1 /* SPDX-License-Identifier: GPL-2.0-or-later */
4 * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
5 * Rewritten by Cort Dougan (cort@cs.nmt.edu) for PReP
6 * Copyright (C) 1996 Cort Dougan <cort@cs.nmt.edu>
7 * Adapted for Power Macintosh by Paul Mackerras.
8 * Low-level exception handlers and MMU support
9 * rewritten by Paul Mackerras.
10 * Copyright (C) 1996 Paul Mackerras.
12 * This file contains low-level assembler routines for managing
13 * the PowerPC MMU hash table. (PPC 8xx processors don't use a
14 * hash table, so this file is not used on them.)
17 #include <linux/export.h>
18 #include <linux/pgtable.h>
19 #include <linux/init.h>
22 #include <asm/cputable.h>
23 #include <asm/ppc_asm.h>
24 #include <asm/thread_info.h>
25 #include <asm/asm-offsets.h>
26 #include <asm/feature-fixups.h>
27 #include <asm/code-patching-asm.h>
29 #ifdef CONFIG_PTE_64BIT
31 #define PTE_FLAGS_OFFSET 4 /* offset of PTE flags, in bytes */
34 #define PTE_FLAGS_OFFSET 0
38 * Load a PTE into the hash table, if possible.
39 * The address is in r4, and r3 contains required access flags:
40 * - For ISI: _PAGE_PRESENT | _PAGE_EXEC
41 * - For DSI: _PAGE_PRESENT | _PAGE_READ | _PAGE_WRITE if a write.
42 * r9 contains the SRR1 value, from which we use the MSR_PR bit.
43 * SPRG_THREAD contains the physical address of the current task's thread.
45 * Returns to the caller if the access is illegal or there is no
46 * mapping for the address. Otherwise it places an appropriate PTE
47 * in the hash table and returns from the exception.
48 * Uses r0, r3 - r6, r8, r10, ctr, lr.
53 lis r8, (mmu_hash_lock - PAGE_OFFSET)@h
54 ori r8, r8, (mmu_hash_lock - PAGE_OFFSET)@l
67 /* Get PTE (linux-style) and check access */
68 lis r0, TASK_SIZE@h /* check if kernel address */
70 mfspr r8,SPRN_SPRG_THREAD /* current task's THREAD (phys) */
71 lwz r5,PGDIR(r8) /* virt page-table root */
72 blt+ 112f /* assume user more likely */
73 lis r5,swapper_pg_dir@ha /* if kernel address, use */
74 andi. r0,r9,MSR_PR /* Check usermode */
75 addi r5,r5,swapper_pg_dir@l /* kernel page table */
77 bne- .Lhash_page_out /* return if usermode */
82 #ifndef CONFIG_PTE_64BIT
83 rlwimi r5,r4,12,20,29 /* insert top 10 bits of address */
84 lwz r8,0(r5) /* get pmd entry */
85 rlwinm. r8,r8,0,0,19 /* extract address of pte page */
87 rlwinm r8,r4,13,19,29 /* Compute pgdir/pmd offset */
88 lwzx r8,r8,r5 /* Get L1 entry */
89 rlwinm. r8,r8,0,0,20 /* extract pt base address */
92 beq- .Lhash_page_out /* return if no mapping */
94 /* XXX it seems like the 601 will give a machine fault on the
95 rfi if its alignment is wrong (bottom 4 bits of address are
96 8 or 0xc) and we have had a not-taken conditional branch
97 to the address following the rfi. */
100 #ifndef CONFIG_PTE_64BIT
101 rlwimi r8,r4,22,20,29 /* insert next 10 bits of address */
103 rlwimi r8,r4,23,20,28 /* compute pte address */
105 * If PTE_64BIT is set, the low word is the flags word; use that
106 * word for locking since it contains all the interesting bits.
108 addi r8,r8,PTE_FLAGS_OFFSET
112 * Update the linux PTE atomically. We do the lwarx up-front
113 * because almost always, there won't be a permission violation
114 * and there won't already be an HPTE, and thus we will have
115 * to update the PTE to set _PAGE_HASHPTE. -- paulus.
118 lwarx r6,0,r8 /* get linux-style pte, flag word */
119 #ifdef CONFIG_PPC_KUAP
121 rlwinm r0,r9,28,_PAGE_WRITE /* MSR[PR] => _PAGE_WRITE */
122 rlwinm r5,r5,12,_PAGE_WRITE /* Ks => _PAGE_WRITE */
123 andc r5,r5,r0 /* Ks & ~MSR[PR] */
124 andc r5,r6,r5 /* Clear _PAGE_WRITE when Ks = 1 && MSR[PR] = 0 */
125 andc. r5,r3,r5 /* check access & ~permission */
127 andc. r5,r3,r6 /* check access & ~permission */
129 rlwinm r0,r3,32-3,24,24 /* _PAGE_WRITE access -> _PAGE_DIRTY */
130 ori r0,r0,_PAGE_ACCESSED|_PAGE_HASHPTE
132 bne- .Lhash_page_out /* return if access not permitted */
136 or r5,r0,r6 /* set accessed/dirty bits */
137 #ifdef CONFIG_PTE_64BIT
139 subf r10,r6,r8 /* create false data dependency */
140 subi r10,r10,PTE_FLAGS_OFFSET
141 lwzx r10,r6,r10 /* Get upper PTE word */
143 lwz r10,-PTE_FLAGS_OFFSET(r8)
144 #endif /* CONFIG_SMP */
145 #endif /* CONFIG_PTE_64BIT */
146 stwcx. r5,0,r8 /* attempt to update PTE */
147 bne- .Lretry /* retry if someone got there first */
149 mfsrin r3,r4 /* get segment reg for segment */
150 bl create_hpte /* add the hash table entry */
154 lis r8, (mmu_hash_lock - PAGE_OFFSET)@ha
156 stw r0, (mmu_hash_lock - PAGE_OFFSET)@l(r8)
158 b fast_hash_page_return
163 lis r8, (mmu_hash_lock - PAGE_OFFSET)@ha
165 stw r0, (mmu_hash_lock - PAGE_OFFSET)@l(r8)
167 #endif /* CONFIG_SMP */
168 _ASM_NOKPROBE_SYMBOL(hash_page)
171 * Add an entry for a particular page to the hash table.
173 * add_hash_page(unsigned context, unsigned long va, unsigned long pmdval)
175 * We assume any necessary modifications to the pte (e.g. setting
176 * the accessed bit) have already been done and that there is actually
177 * a hash table in use (i.e. we're not on a 603).
179 _GLOBAL(add_hash_page)
184 lwz r8,TASK_CPU(r2) /* to go in mmu_hash_lock */
186 #endif /* CONFIG_SMP */
189 * We disable interrupts here, even on UP, because we don't
190 * want to race with hash_page, and because we want the
191 * _PAGE_HASHPTE bit to be a reliable indication of whether
192 * the HPTE exists (or at least whether one did once).
193 * We also turn off the MMU for data accesses so that we
194 * we can't take a hash table miss (assuming the code is
195 * covered by a BAT). -- paulus
198 rlwinm r0,r9,0,17,15 /* clear bit 16 (MSR_EE) */
199 rlwinm r0,r0,0,28,26 /* clear MSR_DR */
204 lis r6, (mmu_hash_lock - PAGE_OFFSET)@ha
205 addi r6, r6, (mmu_hash_lock - PAGE_OFFSET)@l
206 10: lwarx r0,0,r6 /* take the mmu_hash_lock */
219 * Fetch the linux pte and test and set _PAGE_HASHPTE atomically.
220 * If _PAGE_HASHPTE was already set, we don't replace the existing
221 * HPTE, so we just unlock and return.
224 #ifndef CONFIG_PTE_64BIT
225 rlwimi r8,r4,22,20,29
227 rlwimi r8,r4,23,20,28
228 addi r8,r8,PTE_FLAGS_OFFSET
231 andi. r0,r6,_PAGE_HASHPTE
232 bne 9f /* if HASHPTE already set, done */
233 #ifdef CONFIG_PTE_64BIT
235 subf r10,r6,r8 /* create false data dependency */
236 subi r10,r10,PTE_FLAGS_OFFSET
237 lwzx r10,r6,r10 /* Get upper PTE word */
239 lwz r10,-PTE_FLAGS_OFFSET(r8)
240 #endif /* CONFIG_SMP */
241 #endif /* CONFIG_PTE_64BIT */
242 ori r5,r6,_PAGE_HASHPTE
246 /* Convert context and va to VSID */
247 mulli r3,r3,897*16 /* multiply context by context skew */
248 rlwinm r0,r4,4,28,31 /* get ESID (top 4 bits of va) */
249 mulli r0,r0,0x111 /* multiply by ESID skew */
250 add r3,r3,r0 /* note create_hpte trims to 24 bits */
256 lis r6, (mmu_hash_lock - PAGE_OFFSET)@ha
257 addi r6, r6, (mmu_hash_lock - PAGE_OFFSET)@l
260 stw r0,0(r6) /* clear mmu_hash_lock */
263 /* reenable interrupts and DR */
270 _ASM_NOKPROBE_SYMBOL(add_hash_page)
273 * This routine adds a hardware PTE to the hash table.
274 * It is designed to be called with the MMU either on or off.
275 * r3 contains the VSID, r4 contains the virtual address,
276 * r5 contains the linux PTE, r6 contains the old value of the
277 * linux PTE (before setting _PAGE_HASHPTE). r10 contains the
278 * upper half of the PTE if CONFIG_PTE_64BIT.
279 * On SMP, the caller should have the mmu_hash_lock held.
280 * We assume that the caller has (or will) set the _PAGE_HASHPTE
281 * bit in the linux PTE in memory. The value passed in r6 should
282 * be the old linux PTE value; if it doesn't have _PAGE_HASHPTE set
283 * this routine will skip the search for an existing HPTE.
284 * This procedure modifies r0, r3 - r6, r8, cr0.
287 * For speed, 4 of the instructions get patched once the size and
288 * physical address of the hash table are known. These definitions
289 * of Hash_base and Hash_bits below are for the early hash table.
291 Hash_base = early_hash
292 Hash_bits = 12 /* e.g. 256kB hash table */
293 Hash_msk = (((1 << Hash_bits) - 1) * 64)
295 /* defines for the PTE format for 32-bit PPCs */
298 #define LG_PTEG_SIZE 6
304 #define PTE_V 0x80000000
305 #define TST_V(r) rlwinm. r,r,0,0,0
306 #define SET_V(r) oris r,r,PTE_V@h
307 #define CLR_V(r,t) rlwinm r,r,0,1,31
309 #define HASH_LEFT 31-(LG_PTEG_SIZE+Hash_bits-1)
310 #define HASH_RIGHT 31-LG_PTEG_SIZE
314 /* Convert linux-style PTE (r5) to low word of PPC-style PTE (r8) */
316 rlwinm r5,r5,0,~3 /* Clear PP bits */
318 rlwinm r8,r5,32-9,30,30 /* _PAGE_WRITE -> PP msb */
319 rlwinm r0,r5,32-6,30,30 /* _PAGE_DIRTY -> PP msb */
320 and r8,r8,r0 /* writable if _RW & _DIRTY */
321 bge- 1f /* Kernelspace ? Skip */
322 ori r5,r5,3 /* Userspace ? PP = 3 */
323 1: ori r8,r8,0xe04 /* clear out reserved bits */
324 andc r8,r5,r8 /* PP = user? (rw&dirty? 1: 3): 0 */
326 rlwinm r8,r8,0,~_PAGE_COHERENT /* clear M (coherence not required) */
327 END_FTR_SECTION_IFCLR(CPU_FTR_NEED_COHERENT)
328 #ifdef CONFIG_PTE_64BIT
329 /* Put the XPN bits into the PTE */
330 rlwimi r8,r10,8,20,22
331 rlwimi r8,r10,2,29,29
334 /* Construct the high word of the PPC-style PTE (r5) */
335 rlwinm r5,r3,7,1,24 /* put VSID in 0x7fffff80 bits */
336 rlwimi r5,r4,10,26,31 /* put in API (abbrev page index) */
337 SET_V(r5) /* set V (valid) bit */
339 patch_site 0f, patch__hash_page_A0
340 patch_site 1f, patch__hash_page_A1
341 patch_site 2f, patch__hash_page_A2
342 /* Get the address of the primary PTE group in the hash table (r3) */
343 0: lis r0, (Hash_base - PAGE_OFFSET)@h /* base address of hash table */
344 1: rlwimi r0,r3,LG_PTEG_SIZE,HASH_LEFT,HASH_RIGHT /* VSID -> hash */
345 2: rlwinm r3,r4,20+LG_PTEG_SIZE,HASH_LEFT,HASH_RIGHT /* PI -> hash */
346 xor r3,r3,r0 /* make primary hash */
347 li r0,8 /* PTEs/group */
350 * Test the _PAGE_HASHPTE bit in the old linux PTE, and skip the search
351 * if it is clear, meaning that the HPTE isn't there already...
353 andi. r6,r6,_PAGE_HASHPTE
354 beq+ 10f /* no PTE: go look for an empty slot */
357 /* Search the primary PTEG for a PTE whose 1st (d)word matches r5 */
359 addi r4,r3,-HPTE_SIZE
360 1: LDPTEu r6,HPTE_SIZE(r4) /* get next PTE */
362 bdnzf 2,1b /* loop while ctr != 0 && !cr0.eq */
365 patch_site 0f, patch__hash_page_B
366 /* Search the secondary PTEG for a matching PTE */
367 ori r5,r5,PTE_H /* set H (secondary hash) bit */
368 0: xoris r4,r3,Hash_msk>>16 /* compute secondary hash */
369 xori r4,r4,(-PTEG_SIZE & 0xffff)
370 addi r4,r4,-HPTE_SIZE
372 2: LDPTEu r6,HPTE_SIZE(r4)
376 xori r5,r5,PTE_H /* clear H bit again */
378 /* Search the primary PTEG for an empty slot */
380 addi r4,r3,-HPTE_SIZE /* search primary PTEG */
381 1: LDPTEu r6,HPTE_SIZE(r4) /* get next PTE */
382 TST_V(r6) /* test valid bit */
383 bdnzf 2,1b /* loop while ctr != 0 && !cr0.eq */
386 patch_site 0f, patch__hash_page_C
387 /* Search the secondary PTEG for an empty slot */
388 ori r5,r5,PTE_H /* set H (secondary hash) bit */
389 0: xoris r4,r3,Hash_msk>>16 /* compute secondary hash */
390 xori r4,r4,(-PTEG_SIZE & 0xffff)
391 addi r4,r4,-HPTE_SIZE
393 2: LDPTEu r6,HPTE_SIZE(r4)
397 xori r5,r5,PTE_H /* clear H bit again */
400 * Choose an arbitrary slot in the primary PTEG to overwrite.
401 * Since both the primary and secondary PTEGs are full, and we
402 * have no information that the PTEs in the primary PTEG are
403 * more important or useful than those in the secondary PTEG,
404 * and we know there is a definite (although small) speed
405 * advantage to putting the PTE in the primary PTEG, we always
406 * put the PTE in the primary PTEG.
409 lis r4, (next_slot - PAGE_OFFSET)@ha /* get next evict slot */
410 lwz r6, (next_slot - PAGE_OFFSET)@l(r4)
411 addi r6,r6,HPTE_SIZE /* search for candidate */
412 andi. r6,r6,7*HPTE_SIZE
413 stw r6,next_slot@l(r4)
417 /* Store PTE in PTEG */
421 STPTE r8,HPTE_SIZE/2(r4)
423 #else /* CONFIG_SMP */
425 * Between the tlbie above and updating the hash table entry below,
426 * another CPU could read the hash table entry and put it in its TLB.
428 * 1. using an empty slot
429 * 2. updating an earlier entry to change permissions (i.e. enable write)
430 * 3. taking over the PTE for an unrelated address
432 * In each case it doesn't really matter if the other CPUs have the old
433 * PTE in their TLB. So we don't need to bother with another tlbie here,
434 * which is convenient as we've overwritten the register that had the
435 * address. :-) The tlbie above is mainly to make sure that this CPU comes
436 * and gets the new PTE from the hash table.
438 * We do however have to make sure that the PTE is never in an invalid
439 * state with the V bit set.
443 CLR_V(r5,r0) /* clear V (valid) bit in PTE */
447 STPTE r8,HPTE_SIZE/2(r4) /* put in correct RPN, WIMG, PP bits */
450 STPTE r5,0(r4) /* finally set V bit in PTE */
451 #endif /* CONFIG_SMP */
453 sync /* make sure pte updates get to memory */
456 _ASM_NOKPROBE_SYMBOL(create_hpte)
465 * Flush the entry for a particular page from the hash table.
467 * flush_hash_pages(unsigned context, unsigned long va, unsigned long pmdval,
470 * We assume that there is a hash table in use (Hash != 0).
473 _GLOBAL(flush_hash_pages)
475 * We disable interrupts here, even on UP, because we want
476 * the _PAGE_HASHPTE bit to be a reliable indication of
477 * whether the HPTE exists (or at least whether one did once).
478 * We also turn off the MMU for data accesses so that we
479 * we can't take a hash table miss (assuming the code is
480 * covered by a BAT). -- paulus
483 rlwinm r0,r10,0,17,15 /* clear bit 16 (MSR_EE) */
484 rlwinm r0,r0,0,28,26 /* clear MSR_DR */
488 /* First find a PTE in the range that has _PAGE_HASHPTE set */
489 #ifndef CONFIG_PTE_64BIT
490 rlwimi r5,r4,22,20,29
492 rlwimi r5,r4,23,20,28
493 addi r5,r5,PTE_FLAGS_OFFSET
497 andi. r0,r0,_PAGE_HASHPTE
501 addi r5,r5,PTE_T_SIZE
505 /* Convert context and va to VSID */
506 2: mulli r3,r3,897*16 /* multiply context by context skew */
507 rlwinm r0,r4,4,28,31 /* get ESID (top 4 bits of va) */
508 mulli r0,r0,0x111 /* multiply by ESID skew */
509 add r3,r3,r0 /* note code below trims to 24 bits */
511 /* Construct the high word of the PPC-style PTE (r11) */
512 rlwinm r11,r3,7,1,24 /* put VSID in 0x7fffff80 bits */
513 rlwimi r11,r4,10,26,31 /* put in API (abbrev page index) */
514 SET_V(r11) /* set V (valid) bit */
517 lis r9, (mmu_hash_lock - PAGE_OFFSET)@ha
518 addi r9, r9, (mmu_hash_lock - PAGE_OFFSET)@l
535 * Check the _PAGE_HASHPTE bit in the linux PTE. If it is
536 * already clear, we're done (for this pte). If not,
537 * clear it (atomically) and proceed. -- paulus.
539 33: lwarx r8,0,r5 /* fetch the pte flags word */
540 andi. r0,r8,_PAGE_HASHPTE
541 beq 8f /* done if HASHPTE is already clear */
542 rlwinm r8,r8,0,31,29 /* clear HASHPTE bit */
543 stwcx. r8,0,r5 /* update the pte */
546 patch_site 0f, patch__flush_hash_A0
547 patch_site 1f, patch__flush_hash_A1
548 patch_site 2f, patch__flush_hash_A2
549 /* Get the address of the primary PTE group in the hash table (r3) */
550 0: lis r8, (Hash_base - PAGE_OFFSET)@h /* base address of hash table */
551 1: rlwimi r8,r3,LG_PTEG_SIZE,HASH_LEFT,HASH_RIGHT /* VSID -> hash */
552 2: rlwinm r0,r4,20+LG_PTEG_SIZE,HASH_LEFT,HASH_RIGHT /* PI -> hash */
553 xor r8,r0,r8 /* make primary hash */
555 /* Search the primary PTEG for a PTE whose 1st (d)word matches r5 */
556 li r0,8 /* PTEs/group */
558 addi r12,r8,-HPTE_SIZE
559 1: LDPTEu r0,HPTE_SIZE(r12) /* get next PTE */
561 bdnzf 2,1b /* loop while ctr != 0 && !cr0.eq */
564 patch_site 0f, patch__flush_hash_B
565 /* Search the secondary PTEG for a matching PTE */
566 ori r11,r11,PTE_H /* set H (secondary hash) bit */
567 li r0,8 /* PTEs/group */
568 0: xoris r12,r8,Hash_msk>>16 /* compute secondary hash */
569 xori r12,r12,(-PTEG_SIZE & 0xffff)
570 addi r12,r12,-HPTE_SIZE
572 2: LDPTEu r0,HPTE_SIZE(r12)
575 xori r11,r11,PTE_H /* clear H again */
576 bne- 4f /* should rarely fail to find it */
579 STPTE r0,0(r12) /* invalidate entry */
581 tlbie r4 /* in hw tlb too */
584 8: ble cr1,9f /* if all ptes checked */
586 addi r5,r5,PTE_T_SIZE
588 lwz r0,0(r5) /* check next pte */
590 andi. r0,r0,_PAGE_HASHPTE
598 stw r0,0(r9) /* clear mmu_hash_lock */
605 EXPORT_SYMBOL(flush_hash_pages)
606 _ASM_NOKPROBE_SYMBOL(flush_hash_pages)