Vineet Gupta | cc562d2 | 2013-01-18 15:12:19 +0530 | [diff] [blame] | 1 | /* |
| 2 | * TLB Exception Handling for ARC |
| 3 | * |
| 4 | * Copyright (C) 2004, 2007-2010, 2011-2012 Synopsys, Inc. (www.synopsys.com) |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or modify |
| 7 | * it under the terms of the GNU General Public License version 2 as |
| 8 | * published by the Free Software Foundation. |
| 9 | * |
| 10 | * Vineetg: April 2011 : |
| 11 | * -MMU v1: moved out legacy code into a seperate file |
| 12 | * -MMU v3: PD{0,1} bits layout changed: They don't overlap anymore, |
| 13 | * helps avoid a shift when preparing PD0 from PTE |
| 14 | * |
| 15 | * Vineetg: July 2009 |
| 16 | * -For MMU V2, we need not do heuristics at the time of commiting a D-TLB |
| 17 | * entry, so that it doesn't knock out it's I-TLB entry |
| 18 | * -Some more fine tuning: |
| 19 | * bmsk instead of add, asl.cc instead of branch, delay slot utilise etc |
| 20 | * |
| 21 | * Vineetg: July 2009 |
| 22 | * -Practically rewrote the I/D TLB Miss handlers |
| 23 | * Now 40 and 135 instructions a peice as compared to 131 and 449 resp. |
| 24 | * Hence Leaner by 1.5 K |
| 25 | * Used Conditional arithmetic to replace excessive branching |
| 26 | * Also used short instructions wherever possible |
| 27 | * |
| 28 | * Vineetg: Aug 13th 2008 |
| 29 | * -Passing ECR (Exception Cause REG) to do_page_fault( ) for printing |
| 30 | * more information in case of a Fatality |
| 31 | * |
| 32 | * Vineetg: March 25th Bug #92690 |
| 33 | * -Added Debug Code to check if sw-ASID == hw-ASID |
| 34 | |
| 35 | * Rahul Trivedi, Amit Bhor: Codito Technologies 2004 |
| 36 | */ |
| 37 | |
| 38 | .cpu A7 |
| 39 | |
| 40 | #include <linux/linkage.h> |
| 41 | #include <asm/entry.h> |
| 42 | #include <asm/tlb.h> |
| 43 | #include <asm/pgtable.h> |
| 44 | #include <asm/arcregs.h> |
| 45 | #include <asm/cache.h> |
| 46 | #include <asm/processor.h> |
| 47 | #if (CONFIG_ARC_MMU_VER == 1) |
| 48 | #include <asm/tlb-mmu1.h> |
| 49 | #endif |
| 50 | |
| 51 | ;-------------------------------------------------------------------------- |
| 52 | ; scratch memory to save the registers (r0-r3) used to code TLB refill Handler |
| 53 | ; For details refer to comments before TLBMISS_FREEUP_REGS below |
| 54 | ;-------------------------------------------------------------------------- |
| 55 | |
| 56 | .section .data |
| 57 | .global ex_saved_reg1 |
| 58 | .align 1 << L1_CACHE_SHIFT ; IMP: Must be Cache Line aligned |
| 59 | .type ex_saved_reg1, @object |
Vineet Gupta | 41195d2 | 2013-01-18 15:12:23 +0530 | [diff] [blame] | 60 | #ifdef CONFIG_SMP |
| 61 | .size ex_saved_reg1, (CONFIG_NR_CPUS << L1_CACHE_SHIFT) |
| 62 | ex_saved_reg1: |
| 63 | .zero (CONFIG_NR_CPUS << L1_CACHE_SHIFT) |
| 64 | #else |
Vineet Gupta | cc562d2 | 2013-01-18 15:12:19 +0530 | [diff] [blame] | 65 | .size ex_saved_reg1, 16 |
| 66 | ex_saved_reg1: |
| 67 | .zero 16 |
Vineet Gupta | 41195d2 | 2013-01-18 15:12:23 +0530 | [diff] [blame] | 68 | #endif |
Vineet Gupta | cc562d2 | 2013-01-18 15:12:19 +0530 | [diff] [blame] | 69 | |
| 70 | ;============================================================================ |
| 71 | ; Troubleshooting Stuff |
| 72 | ;============================================================================ |
| 73 | |
| 74 | ; Linux keeps ASID (Address Space ID) in task->active_mm->context.asid |
| 75 | ; When Creating TLB Entries, instead of doing 3 dependent loads from memory, |
| 76 | ; we use the MMU PID Reg to get current ASID. |
| 77 | ; In bizzare scenrios SW and HW ASID can get out-of-sync which is trouble. |
| 78 | ; So we try to detect this in TLB Mis shandler |
| 79 | |
| 80 | |
| 81 | .macro DBG_ASID_MISMATCH |
| 82 | |
| 83 | #ifdef CONFIG_ARC_DBG_TLB_PARANOIA |
| 84 | |
| 85 | ; make sure h/w ASID is same as s/w ASID |
| 86 | |
| 87 | GET_CURR_TASK_ON_CPU r3 |
| 88 | ld r0, [r3, TASK_ACT_MM] |
| 89 | ld r0, [r0, MM_CTXT+MM_CTXT_ASID] |
| 90 | |
| 91 | lr r1, [ARC_REG_PID] |
| 92 | and r1, r1, 0xFF |
| 93 | breq r1, r0, 5f |
| 94 | |
| 95 | ; Error if H/w and S/w ASID don't match, but NOT if in kernel mode |
| 96 | lr r0, [erstatus] |
| 97 | bbit0 r0, STATUS_U_BIT, 5f |
| 98 | |
| 99 | ; We sure are in troubled waters, Flag the error, but to do so |
| 100 | ; need to switch to kernel mode stack to call error routine |
| 101 | GET_TSK_STACK_BASE r3, sp |
| 102 | |
| 103 | ; Call printk to shoutout aloud |
| 104 | mov r0, 1 |
| 105 | j print_asid_mismatch |
| 106 | |
| 107 | 5: ; ASIDs match so proceed normally |
| 108 | nop |
| 109 | |
| 110 | #endif |
| 111 | |
| 112 | .endm |
| 113 | |
| 114 | ;============================================================================ |
| 115 | ;TLB Miss handling Code |
| 116 | ;============================================================================ |
| 117 | |
| 118 | ;----------------------------------------------------------------------------- |
| 119 | ; This macro does the page-table lookup for the faulting address. |
| 120 | ; OUT: r0 = PTE faulted on, r1 = ptr to PTE, r2 = Faulting V-address |
| 121 | .macro LOAD_FAULT_PTE |
| 122 | |
| 123 | lr r2, [efa] |
| 124 | |
Vineet Gupta | 41195d2 | 2013-01-18 15:12:23 +0530 | [diff] [blame] | 125 | #ifndef CONFIG_SMP |
Vineet Gupta | cc562d2 | 2013-01-18 15:12:19 +0530 | [diff] [blame] | 126 | lr r1, [ARC_REG_SCRATCH_DATA0] ; current pgd |
Vineet Gupta | 41195d2 | 2013-01-18 15:12:23 +0530 | [diff] [blame] | 127 | #else |
| 128 | GET_CURR_TASK_ON_CPU r1 |
| 129 | ld r1, [r1, TASK_ACT_MM] |
| 130 | ld r1, [r1, MM_PGD] |
| 131 | #endif |
Vineet Gupta | cc562d2 | 2013-01-18 15:12:19 +0530 | [diff] [blame] | 132 | |
| 133 | lsr r0, r2, PGDIR_SHIFT ; Bits for indexing into PGD |
| 134 | ld.as r1, [r1, r0] ; PGD entry corresp to faulting addr |
| 135 | and.f r1, r1, PAGE_MASK ; Ignoring protection and other flags |
| 136 | ; contains Ptr to Page Table |
| 137 | bz.d do_slow_path_pf ; if no Page Table, do page fault |
| 138 | |
| 139 | ; Get the PTE entry: The idea is |
| 140 | ; (1) x = addr >> PAGE_SHIFT -> masks page-off bits from @fault-addr |
| 141 | ; (2) y = x & (PTRS_PER_PTE - 1) -> to get index |
| 142 | ; (3) z = pgtbl[y] |
| 143 | ; To avoid the multiply by in end, we do the -2, <<2 below |
| 144 | |
| 145 | lsr r0, r2, (PAGE_SHIFT - 2) |
| 146 | and r0, r0, ( (PTRS_PER_PTE - 1) << 2) |
| 147 | ld.aw r0, [r1, r0] ; get PTE and PTE ptr for fault addr |
Vineet Gupta | 0ef88a5 | 2013-01-18 15:12:23 +0530 | [diff] [blame] | 148 | #ifdef CONFIG_ARC_DBG_TLB_MISS_COUNT |
| 149 | and.f 0, r0, _PAGE_PRESENT |
| 150 | bz 1f |
| 151 | ld r2, [num_pte_not_present] |
| 152 | add r2, r2, 1 |
| 153 | st r2, [num_pte_not_present] |
| 154 | 1: |
| 155 | #endif |
Vineet Gupta | cc562d2 | 2013-01-18 15:12:19 +0530 | [diff] [blame] | 156 | |
| 157 | .endm |
| 158 | |
| 159 | ;----------------------------------------------------------------- |
| 160 | ; Convert Linux PTE entry into TLB entry |
| 161 | ; A one-word PTE entry is programmed as two-word TLB Entry [PD0:PD1] in mmu |
| 162 | ; IN: r0 = PTE, r1 = ptr to PTE |
| 163 | |
| 164 | .macro CONV_PTE_TO_TLB |
| 165 | and r3, r0, PTE_BITS_IN_PD1 ; Extract permission flags+PFN from PTE |
| 166 | sr r3, [ARC_REG_TLBPD1] ; these go in PD1 |
| 167 | |
| 168 | and r2, r0, PTE_BITS_IN_PD0 ; Extract other PTE flags: (V)alid, (G)lb |
| 169 | #if (CONFIG_ARC_MMU_VER <= 2) /* Neednot be done with v3 onwards */ |
| 170 | lsr r2, r2 ; shift PTE flags to match layout in PD0 |
| 171 | #endif |
| 172 | |
| 173 | lr r3,[ARC_REG_TLBPD0] ; MMU prepares PD0 with vaddr and asid |
| 174 | |
| 175 | or r3, r3, r2 ; S | vaddr | {sasid|asid} |
| 176 | sr r3,[ARC_REG_TLBPD0] ; rewrite PD0 |
| 177 | .endm |
| 178 | |
| 179 | ;----------------------------------------------------------------- |
| 180 | ; Commit the TLB entry into MMU |
| 181 | |
| 182 | .macro COMMIT_ENTRY_TO_MMU |
| 183 | |
| 184 | /* Get free TLB slot: Set = computed from vaddr, way = random */ |
| 185 | sr TLBGetIndex, [ARC_REG_TLBCOMMAND] |
| 186 | |
| 187 | /* Commit the Write */ |
| 188 | #if (CONFIG_ARC_MMU_VER >= 2) /* introduced in v2 */ |
| 189 | sr TLBWriteNI, [ARC_REG_TLBCOMMAND] |
| 190 | #else |
| 191 | sr TLBWrite, [ARC_REG_TLBCOMMAND] |
| 192 | #endif |
| 193 | .endm |
| 194 | |
| 195 | ;----------------------------------------------------------------- |
| 196 | ; ARC700 Exception Handling doesn't auto-switch stack and it only provides |
| 197 | ; ONE scratch AUX reg "ARC_REG_SCRATCH_DATA0" |
| 198 | ; |
| 199 | ; For Non-SMP, the scratch AUX reg is repurposed to cache task PGD, so a |
| 200 | ; "global" is used to free-up FIRST core reg to be able to code the rest of |
| 201 | ; exception prologue (IRQ auto-disabled on Exceptions, so it's IRQ-safe). |
| 202 | ; Since the Fast Path TLB Miss handler is coded with 4 regs, the remaining 3 |
| 203 | ; need to be saved as well by extending the "global" to be 4 words. Hence |
| 204 | ; ".size ex_saved_reg1, 16" |
| 205 | ; [All of this dance is to avoid stack switching for each TLB Miss, since we |
| 206 | ; only need to save only a handful of regs, as opposed to complete reg file] |
Vineet Gupta | 41195d2 | 2013-01-18 15:12:23 +0530 | [diff] [blame] | 207 | ; |
| 208 | ; For ARC700 SMP, the "global" obviously can't be used for free up the FIRST |
| 209 | ; core reg as it will not be SMP safe. |
| 210 | ; Thus scratch AUX reg is used (and no longer used to cache task PGD). |
| 211 | ; To save the rest of 3 regs - per cpu, the global is made "per-cpu". |
| 212 | ; Epilogue thus has to locate the "per-cpu" storage for regs. |
| 213 | ; To avoid cache line bouncing the per-cpu global is aligned/sized per |
| 214 | ; L1_CACHE_SHIFT, despite fundamentally needing to be 12 bytes only. Hence |
| 215 | ; ".size ex_saved_reg1, (CONFIG_NR_CPUS << L1_CACHE_SHIFT)" |
Vineet Gupta | cc562d2 | 2013-01-18 15:12:19 +0530 | [diff] [blame] | 216 | |
| 217 | ; As simple as that.... |
| 218 | |
| 219 | .macro TLBMISS_FREEUP_REGS |
Vineet Gupta | 41195d2 | 2013-01-18 15:12:23 +0530 | [diff] [blame] | 220 | #ifdef CONFIG_SMP |
| 221 | sr r0, [ARC_REG_SCRATCH_DATA0] ; freeup r0 to code with |
| 222 | GET_CPU_ID r0 ; get to per cpu scratch mem, |
| 223 | lsl r0, r0, L1_CACHE_SHIFT ; cache line wide per cpu |
| 224 | add r0, @ex_saved_reg1, r0 |
| 225 | #else |
Vineet Gupta | cc562d2 | 2013-01-18 15:12:19 +0530 | [diff] [blame] | 226 | st r0, [@ex_saved_reg1] |
| 227 | mov_s r0, @ex_saved_reg1 |
Vineet Gupta | 41195d2 | 2013-01-18 15:12:23 +0530 | [diff] [blame] | 228 | #endif |
Vineet Gupta | cc562d2 | 2013-01-18 15:12:19 +0530 | [diff] [blame] | 229 | st_s r1, [r0, 4] |
| 230 | st_s r2, [r0, 8] |
| 231 | st_s r3, [r0, 12] |
| 232 | |
| 233 | ; VERIFY if the ASID in MMU-PID Reg is same as |
| 234 | ; one in Linux data structures |
| 235 | |
| 236 | DBG_ASID_MISMATCH |
| 237 | .endm |
| 238 | |
| 239 | ;----------------------------------------------------------------- |
| 240 | .macro TLBMISS_RESTORE_REGS |
Vineet Gupta | 41195d2 | 2013-01-18 15:12:23 +0530 | [diff] [blame] | 241 | #ifdef CONFIG_SMP |
| 242 | GET_CPU_ID r0 ; get to per cpu scratch mem |
| 243 | lsl r0, r0, L1_CACHE_SHIFT ; each is cache line wide |
| 244 | add r0, @ex_saved_reg1, r0 |
| 245 | ld_s r3, [r0,12] |
| 246 | ld_s r2, [r0, 8] |
| 247 | ld_s r1, [r0, 4] |
| 248 | lr r0, [ARC_REG_SCRATCH_DATA0] |
| 249 | #else |
Vineet Gupta | cc562d2 | 2013-01-18 15:12:19 +0530 | [diff] [blame] | 250 | mov_s r0, @ex_saved_reg1 |
| 251 | ld_s r3, [r0,12] |
| 252 | ld_s r2, [r0, 8] |
| 253 | ld_s r1, [r0, 4] |
| 254 | ld_s r0, [r0] |
Vineet Gupta | 41195d2 | 2013-01-18 15:12:23 +0530 | [diff] [blame] | 255 | #endif |
Vineet Gupta | cc562d2 | 2013-01-18 15:12:19 +0530 | [diff] [blame] | 256 | .endm |
| 257 | |
| 258 | .section .text, "ax",@progbits ;Fast Path Code, candidate for ICCM |
| 259 | |
| 260 | ;----------------------------------------------------------------------------- |
| 261 | ; I-TLB Miss Exception Handler |
| 262 | ;----------------------------------------------------------------------------- |
| 263 | |
| 264 | ARC_ENTRY EV_TLBMissI |
| 265 | |
| 266 | TLBMISS_FREEUP_REGS |
| 267 | |
Vineet Gupta | 0ef88a5 | 2013-01-18 15:12:23 +0530 | [diff] [blame] | 268 | #ifdef CONFIG_ARC_DBG_TLB_MISS_COUNT |
| 269 | ld r0, [@numitlb] |
| 270 | add r0, r0, 1 |
| 271 | st r0, [@numitlb] |
| 272 | #endif |
| 273 | |
Vineet Gupta | cc562d2 | 2013-01-18 15:12:19 +0530 | [diff] [blame] | 274 | ;---------------------------------------------------------------- |
| 275 | ; Get the PTE corresponding to V-addr accessed |
| 276 | LOAD_FAULT_PTE |
| 277 | |
| 278 | ;---------------------------------------------------------------- |
| 279 | ; VERIFY_PTE: Check if PTE permissions approp for executing code |
| 280 | cmp_s r2, VMALLOC_START |
| 281 | mov.lo r2, (_PAGE_PRESENT | _PAGE_READ | _PAGE_EXECUTE) |
| 282 | mov.hs r2, (_PAGE_PRESENT | _PAGE_K_READ | _PAGE_K_EXECUTE) |
| 283 | |
| 284 | and r3, r0, r2 ; Mask out NON Flag bits from PTE |
| 285 | xor.f r3, r3, r2 ; check ( ( pte & flags_test ) == flags_test ) |
| 286 | bnz do_slow_path_pf |
| 287 | |
| 288 | ; Let Linux VM know that the page was accessed |
| 289 | or r0, r0, (_PAGE_PRESENT | _PAGE_ACCESSED) ; set Accessed Bit |
| 290 | st_s r0, [r1] ; Write back PTE |
| 291 | |
| 292 | CONV_PTE_TO_TLB |
| 293 | COMMIT_ENTRY_TO_MMU |
| 294 | TLBMISS_RESTORE_REGS |
| 295 | rtie |
| 296 | |
| 297 | ARC_EXIT EV_TLBMissI |
| 298 | |
| 299 | ;----------------------------------------------------------------------------- |
| 300 | ; D-TLB Miss Exception Handler |
| 301 | ;----------------------------------------------------------------------------- |
| 302 | |
| 303 | ARC_ENTRY EV_TLBMissD |
| 304 | |
| 305 | TLBMISS_FREEUP_REGS |
| 306 | |
Vineet Gupta | 0ef88a5 | 2013-01-18 15:12:23 +0530 | [diff] [blame] | 307 | #ifdef CONFIG_ARC_DBG_TLB_MISS_COUNT |
| 308 | ld r0, [@numdtlb] |
| 309 | add r0, r0, 1 |
| 310 | st r0, [@numdtlb] |
| 311 | #endif |
| 312 | |
Vineet Gupta | cc562d2 | 2013-01-18 15:12:19 +0530 | [diff] [blame] | 313 | ;---------------------------------------------------------------- |
| 314 | ; Get the PTE corresponding to V-addr accessed |
| 315 | ; If PTE exists, it will setup, r0 = PTE, r1 = Ptr to PTE |
| 316 | LOAD_FAULT_PTE |
| 317 | |
| 318 | ;---------------------------------------------------------------- |
| 319 | ; VERIFY_PTE: Chk if PTE permissions approp for data access (R/W/R+W) |
| 320 | |
| 321 | mov_s r2, 0 |
| 322 | lr r3, [ecr] |
| 323 | btst_s r3, ECR_C_BIT_DTLB_LD_MISS ; Read Access |
| 324 | or.nz r2, r2, _PAGE_READ ; chk for Read flag in PTE |
| 325 | btst_s r3, ECR_C_BIT_DTLB_ST_MISS ; Write Access |
| 326 | or.nz r2, r2, _PAGE_WRITE ; chk for Write flag in PTE |
| 327 | ; Above laddering takes care of XCHG access |
| 328 | ; which is both Read and Write |
| 329 | |
| 330 | ; If kernel mode access, ; make _PAGE_xx flags as _PAGE_K_xx |
| 331 | ; For copy_(to|from)_user, despite exception taken in kernel mode, |
| 332 | ; this code is not hit, because EFA would still be the user mode |
| 333 | ; address (EFA < 0x6000_0000). |
| 334 | ; This code is for legit kernel mode faults, vmalloc specifically |
| 335 | ; (EFA: 0x7000_0000 to 0x7FFF_FFFF) |
| 336 | |
| 337 | lr r3, [efa] |
| 338 | cmp r3, VMALLOC_START - 1 ; If kernel mode access |
| 339 | asl.hi r2, r2, 3 ; make _PAGE_xx flags as _PAGE_K_xx |
| 340 | or r2, r2, _PAGE_PRESENT ; Common flag for K/U mode |
| 341 | |
| 342 | ; By now, r2 setup with all the Flags we need to check in PTE |
| 343 | and r3, r0, r2 ; Mask out NON Flag bits from PTE |
| 344 | brne.d r3, r2, do_slow_path_pf ; is ((pte & flags_test) == flags_test) |
| 345 | |
| 346 | ;---------------------------------------------------------------- |
| 347 | ; UPDATE_PTE: Let Linux VM know that page was accessed/dirty |
| 348 | lr r3, [ecr] |
| 349 | or r0, r0, (_PAGE_PRESENT | _PAGE_ACCESSED) ; Accessed bit always |
| 350 | btst_s r3, ECR_C_BIT_DTLB_ST_MISS ; See if it was a Write Access ? |
| 351 | or.nz r0, r0, _PAGE_MODIFIED ; if Write, set Dirty bit as well |
| 352 | st_s r0, [r1] ; Write back PTE |
| 353 | |
| 354 | CONV_PTE_TO_TLB |
| 355 | |
| 356 | #if (CONFIG_ARC_MMU_VER == 1) |
| 357 | ; MMU with 2 way set assoc J-TLB, needs some help in pathetic case of |
| 358 | ; memcpy where 3 parties contend for 2 ways, ensuing a livelock. |
| 359 | ; But only for old MMU or one with Metal Fix |
| 360 | TLB_WRITE_HEURISTICS |
| 361 | #endif |
| 362 | |
| 363 | COMMIT_ENTRY_TO_MMU |
| 364 | TLBMISS_RESTORE_REGS |
| 365 | rtie |
| 366 | |
| 367 | ;-------- Common routine to call Linux Page Fault Handler ----------- |
| 368 | do_slow_path_pf: |
| 369 | |
| 370 | ; Restore the 4-scratch regs saved by fast path miss handler |
| 371 | TLBMISS_RESTORE_REGS |
| 372 | |
| 373 | ; Slow path TLB Miss handled as a regular ARC Exception |
| 374 | ; (stack switching / save the complete reg-file). |
| 375 | ; That requires freeing up r9 |
| 376 | EXCPN_PROLOG_FREEUP_REG r9 |
| 377 | |
| 378 | lr r9, [erstatus] |
| 379 | |
| 380 | SWITCH_TO_KERNEL_STK |
| 381 | SAVE_ALL_SYS |
| 382 | |
| 383 | ; ------- setup args for Linux Page fault Hanlder --------- |
| 384 | mov_s r0, sp |
| 385 | lr r2, [efa] |
| 386 | lr r3, [ecr] |
| 387 | |
| 388 | ; Both st and ex imply WRITE access of some sort, hence do_page_fault( ) |
| 389 | ; invoked with write=1 for DTLB-st/ex Miss and write=0 for ITLB miss or |
| 390 | ; DTLB-ld Miss |
| 391 | ; DTLB Miss Cause code is ld = 0x01 , st = 0x02, ex = 0x03 |
| 392 | ; Following code uses that fact that st/ex have one bit in common |
| 393 | |
| 394 | btst_s r3, ECR_C_BIT_DTLB_ST_MISS |
| 395 | mov.z r1, 0 |
| 396 | mov.nz r1, 1 |
| 397 | |
| 398 | ; We don't want exceptions to be disabled while the fault is handled. |
| 399 | ; Now that we have saved the context we return from exception hence |
| 400 | ; exceptions get re-enable |
| 401 | |
| 402 | FAKE_RET_FROM_EXCPN r9 |
| 403 | |
| 404 | bl do_page_fault |
| 405 | b ret_from_exception |
| 406 | |
| 407 | ARC_EXIT EV_TLBMissD |
| 408 | |
| 409 | ARC_ENTRY EV_TLBMissB ; Bogus entry to measure sz of DTLBMiss hdlr |