delay */
1878 uasm_i_mfc0(p, tmp, C0_EPC); /* branch delay */
1879 uasm_i_tlbwi(p); /* cp0 delay */
1880 uasm_i_jr(p, tmp);
1881 uasm_i_rfe(p); /* branch delay */
1882 uasm_l_r3000_write_probe_fail(l, *p);
1883 uasm_i_tlbwr(p); /* cp0 delay */
1884 uasm_i_jr(p, tmp);
1885 uasm_i_rfe(p); /* branch delay */
1886 }
1887
1888 static void
1889 build_r3000_tlbchange_handler_head(u32 **p, unsigned int pte,
1890 unsigned int ptr)
1891 {
1892 long pgdc = (long)pgd_current;
1893
1894 uasm_i_mfc0(p, pte, C0_BADVADDR);
1895 uasm_i_lui(p, ptr, uasm_rel_hi(pgdc)); /* cp0 delay */
1896 uasm_i_lw(p, ptr, uasm_rel_lo(pgdc), ptr);
1897 uasm_i_srl(p, pte, pte, 22); /* load delay */
1898 uasm_i_sll(p, pte, pte, 2);
1899 uasm_i_addu(p, ptr, ptr, pte);
1900 uasm_i_mfc0(p, pte, C0_CONTEXT);
1901 uasm_i_lw(p, ptr, 0, ptr); /* cp0 delay */
1902 uasm_i_andi(p, pte, pte, 0xffc); /* load delay */
1903 uasm_i_addu(p, ptr, ptr, pte);
1904 uasm_i_lw(p, pte, 0, ptr);
1905 uasm_i_tlbp(p); /* load delay */
1906 }
1907
1908 static void build_r3000_tlb_load_handler(void)
1909 {
1910 u32 *p = (u32 *)handle_tlbl;
1911 struct uasm_label *l = labels;
1912 struct uasm_reloc *r = relocs;
1913
1914 memset(p, 0, handle_tlbl_end - (char *)p);
1915 memset(labels, 0, sizeof(labels));
1916 memset(relocs, 0, sizeof(relocs));
1917
1918 build_r3000_tlbchange_handler_head(&p, K0, K1);
1919 build_pte_present(&p, &r, K0, K1, -1, label_nopage_tlbl);
1920 uasm_i_nop(&p); /* load delay */
1921 build_make_valid(&p, &r, K0, K1, -1);
1922 build_r3000_tlb_reload_write(&p, &l, &r, K0, K1);
1923
1924 uasm_l_nopage_tlbl(&l, p);
1925 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_0 & 0x0fffffff);
1926 uasm_i_nop(&p);
1927
1928 if (p >= (u32 *)handle_tlbl_end)
1929 panic("TLB load handler fastpath space exceeded");
1930
1931 uasm_resolve_relocs(relocs, labels);
1932 pr_debug("Wrote TLB load handler fastpath (%u instructions).\n",
1933 (unsigned int)(p - (u32 *)handle_tlbl));
1934
1935 dump_handler("r3000_tlb_load", handle_tlbl, handle_tlbl_end);
1936 }
1937
1938 static void build_r3000_tlb_store_handler(void)
1939 {
1940 u32 *p = (u32 *)handle_tlbs;
1941 struct uasm_label *l = labels;
1942 struct uasm_reloc *r = relocs;
1943
1944 memset(p, 0, handle_tlbs_end - (char *)p);
1945 memset(labels, 0, sizeof(labels));
1946 memset(relocs, 0, sizeof(relocs));
1947
1948 build_r3000_tlbchange_handler_head(&p, K0, K1);
1949 build_pte_writable(&p, &r, K0, K1, -1, label_nopage_tlbs);
1950 uasm_i_nop(&p); /* load delay */
1951 build_make_write(&p, &r, K0, K1, -1);
1952 build_r3000_tlb_reload_write(&p, &l, &r, K0, K1);
1953
1954 uasm_l_nopage_tlbs(&l, p);
1955 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff);
1956 uasm_i_nop(&p);
1957
1958 if (p >= (u32 *)handle_tlbs_end)
1959 panic("TLB store handler fastpath space exceeded");
1960
1961 uasm_resolve_relocs(relocs, labels);
1962 pr_debug("Wrote TLB store handler fastpath (%u instructions).\n",
1963 (unsigned int)(p - (u32 *)handle_tlbs));
1964
1965 dump_handler("r3000_tlb_store", handle_tlbs, handle_tlbs_end);
1966 }
1967
1968 static void build_r3000_tlb_modify_handler(void)
1969 {
1970 u32 *p = (u32 *)handle_tlbm;
1971 struct uasm_label *l = labels;
1972 struct uasm_reloc *r = relocs;
1973
1974 memset(p, 0, handle_tlbm_end - (char *)p);
1975 memset(labels, 0, sizeof(labels));
1976 memset(relocs, 0, sizeof(relocs));
1977
1978 build_r3000_tlbchange_handler_head(&p, K0, K1);
1979 build_pte_modifiable(&p, &r, K0, K1, -1, label_nopage_tlbm);
1980 uasm_i_nop(&p); /* load delay */
1981 build_make_write(&p, &r, K0, K1, -1);
1982 build_r3000_pte_reload_tlbwi(&p, K0, K1);
1983
1984 uasm_l_nopage_tlbm(&l, p);
1985 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff);
1986 uasm_i_nop(&p);
1987
1988 if (p >= (u32 *)handle_tlbm_end)
1989 panic("TLB modify handler fastpath space exceeded");
1990
1991 uasm_resolve_relocs(relocs, labels);
1992 pr_debug("Wrote TLB modify handler fastpath (%u instructions).\n",
1993 (unsigned int)(p - (u32 *)handle_tlbm));
1994
1995 dump_handler("r3000_tlb_modify", handle_tlbm, handle_tlbm_end);
1996 }
1997 #endif /* CONFIG_MIPS_PGD_C0_CONTEXT */
1998
1999 static bool cpu_has_tlbex_tlbp_race(void)
2000 {
2001 /*
2002 * When a Hardware Table Walker is running it can replace TLB entries
2003 * at any time, leading to a race between it & the CPU.
2004 */
2005 if (cpu_has_htw)
2006 return true;
2007
2008 /*
2009 * If the CPU shares FTLB RAM with its siblings then our entry may be
2010 * replaced at any time by a sibling performing a write to the FTLB.
2011 */
2012 if (cpu_has_shared_ftlb_ram)
2013 return true;
2014
2015 /* In all other cases there ought to be no race condition to handle */
2016 return false;
2017 }
2018
2019 /*
2020 * R4000 style TLB load/store/modify handlers.
2021 */
2022 static struct work_registers
2023 build_r4000_tlbchange_handler_head(u32 **p, struct uasm_label **l,
2024 struct uasm_reloc **r)
2025 {
2026 struct work_registers wr = build_get_work_registers(p);
2027
2028 #ifdef CONFIG_64BIT
2029 build_get_pmde64(p, l, r, wr.r1, wr.r2); /* get pmd in ptr */
2030 #else
2031 build_get_pgde32(p, wr.r1, wr.r2); /* get pgd in ptr */
2032 #endif
2033
2034 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
2035 /*
2036 * For huge tlb entries, pmd doesn't contain an address but
2037 * instead contains the tlb pte. Check the PAGE_HUGE bit and
2038 * see if we need to jump to huge tlb processing.
2039 */
2040 build_is_huge_pte(p, r, wr.r1, wr.r2, label_tlb_huge_update);
2041 #endif
2042
2043 UASM_i_MFC0(p, wr.r1, C0_BADVADDR);
2044 UASM_i_LW(p, wr.r2, 0, wr.r2);
2045 UASM_i_SRL(p, wr.r1, wr.r1, PAGE_SHIFT + PTE_ORDER - PTE_T_LOG2);
2046 uasm_i_andi(p, wr.r1, wr.r1, (PTRS_PER_PTE - 1) << PTE_T_LOG2);
2047 UASM_i_ADDU(p, wr.r2, wr.r2, wr.r1);
2048
2049 #ifdef CONFIG_SMP
2050 uasm_l_smp_pgtable_change(l, *p);
2051 #endif
2052 iPTE_LW(p, wr.r1, wr.r2); /* get even pte */
2053 if (!m4kc_tlbp_war()) {
2054 build_tlb_probe_entry(p);
2055 if (cpu_has_tlbex_tlbp_race()) {
2056 /* race condition happens, leaving */
2057 uasm_i_ehb(p);
2058 uasm_i_mfc0(p, wr.r3, C0_INDEX);
2059 uasm_il_bltz(p, r, wr.r3, label_leave);
2060 uasm_i_nop(p);
2061 }
2062 }
2063 return wr;
2064 }
2065
2066 static void
2067 build_r4000_tlbchange_handler_tail(u32 **p, struct uasm_label **l,
2068 struct uasm_reloc **r, unsigned int tmp,
2069 unsigned int ptr)
2070 {
2071 uasm_i_ori(p, ptr, ptr, sizeof(pte_t));
2072 uasm_i_xori(p, ptr, ptr, sizeof(pte_t));
2073 build_update_entries(p, tmp, ptr);
2074 build_tlb_write_entry(p, l, r, tlb_indexed);
2075 uasm_l_leave(l, *p);
2076 build_restore_work_registers(p);
2077 uasm_i_eret(p); /* return from trap */
2078
2079 #ifdef CONFIG_64BIT
2080 build_get_pgd_vmalloc64(p, l, r, tmp, ptr, not_refill);
2081 #endif
2082 }
2083
2084 static void build_r4000_tlb_load_handler(void)
2085 {
2086 u32 *p = (u32 *)msk_isa16_mode((ulong)handle_tlbl);
2087 struct uasm_label *l = labels;
2088 struct uasm_reloc *r = relocs;
2089 struct work_registers wr;
2090
2091 memset(p, 0, handle_tlbl_end - (char *)p);
2092 memset(labels, 0, sizeof(labels));
2093 memset(relocs, 0, sizeof(relocs));
2094
2095 if (bcm1250_m3_war()) {
2096 unsigned int segbits = 44;
2097
2098 uasm_i_dmfc0(&p, K0, C0_BADVADDR);
2099 uasm_i_dmfc0(&p, K1, C0_ENTRYHI);
2100 uasm_i_xor(&p, K0, K0, K1);
2101 uasm_i_dsrl_safe(&p, K1, K0, 62);
2102 uasm_i_dsrl_safe(&p, K0, K0, 12 + 1);
2103 uasm_i_dsll_safe(&p, K0, K0, 64 + 12 + 1 - segbits);
2104 uasm_i_or(&p, K0, K0, K1);
2105 uasm_il_bnez(&p, &r, K0, label_leave);
2106 /* No need for uasm_i_nop */
2107 }
2108
2109 wr = build_r4000_tlbchange_handler_head(&p, &l, &r);
2110 build_pte_present(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbl);
2111 if (m4kc_tlbp_war())
2112 build_tlb_probe_entry(&p);
2113
2114 if (cpu_has_rixi && !cpu_has_rixiex) {
2115 /*
2116 * If the page is not _PAGE_VALID, RI or XI could not
2117 * have triggered it. Skip the expensive test..
2118 */
2119 if (use_bbit_insns()) {
2120 uasm_il_bbit0(&p, &r, wr.r1, ilog2(_PAGE_VALID),
2121 label_tlbl_goaround1);
2122 } else {
2123 uasm_i_andi(&p, wr.r3, wr.r1, _PAGE_VALID);
2124 uasm_il_beqz(&p, &r, wr.r3, label_tlbl_goaround1);
2125 }
2126 uasm_i_nop(&p);
2127
2128 /*
2129 * Warn if something may race with us & replace the TLB entry
2130 * before we read it here. Everything with such races should
2131 * also have dedicated RiXi exception handlers, so this
2132 * shouldn't be hit.
2133 */
2134 WARN(cpu_has_tlbex_tlbp_race(), "Unhandled race in RiXi path");
2135
2136 uasm_i_tlbr(&p);
2137
2138 switch (current_cpu_type()) {
2139 default:
2140 if (cpu_has_mips_r2_exec_hazard) {
2141 uasm_i_ehb(&p);
2142
2143 case CPU_CAVIUM_OCTEON:
2144 case CPU_CAVIUM_OCTEON_PLUS:
2145 case CPU_CAVIUM_OCTEON2:
2146 break;
2147 }
2148 }
2149
2150 /* Examine entrylo 0 or 1 based on ptr. */
2151 if (use_bbit_insns()) {
2152 uasm_i_bbit0(&p, wr.r2, ilog2(sizeof(pte_t)), 8);
2153 } else {
2154 uasm_i_andi(&p, wr.r3, wr.r2, sizeof(pte_t));
2155 uasm_i_beqz(&p, wr.r3, 8);
2156 }
2157 /* load it in the delay slot*/
2158 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO0);
2159 /* load it if ptr is odd */
2160 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO1);
2161 /*
2162 * If the entryLo (now in wr.r3) is valid (bit 1), RI or
2163 * XI must have triggered it.
2164 */
2165 if (use_bbit_insns()) {
2166 uasm_il_bbit1(&p, &r, wr.r3, 1, label_nopage_tlbl);
2167 uasm_i_nop(&p);
2168 uasm_l_tlbl_goaround1(&l, p);
2169 } else {
2170 uasm_i_andi(&p, wr.r3, wr.r3, 2);
2171 uasm_il_bnez(&p, &r, wr.r3, label_nopage_tlbl);
2172 uasm_i_nop(&p);
2173 }
2174 uasm_l_tlbl_goaround1(&l, p);
2175 }
2176 build_make_valid(&p, &r, wr.r1, wr.r2, wr.r3);
2177 build_r4000_tlbchange_handler_tail(&p, &l, &r, wr.r1, wr.r2);
2178
2179 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
2180 /*
2181 * This is the entry point when build_r4000_tlbchange_handler_head
2182 * spots a huge page.
2183 */
2184 uasm_l_tlb_huge_update(&l, p);
2185 iPTE_LW(&p, wr.r1, wr.r2);
2186 build_pte_present(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbl);
2187 build_tlb_probe_entry(&p);
2188
2189 if (cpu_has_rixi && !cpu_has_rixiex) {
2190 /*
2191 * If the page is not _PAGE_VALID, RI or XI could not
2192 * have triggered it. Skip the expensive test..
2193 */
2194 if (use_bbit_insns()) {
2195 uasm_il_bbit0(&p, &r, wr.r1, ilog2(_PAGE_VALID),
2196 label_tlbl_goaround2);
2197 } else {
2198 uasm_i_andi(&p, wr.r3, wr.r1, _PAGE_VALID);
2199 uasm_il_beqz(&p, &r, wr.r3, label_tlbl_goaround2);
2200 }
2201 uasm_i_nop(&p);
2202
2203 /*
2204 * Warn if something may race with us & replace the TLB entry
2205 * before we read it here. Everything with such races should
2206 * also have dedicated RiXi exception handlers, so this
2207 * shouldn't be hit.
2208 */
2209 WARN(cpu_has_tlbex_tlbp_race(), "Unhandled race in RiXi path");
2210
2211 uasm_i_tlbr(&p);
2212
2213 switch (current_cpu_type()) {
2214 default:
2215 if (cpu_has_mips_r2_exec_hazard) {
2216 uasm_i_ehb(&p);
2217
2218 case CPU_CAVIUM_OCTEON:
2219 case CPU_CAVIUM_OCTEON_PLUS:
2220 case CPU_CAVIUM_OCTEON2:
2221 break;
2222 }
2223 }
2224
2225 /* Examine entrylo 0 or 1 based on ptr. */
2226 if (use_bbit_insns()) {
2227 uasm_i_bbit0(&p, wr.r2, ilog2(sizeof(pte_t)), 8);
2228 } else {
2229 uasm_i_andi(&p, wr.r3, wr.r2, sizeof(pte_t));
2230 uasm_i_beqz(&p, wr.r3, 8);
2231 }
2232 /* load it in the delay slot*/
2233 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO0);
2234 /* load it if ptr is odd */
2235 UASM_i_MFC0(&p, wr.r3, C0_ENTRYLO1);
2236 /*
2237 * If the entryLo (now in wr.r3) is valid (bit 1), RI or
2238 * XI must have triggered it.
2239 */
2240 if (use_bbit_insns()) {
2241 uasm_il_bbit0(&p, &r, wr.r3, 1, label_tlbl_goaround2);
2242 } else {
2243 uasm_i_andi(&p, wr.r3, wr.r3, 2);
2244 uasm_il_beqz(&p, &r, wr.r3, label_tlbl_goaround2);
2245 }
2246 if (PM_DEFAULT_MASK == 0)
2247 uasm_i_nop(&p);
2248 /*
2249 * We clobbered C0_PAGEMASK, restore it. On the other branch
2250 * it is restored in build_huge_tlb_write_entry.
2251 */
2252 build_restore_pagemask(&p, &r, wr.r3, label_nopage_tlbl, 0);
2253
2254 uasm_l_tlbl_goaround2(&l, p);
2255 }
2256 uasm_i_ori(&p, wr.r1, wr.r1, (_PAGE_ACCESSED | _PAGE_VALID));
2257 build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
2258 #endif
2259
2260 uasm_l_nopage_tlbl(&l, p);
2261 build_restore_work_registers(&p);
2262 #ifdef CONFIG_CPU_MICROMIPS
2263 if ((unsigned long)tlb_do_page_fault_0 & 1) {
2264 uasm_i_lui(&p, K0, uasm_rel_hi((long)tlb_do_page_fault_0));
2265 uasm_i_addiu(&p, K0, K0, uasm_rel_lo((long)tlb_do_page_fault_0));
2266 uasm_i_jr(&p, K0);
2267 } else
2268 #endif
2269 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_0 & 0x0fffffff);
2270 uasm_i_nop(&p);
2271
2272 if (p >= (u32 *)handle_tlbl_end)
2273 panic("TLB load handler fastpath space exceeded");
2274
2275 uasm_resolve_relocs(relocs, labels);
2276 pr_debug("Wrote TLB load handler fastpath (%u instructions).\n",
2277 (unsigned int)(p - (u32 *)handle_tlbl));
2278
2279 dump_handler("r4000_tlb_load", handle_tlbl, handle_tlbl_end);
2280 }
2281
2282 static void build_r4000_tlb_store_handler(void)
2283 {
2284 u32 *p = (u32 *)msk_isa16_mode((ulong)handle_tlbs);
2285 struct uasm_label *l = labels;
2286 struct uasm_reloc *r = relocs;
2287 struct work_registers wr;
2288
2289 memset(p, 0, handle_tlbs_end - (char *)p);
2290 memset(labels, 0, sizeof(labels));
2291 memset(relocs, 0, sizeof(relocs));
2292
2293 wr = build_r4000_tlbchange_handler_head(&p, &l, &r);
2294 build_pte_writable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbs);
2295 if (m4kc_tlbp_war())
2296 build_tlb_probe_entry(&p);
2297 build_make_write(&p, &r, wr.r1, wr.r2, wr.r3);
2298 build_r4000_tlbchange_handler_tail(&p, &l, &r, wr.r1, wr.r2);
2299
2300 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
2301 /*
2302 * This is the entry point when
2303 * build_r4000_tlbchange_handler_head spots a huge page.
2304 */
2305 uasm_l_tlb_huge_update(&l, p);
2306 iPTE_LW(&p, wr.r1, wr.r2);
2307 build_pte_writable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbs);
2308 build_tlb_probe_entry(&p);
2309 uasm_i_ori(&p, wr.r1, wr.r1,
2310 _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
2311 build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
2312 #endif
2313
2314 uasm_l_nopage_tlbs(&l, p);
2315 build_restore_work_registers(&p);
2316 #ifdef CONFIG_CPU_MICROMIPS
2317 if ((unsigned long)tlb_do_page_fault_1 & 1) {
2318 uasm_i_lui(&p, K0, uasm_rel_hi((long)tlb_do_page_fault_1));
2319 uasm_i_addiu(&p, K0, K0, uasm_rel_lo((long)tlb_do_page_fault_1));
2320 uasm_i_jr(&p, K0);
2321 } else
2322 #endif
2323 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff);
2324 uasm_i_nop(&p);
2325
2326 if (p >= (u32 *)handle_tlbs_end)
2327 panic("TLB store handler fastpath space exceeded");
2328
2329 uasm_resolve_relocs(relocs, labels);
2330 pr_debug("Wrote TLB store handler fastpath (%u instructions).\n",
2331 (unsigned int)(p - (u32 *)handle_tlbs));
2332
2333 dump_handler("r4000_tlb_store", handle_tlbs, handle_tlbs_end);
2334 }
2335
2336 static void build_r4000_tlb_modify_handler(void)
2337 {
2338 u32 *p = (u32 *)msk_isa16_mode((ulong)handle_tlbm);
2339 struct uasm_label *l = labels;
2340 struct uasm_reloc *r = relocs;
2341 struct work_registers wr;
2342
2343 memset(p, 0, handle_tlbm_end - (char *)p);
2344 memset(labels, 0, sizeof(labels));
2345 memset(relocs, 0, sizeof(relocs));
2346
2347 wr = build_r4000_tlbchange_handler_head(&p, &l, &r);
2348 build_pte_modifiable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbm);
2349 if (m4kc_tlbp_war())
2350 build_tlb_probe_entry(&p);
2351 /* Present and writable bits set, set accessed and dirty bits. */
2352 build_make_write(&p, &r, wr.r1, wr.r2, wr.r3);
2353 build_r4000_tlbchange_handler_tail(&p, &l, &r, wr.r1, wr.r2);
2354
2355 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
2356 /*
2357 * This is the entry point when
2358 * build_r4000_tlbchange_handler_head spots a huge page.
2359 */
2360 uasm_l_tlb_huge_update(&l, p);
2361 iPTE_LW(&p, wr.r1, wr.r2);
2362 build_pte_modifiable(&p, &r, wr.r1, wr.r2, wr.r3, label_nopage_tlbm);
2363 build_tlb_probe_entry(&p);
2364 uasm_i_ori(&p, wr.r1, wr.r1,
2365 _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
2366 build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 0);
2367 #endif
2368
2369 uasm_l_nopage_tlbm(&l, p);
2370 build_restore_work_registers(&p);
2371 #ifdef CONFIG_CPU_MICROMIPS
2372 if ((unsigned long)tlb_do_page_fault_1 & 1) {
2373 uasm_i_lui(&p, K0, uasm_rel_hi((long)tlb_do_page_fault_1));
2374 uasm_i_addiu(&p, K0, K0, uasm_rel_lo((long)tlb_do_page_fault_1));
2375 uasm_i_jr(&p, K0);
2376 } else
2377 #endif
2378 uasm_i_j(&p, (unsigned long)tlb_do_page_fault_1 & 0x0fffffff);
2379 uasm_i_nop(&p);
2380
2381 if (p >= (u32 *)handle_tlbm_end)
2382 panic("TLB modify handler fastpath space exceeded");
2383
2384 uasm_resolve_relocs(relocs, labels);
2385 pr_debug("Wrote TLB modify handler fastpath (%u instructions).\n",
2386 (unsigned int)(p - (u32 *)handle_tlbm));
2387
2388 dump_handler("r4000_tlb_modify", handle_tlbm, handle_tlbm_end);
2389 }
2390
2391 static void flush_tlb_handlers(void)
2392 {
2393 local_flush_icache_range((unsigned long)handle_tlbl,
2394 (unsigned long)handle_tlbl_end);
2395 local_flush_icache_range((unsigned long)handle_tlbs,
2396 (unsigned long)handle_tlbs_end);
2397 local_flush_icache_range((unsigned long)handle_tlbm,
2398 (unsigned long)handle_tlbm_end);
2399 local_flush_icache_range((unsigned long)tlbmiss_handler_setup_pgd,
2400 (unsigned long)tlbmiss_handler_setup_pgd_end);
2401 }
2402
2403 static void print_htw_config(void)
2404 {
2405 unsigned long config;
2406 unsigned int pwctl;
2407 const int field = 2 * sizeof(unsigned long);
2408
2409 config = read_c0_pwfield();
2410 pr_debug("PWField (0x%0*lx): GDI: 0x%02lx UDI: 0x%02lx MDI: 0x%02lx PTI: 0x%02lx PTEI: 0x%02lx\n",
2411 field, config,
2412 (config & MIPS_PWFIELD_GDI_MASK) >> MIPS_PWFIELD_GDI_SHIFT,
2413 (config & MIPS_PWFIELD_UDI_MASK) >> MIPS_PWFIELD_UDI_SHIFT,
2414 (config & MIPS_PWFIELD_MDI_MASK) >> MIPS_PWFIELD_MDI_SHIFT,
2415 (config & MIPS_PWFIELD_PTI_MASK) >> MIPS_PWFIELD_PTI_SHIFT,
2416 (config & MIPS_PWFIELD_PTEI_MASK) >> MIPS_PWFIELD_PTEI_SHIFT);
2417
2418 config = read_c0_pwsize();
2419 pr_debug("PWSize (0x%0*lx): PS: 0x%lx GDW: 0x%02lx UDW: 0x%02lx MDW: 0x%02lx PTW: 0x%02lx PTEW: 0x%02lx\n",
2420 field, config,
2421 (config & MIPS_PWSIZE_PS_MASK) >> MIPS_PWSIZE_PS_SHIFT,
2422 (config & MIPS_PWSIZE_GDW_MASK) >> MIPS_PWSIZE_GDW_SHIFT,
2423 (config & MIPS_PWSIZE_UDW_MASK) >> MIPS_PWSIZE_UDW_SHIFT,
2424 (config & MIPS_PWSIZE_MDW_MASK) >> MIPS_PWSIZE_MDW_SHIFT,
2425 (config & MIPS_PWSIZE_PTW_MASK) >> MIPS_PWSIZE_PTW_SHIFT,
2426 (config & MIPS_PWSIZE_PTEW_MASK) >> MIPS_PWSIZE_PTEW_SHIFT);
2427
2428 pwctl = read_c0_pwctl();
2429 pr_debug("PWCtl (0x%x): PWEn: 0x%x XK: 0x%x XS: 0x%x XU: 0x%x DPH: 0x%x HugePg: 0x%x Psn: 0x%x\n",
2430 pwctl,
2431 (pwctl & MIPS_PWCTL_PWEN_MASK) >> MIPS_PWCTL_PWEN_SHIFT,
2432 (pwctl & MIPS_PWCTL_XK_MASK) >> MIPS_PWCTL_XK_SHIFT,
2433 (pwctl & MIPS_PWCTL_XS_MASK) >> MIPS_PWCTL_XS_SHIFT,
2434 (pwctl & MIPS_PWCTL_XU_MASK) >> MIPS_PWCTL_XU_SHIFT,
2435 (pwctl & MIPS_PWCTL_DPH_MASK) >> MIPS_PWCTL_DPH_SHIFT,
2436 (pwctl & MIPS_PWCTL_HUGEPG_MASK) >> MIPS_PWCTL_HUGEPG_SHIFT,
2437 (pwctl & MIPS_PWCTL_PSN_MASK) >> MIPS_PWCTL_PSN_SHIFT);
2438 }
2439
2440 static void config_htw_params(void)
2441 {
2442 unsigned long pwfield, pwsize, ptei;
2443 unsigned int config;
2444
2445 /*
2446 * We are using 2-level page tables, so we only need to
2447 * setup GDW and PTW appropriately. UDW and MDW will remain 0.
2448 * The default value of GDI/UDI/MDI/PTI is 0xc. It is illegal to
2449 * write values less than 0xc in these fields because the entire
2450 * write will be dropped. As a result of which, we must preserve
2451 * the original reset values and overwrite only what we really want.
2452 */
2453
2454 pwfield = read_c0_pwfield();
2455 /* re-initialize the GDI field */
2456 pwfield &= ~MIPS_PWFIELD_GDI_MASK;
2457 pwfield |= PGDIR_SHIFT << MIPS_PWFIELD_GDI_SHIFT;
2458 /* re-initialize the PTI field including the even/odd bit */
2459 pwfield &= ~MIPS_PWFIELD_PTI_MASK;
2460 pwfield |= PAGE_SHIFT << MIPS_PWFIELD_PTI_SHIFT;
2461 if (CONFIG_PGTABLE_LEVELS >= 3) {
2462 pwfield &= ~MIPS_PWFIELD_MDI_MASK;
2463 pwfield |= PMD_SHIFT << MIPS_PWFIELD_MDI_SHIFT;
2464 }
2465 /* Set the PTEI right shift */
2466 ptei = _PAGE_GLOBAL_SHIFT << MIPS_PWFIELD_PTEI_SHIFT;
2467 pwfield |= ptei;
2468 write_c0_pwfield(pwfield);
2469 /* Check whether the PTEI value is supported */
2470 back_to_back_c0_hazard();
2471 pwfield = read_c0_pwfield();
2472 if (((pwfield & MIPS_PWFIELD_PTEI_MASK) << MIPS_PWFIELD_PTEI_SHIFT)
2473 != ptei) {
2474 pr_warn("Unsupported PTEI field value: 0x%lx. HTW will not be enabled",
2475 ptei);
2476 /*
2477 * Drop option to avoid HTW being enabled via another path
2478 * (eg htw_reset())
2479 */
2480 current_cpu_data.options &= ~MIPS_CPU_HTW;
2481 return;
2482 }
2483
2484 pwsize = ilog2(PTRS_PER_PGD) << MIPS_PWSIZE_GDW_SHIFT;
2485 pwsize |= ilog2(PTRS_PER_PTE) << MIPS_PWSIZE_PTW_SHIFT;
2486 if (CONFIG_PGTABLE_LEVELS >= 3)
2487 pwsize |= ilog2(PTRS_PER_PMD) << MIPS_PWSIZE_MDW_SHIFT;
2488
2489 /* Set pointer size to size of directory pointers */
2490 if (IS_ENABLED(CONFIG_64BIT))
2491 pwsize |= MIPS_PWSIZE_PS_MASK;
2492 /* PTEs may be multiple pointers long (e.g. with XPA) */
2493 pwsize |= ((PTE_T_LOG2 - PGD_T_LOG2) << MIPS_PWSIZE_PTEW_SHIFT)
2494 & MIPS_PWSIZE_PTEW_MASK;
2495
2496 write_c0_pwsize(pwsize);
2497
2498 /* Make sure everything is set before we enable the HTW */
2499 back_to_back_c0_hazard();
2500
2501 /*
2502 * Enable HTW (and only for XUSeg on 64-bit), and disable the rest of
2503 * the pwctl fields.
2504 */
2505 config = 1 << MIPS_PWCTL_PWEN_SHIFT;
2506 if (IS_ENABLED(CONFIG_64BIT))
2507 config |= MIPS_PWCTL_XU_MASK;
2508 write_c0_pwctl(config);
2509 pr_info("Hardware Page Table Walker enabled\n");
2510
2511 print_htw_config();
2512 }
2513
2514 static void config_xpa_params(void)
2515 {
2516 #ifdef CONFIG_XPA
2517 unsigned int pagegrain;
2518
2519 if (mips_xpa_disabled) {
2520 pr_info("Extended Physical Addressing (XPA) disabled\n");
2521 return;
2522 }
2523
2524 pagegrain = read_c0_pagegrain();
2525 write_c0_pagegrain(pagegrain | PG_ELPA);
2526 back_to_back_c0_hazard();
2527 pagegrain = read_c0_pagegrain();
2528
2529 if (pagegrain & PG_ELPA)
2530 pr_info("Extended Physical Addressing (XPA) enabled\n");
2531 else
2532 panic("Extended Physical Addressing (XPA) disabled");
2533 #endif
2534 }
2535
2536 static void check_pabits(void)
2537 {
2538 unsigned long entry;
2539 unsigned pabits, fillbits;
2540
2541 if (!cpu_has_rixi || !_PAGE_NO_EXEC) {
2542 /*
2543 * We'll only be making use of the fact that we can rotate bits
2544 * into the fill if the CPU supports RIXI, so don't bother
2545 * probing this for CPUs which don't.
2546 */
2547 return;
2548 }
2549
2550 write_c0_entrylo0(~0ul);
2551 back_to_back_c0_hazard();
2552 entry = read_c0_entrylo0();
2553
2554 /* clear all non-PFN bits */
2555 entry &= ~((1 << MIPS_ENTRYLO_PFN_SHIFT) - 1);
2556 entry &= ~(MIPS_ENTRYLO_RI | MIPS_ENTRYLO_XI);
2557
2558 /* find a lower bound on PABITS, and upper bound on fill bits */
2559 pabits = fls_long(entry) + 6;
2560 fillbits = max_t(int, (int)BITS_PER_LONG - pabits, 0);
2561
2562 /* minus the RI & XI bits */
2563 fillbits -= min_t(unsigned, fillbits, 2);
2564
2565 if (fillbits >= ilog2(_PAGE_NO_EXEC))
2566 fill_includes_sw_bits = true;
2567
2568 pr_debug("Entry* registers contain %u fill bits\n", fillbits);
2569 }
2570
2571 void build_tlb_refill_handler(void)
2572 {
2573 /*
2574 * The refill handler is generated per-CPU, multi-node systems
2575 * may have local storage for it. The other handlers are only
2576 * needed once.
2577 */
2578 static int run_once = 0;
2579
2580 if (IS_ENABLED(CONFIG_XPA) && !cpu_has_rixi)
2581 panic("Kernels supporting XPA currently require CPUs with RIXI");
2582
2583 output_pgtable_bits_defines();
2584 check_pabits();
2585
2586 #ifdef CONFIG_64BIT
2587 check_for_high_segbits = current_cpu_data.vmbits > (PGDIR_SHIFT + PGD_ORDER + PAGE_SHIFT - 3);
2588 #endif
2589
2590 switch (current_cpu_type()) {
2591 case CPU_R2000:
2592 case CPU_R3000:
2593 case CPU_R3000A:
2594 case CPU_R3081E:
2595 case CPU_TX3912:
2596 case CPU_TX3922:
2597 case CPU_TX3927:
2598 #ifndef CONFIG_MIPS_PGD_C0_CONTEXT
2599 if (cpu_has_local_ebase)
2600 build_r3000_tlb_refill_handler();
2601 if (!run_once) {
2602 if (!cpu_has_local_ebase)
2603 build_r3000_tlb_refill_handler();
2604 build_setup_pgd();
2605 build_r3000_tlb_load_handler();
2606 build_r3000_tlb_store_handler();
2607 build_r3000_tlb_modify_handler();
2608 flush_tlb_handlers();
2609 run_once++;
2610 }
2611 #else
2612 panic("No R3000 TLB refill handler");
2613 #endif
2614 break;
2615
2616 case CPU_R8000:
2617 panic("No R8000 TLB refill handler yet");
2618 break;
2619
2620 default:
2621 if (cpu_has_ldpte)
2622 setup_pw();
2623
2624 if (!run_once) {
2625 scratch_reg = allocate_kscratch();
2626 build_setup_pgd();
2627 build_r4000_tlb_load_handler();
2628 build_r4000_tlb_store_handler();
2629 build_r4000_tlb_modify_handler();
2630 if (cpu_has_ldpte)
2631 build_loongson3_tlb_refill_handler();
2632 else if (!cpu_has_local_ebase)
2633 build_r4000_tlb_refill_handler();
2634 flush_tlb_handlers();
2635 run_once++;
2636 }
2637 if (cpu_has_local_ebase)
2638 build_r4000_tlb_refill_handler();
2639 if (cpu_has_xpa)
2640 config_xpa_params();
2641 if (cpu_has_htw)
2642 config_htw_params();
2643 }
2644 }
Linux with added FPC-III support