1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* 3 * Low level TLB miss handlers for Book3E 4 * 5 * Copyright (C) 2008-2009 6 * Ben. Herrenschmidt (benh@kernel.crashing.org), IBM Corp. 7 */ 8 9 #include <linux/pgtable.h> 10 #include <asm/processor.h> 11 #include <asm/reg.h> 12 #include <asm/page.h> 13 #include <asm/mmu.h> 14 #include <asm/ppc_asm.h> 15 #include <asm/asm-offsets.h> 16 #include <asm/cputable.h> 17 #include <asm/exception-64e.h> 18 #include <asm/ppc-opcode.h> 19 #include <asm/kvm_asm.h> 20 #include <asm/kvm_booke_hv_asm.h> 21 #include <asm/feature-fixups.h> 22 23 #define VPTE_PMD_SHIFT (PTE_INDEX_SIZE) 24 #define VPTE_PUD_SHIFT (VPTE_PMD_SHIFT + PMD_INDEX_SIZE) 25 #define VPTE_PGD_SHIFT (VPTE_PUD_SHIFT + PUD_INDEX_SIZE) 26 #define VPTE_INDEX_SIZE (VPTE_PGD_SHIFT + PGD_INDEX_SIZE) 27 28 /********************************************************************** 29 * * 30 * TLB miss handling for Book3E with a bolted linear mapping * 31 * No virtual page table, no nested TLB misses * 32 * * 33 **********************************************************************/ 34 35 /* 36 * Note that, unlike non-bolted handlers, TLB_EXFRAME is not 37 * modified by the TLB miss handlers themselves, since the TLB miss 38 * handler code will not itself cause a recursive TLB miss. 39 * 40 * TLB_EXFRAME will be modified when crit/mc/debug exceptions are 41 * entered/exited. 42 */ 43 .macro tlb_prolog_bolted intnum addr 44 mtspr SPRN_SPRG_GEN_SCRATCH,r12 45 mfspr r12,SPRN_SPRG_TLB_EXFRAME 46 std r13,EX_TLB_R13(r12) 47 std r10,EX_TLB_R10(r12) 48 mfspr r13,SPRN_SPRG_PACA 49 50 mfcr r10 51 std r11,EX_TLB_R11(r12) 52 #ifdef CONFIG_KVM_BOOKE_HV 53 BEGIN_FTR_SECTION 54 mfspr r11, SPRN_SRR1 55 END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV) 56 #endif 57 DO_KVM \intnum, SPRN_SRR1 58 std r16,EX_TLB_R16(r12) 59 mfspr r16,\addr /* get faulting address */ 60 std r14,EX_TLB_R14(r12) 61 ld r14,PACAPGD(r13) 62 std r15,EX_TLB_R15(r12) 63 std r10,EX_TLB_CR(r12) 64 #ifdef CONFIG_PPC_FSL_BOOK3E 65 START_BTB_FLUSH_SECTION 66 mfspr r11, SPRN_SRR1 67 andi. r10,r11,MSR_PR 68 beq 1f 69 BTB_FLUSH(r10) 70 1: 71 END_BTB_FLUSH_SECTION 72 std r7,EX_TLB_R7(r12) 73 #endif 74 .endm 75 76 .macro tlb_epilog_bolted 77 ld r14,EX_TLB_CR(r12) 78 #ifdef CONFIG_PPC_FSL_BOOK3E 79 ld r7,EX_TLB_R7(r12) 80 #endif 81 ld r10,EX_TLB_R10(r12) 82 ld r11,EX_TLB_R11(r12) 83 ld r13,EX_TLB_R13(r12) 84 mtcr r14 85 ld r14,EX_TLB_R14(r12) 86 ld r15,EX_TLB_R15(r12) 87 ld r16,EX_TLB_R16(r12) 88 mfspr r12,SPRN_SPRG_GEN_SCRATCH 89 .endm 90 91 /* Data TLB miss */ 92 START_EXCEPTION(data_tlb_miss_bolted) 93 tlb_prolog_bolted BOOKE_INTERRUPT_DTLB_MISS SPRN_DEAR 94 95 /* We need _PAGE_PRESENT and _PAGE_ACCESSED set */ 96 97 /* We do the user/kernel test for the PID here along with the RW test 98 */ 99 /* We pre-test some combination of permissions to avoid double 100 * faults: 101 * 102 * We move the ESR:ST bit into the position of _PAGE_BAP_SW in the PTE 103 * ESR_ST is 0x00800000 104 * _PAGE_BAP_SW is 0x00000010 105 * So the shift is >> 19. This tests for supervisor writeability. 106 * If the page happens to be supervisor writeable and not user 107 * writeable, we will take a new fault later, but that should be 108 * a rare enough case. 109 * 110 * We also move ESR_ST in _PAGE_DIRTY position 111 * _PAGE_DIRTY is 0x00001000 so the shift is >> 11 112 * 113 * MAS1 is preset for all we need except for TID that needs to 114 * be cleared for kernel translations 115 */ 116 117 mfspr r11,SPRN_ESR 118 119 srdi r15,r16,60 /* get region */ 120 rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4 121 bne- dtlb_miss_fault_bolted /* Bail if fault addr is invalid */ 122 123 rlwinm r10,r11,32-19,27,27 124 rlwimi r10,r11,32-16,19,19 125 cmpwi r15,0 /* user vs kernel check */ 126 ori r10,r10,_PAGE_PRESENT 127 oris r11,r10,_PAGE_ACCESSED@h 128 129 bne tlb_miss_kernel_bolted 130 131 tlb_miss_common_bolted: 132 /* 133 * This is the guts of the TLB miss handler for bolted-linear. 134 * We are entered with: 135 * 136 * r16 = faulting address 137 * r15 = crap (free to use) 138 * r14 = page table base 139 * r13 = PACA 140 * r11 = PTE permission mask 141 * r10 = crap (free to use) 142 */ 143 rldicl r15,r16,64-PGDIR_SHIFT+3,64-PGD_INDEX_SIZE-3 144 cmpldi cr0,r14,0 145 clrrdi r15,r15,3 146 beq tlb_miss_fault_bolted /* No PGDIR, bail */ 147 148 BEGIN_MMU_FTR_SECTION 149 /* Set the TLB reservation and search for existing entry. Then load 150 * the entry. 151 */ 152 PPC_TLBSRX_DOT(0,R16) 153 ldx r14,r14,r15 /* grab pgd entry */ 154 beq tlb_miss_done_bolted /* tlb exists already, bail */ 155 MMU_FTR_SECTION_ELSE 156 ldx r14,r14,r15 /* grab pgd entry */ 157 ALT_MMU_FTR_SECTION_END_IFSET(MMU_FTR_USE_TLBRSRV) 158 159 rldicl r15,r16,64-PUD_SHIFT+3,64-PUD_INDEX_SIZE-3 160 clrrdi r15,r15,3 161 cmpdi cr0,r14,0 162 bge tlb_miss_fault_bolted /* Bad pgd entry or hugepage; bail */ 163 ldx r14,r14,r15 /* grab pud entry */ 164 165 rldicl r15,r16,64-PMD_SHIFT+3,64-PMD_INDEX_SIZE-3 166 clrrdi r15,r15,3 167 cmpdi cr0,r14,0 168 bge tlb_miss_fault_bolted 169 ldx r14,r14,r15 /* Grab pmd entry */ 170 171 rldicl r15,r16,64-PAGE_SHIFT+3,64-PTE_INDEX_SIZE-3 172 clrrdi r15,r15,3 173 cmpdi cr0,r14,0 174 bge tlb_miss_fault_bolted 175 ldx r14,r14,r15 /* Grab PTE, normal (!huge) page */ 176 177 /* Check if required permissions are met */ 178 andc. r15,r11,r14 179 rldicr r15,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT 180 bne- tlb_miss_fault_bolted 181 182 /* Now we build the MAS: 183 * 184 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG 185 * MAS 1 : Almost fully setup 186 * - PID already updated by caller if necessary 187 * - TSIZE need change if !base page size, not 188 * yet implemented for now 189 * MAS 2 : Defaults not useful, need to be redone 190 * MAS 3+7 : Needs to be done 191 */ 192 clrrdi r11,r16,12 /* Clear low crap in EA */ 193 clrldi r15,r15,12 /* Clear crap at the top */ 194 rlwimi r11,r14,32-19,27,31 /* Insert WIMGE */ 195 rlwimi r15,r14,32-8,22,25 /* Move in U bits */ 196 mtspr SPRN_MAS2,r11 197 andi. r11,r14,_PAGE_DIRTY 198 rlwimi r15,r14,32-2,26,31 /* Move in BAP bits */ 199 200 /* Mask out SW and UW if !DIRTY (XXX optimize this !) */ 201 bne 1f 202 li r11,MAS3_SW|MAS3_UW 203 andc r15,r15,r11 204 1: 205 mtspr SPRN_MAS7_MAS3,r15 206 tlbwe 207 208 tlb_miss_done_bolted: 209 tlb_epilog_bolted 210 rfi 211 212 itlb_miss_kernel_bolted: 213 li r11,_PAGE_PRESENT|_PAGE_BAP_SX /* Base perm */ 214 oris r11,r11,_PAGE_ACCESSED@h 215 tlb_miss_kernel_bolted: 216 mfspr r10,SPRN_MAS1 217 ld r14,PACA_KERNELPGD(r13) 218 cmpldi cr0,r15,8 /* Check for vmalloc region */ 219 rlwinm r10,r10,0,16,1 /* Clear TID */ 220 mtspr SPRN_MAS1,r10 221 beq+ tlb_miss_common_bolted 222 223 tlb_miss_fault_bolted: 224 /* We need to check if it was an instruction miss */ 225 andi. r10,r11,_PAGE_EXEC|_PAGE_BAP_SX 226 bne itlb_miss_fault_bolted 227 dtlb_miss_fault_bolted: 228 tlb_epilog_bolted 229 b exc_data_storage_book3e 230 itlb_miss_fault_bolted: 231 tlb_epilog_bolted 232 b exc_instruction_storage_book3e 233 234 /* Instruction TLB miss */ 235 START_EXCEPTION(instruction_tlb_miss_bolted) 236 tlb_prolog_bolted BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR0 237 238 rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4 239 srdi r15,r16,60 /* get region */ 240 bne- itlb_miss_fault_bolted 241 242 li r11,_PAGE_PRESENT|_PAGE_EXEC /* Base perm */ 243 244 /* We do the user/kernel test for the PID here along with the RW test 245 */ 246 247 cmpldi cr0,r15,0 /* Check for user region */ 248 oris r11,r11,_PAGE_ACCESSED@h 249 beq tlb_miss_common_bolted 250 b itlb_miss_kernel_bolted 251 252 #ifdef CONFIG_PPC_FSL_BOOK3E 253 /* 254 * TLB miss handling for e6500 and derivatives, using hardware tablewalk. 255 * 256 * Linear mapping is bolted: no virtual page table or nested TLB misses 257 * Indirect entries in TLB1, hardware loads resulting direct entries 258 * into TLB0 259 * No HES or NV hint on TLB1, so we need to do software round-robin 260 * No tlbsrx. so we need a spinlock, and we have to deal 261 * with MAS-damage caused by tlbsx 262 * 4K pages only 263 */ 264 265 START_EXCEPTION(instruction_tlb_miss_e6500) 266 tlb_prolog_bolted BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR0 267 268 ld r11,PACA_TCD_PTR(r13) 269 srdi. r15,r16,60 /* get region */ 270 ori r16,r16,1 271 272 bne tlb_miss_kernel_e6500 /* user/kernel test */ 273 274 b tlb_miss_common_e6500 275 276 START_EXCEPTION(data_tlb_miss_e6500) 277 tlb_prolog_bolted BOOKE_INTERRUPT_DTLB_MISS SPRN_DEAR 278 279 ld r11,PACA_TCD_PTR(r13) 280 srdi. r15,r16,60 /* get region */ 281 rldicr r16,r16,0,62 282 283 bne tlb_miss_kernel_e6500 /* user vs kernel check */ 284 285 /* 286 * This is the guts of the TLB miss handler for e6500 and derivatives. 287 * We are entered with: 288 * 289 * r16 = page of faulting address (low bit 0 if data, 1 if instruction) 290 * r15 = crap (free to use) 291 * r14 = page table base 292 * r13 = PACA 293 * r11 = tlb_per_core ptr 294 * r10 = crap (free to use) 295 * r7 = esel_next 296 */ 297 tlb_miss_common_e6500: 298 crmove cr2*4+2,cr0*4+2 /* cr2.eq != 0 if kernel address */ 299 300 BEGIN_FTR_SECTION /* CPU_FTR_SMT */ 301 /* 302 * Search if we already have an indirect entry for that virtual 303 * address, and if we do, bail out. 304 * 305 * MAS6:IND should be already set based on MAS4 306 */ 307 lhz r10,PACAPACAINDEX(r13) 308 addi r10,r10,1 309 crclr cr1*4+eq /* set cr1.eq = 0 for non-recursive */ 310 1: lbarx r15,0,r11 311 cmpdi r15,0 312 bne 2f 313 stbcx. r10,0,r11 314 bne 1b 315 3: 316 .subsection 1 317 2: cmpd cr1,r15,r10 /* recursive lock due to mcheck/crit/etc? */ 318 beq cr1,3b /* unlock will happen if cr1.eq = 0 */ 319 10: lbz r15,0(r11) 320 cmpdi r15,0 321 bne 10b 322 b 1b 323 .previous 324 END_FTR_SECTION_IFSET(CPU_FTR_SMT) 325 326 lbz r7,TCD_ESEL_NEXT(r11) 327 328 BEGIN_FTR_SECTION /* CPU_FTR_SMT */ 329 /* 330 * Erratum A-008139 says that we can't use tlbwe to change 331 * an indirect entry in any way (including replacing or 332 * invalidating) if the other thread could be in the process 333 * of a lookup. The workaround is to invalidate the entry 334 * with tlbilx before overwriting. 335 */ 336 337 rlwinm r10,r7,16,0xff0000 338 oris r10,r10,MAS0_TLBSEL(1)@h 339 mtspr SPRN_MAS0,r10 340 isync 341 tlbre 342 mfspr r15,SPRN_MAS1 343 andis. r15,r15,MAS1_VALID@h 344 beq 5f 345 346 BEGIN_FTR_SECTION_NESTED(532) 347 mfspr r10,SPRN_MAS8 348 rlwinm r10,r10,0,0x80000fff /* tgs,tlpid -> sgs,slpid */ 349 mtspr SPRN_MAS5,r10 350 END_FTR_SECTION_NESTED(CPU_FTR_EMB_HV,CPU_FTR_EMB_HV,532) 351 352 mfspr r10,SPRN_MAS1 353 rlwinm r15,r10,0,0x3fff0000 /* tid -> spid */ 354 rlwimi r15,r10,20,0x00000003 /* ind,ts -> sind,sas */ 355 mfspr r10,SPRN_MAS6 356 mtspr SPRN_MAS6,r15 357 358 mfspr r15,SPRN_MAS2 359 isync 360 tlbilxva 0,r15 361 isync 362 363 mtspr SPRN_MAS6,r10 364 365 5: 366 BEGIN_FTR_SECTION_NESTED(532) 367 li r10,0 368 mtspr SPRN_MAS8,r10 369 mtspr SPRN_MAS5,r10 370 END_FTR_SECTION_NESTED(CPU_FTR_EMB_HV,CPU_FTR_EMB_HV,532) 371 372 tlbsx 0,r16 373 mfspr r10,SPRN_MAS1 374 andis. r15,r10,MAS1_VALID@h 375 bne tlb_miss_done_e6500 376 FTR_SECTION_ELSE 377 mfspr r10,SPRN_MAS1 378 ALT_FTR_SECTION_END_IFSET(CPU_FTR_SMT) 379 380 oris r10,r10,MAS1_VALID@h 381 beq cr2,4f 382 rlwinm r10,r10,0,16,1 /* Clear TID */ 383 4: mtspr SPRN_MAS1,r10 384 385 /* Now, we need to walk the page tables. First check if we are in 386 * range. 387 */ 388 rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4 389 bne- tlb_miss_fault_e6500 390 391 rldicl r15,r16,64-PGDIR_SHIFT+3,64-PGD_INDEX_SIZE-3 392 cmpldi cr0,r14,0 393 clrrdi r15,r15,3 394 beq- tlb_miss_fault_e6500 /* No PGDIR, bail */ 395 ldx r14,r14,r15 /* grab pgd entry */ 396 397 rldicl r15,r16,64-PUD_SHIFT+3,64-PUD_INDEX_SIZE-3 398 clrrdi r15,r15,3 399 cmpdi cr0,r14,0 400 bge tlb_miss_huge_e6500 /* Bad pgd entry or hugepage; bail */ 401 ldx r14,r14,r15 /* grab pud entry */ 402 403 rldicl r15,r16,64-PMD_SHIFT+3,64-PMD_INDEX_SIZE-3 404 clrrdi r15,r15,3 405 cmpdi cr0,r14,0 406 bge tlb_miss_huge_e6500 407 ldx r14,r14,r15 /* Grab pmd entry */ 408 409 mfspr r10,SPRN_MAS0 410 cmpdi cr0,r14,0 411 bge tlb_miss_huge_e6500 412 413 /* Now we build the MAS for a 2M indirect page: 414 * 415 * MAS 0 : ESEL needs to be filled by software round-robin 416 * MAS 1 : Fully set up 417 * - PID already updated by caller if necessary 418 * - TSIZE for now is base ind page size always 419 * - TID already cleared if necessary 420 * MAS 2 : Default not 2M-aligned, need to be redone 421 * MAS 3+7 : Needs to be done 422 */ 423 424 ori r14,r14,(BOOK3E_PAGESZ_4K << MAS3_SPSIZE_SHIFT) 425 mtspr SPRN_MAS7_MAS3,r14 426 427 clrrdi r15,r16,21 /* make EA 2M-aligned */ 428 mtspr SPRN_MAS2,r15 429 430 tlb_miss_huge_done_e6500: 431 lbz r16,TCD_ESEL_MAX(r11) 432 lbz r14,TCD_ESEL_FIRST(r11) 433 rlwimi r10,r7,16,0x00ff0000 /* insert esel_next into MAS0 */ 434 addi r7,r7,1 /* increment esel_next */ 435 mtspr SPRN_MAS0,r10 436 cmpw r7,r16 437 iseleq r7,r14,r7 /* if next == last use first */ 438 stb r7,TCD_ESEL_NEXT(r11) 439 440 tlbwe 441 442 tlb_miss_done_e6500: 443 .macro tlb_unlock_e6500 444 BEGIN_FTR_SECTION 445 beq cr1,1f /* no unlock if lock was recursively grabbed */ 446 li r15,0 447 isync 448 stb r15,0(r11) 449 1: 450 END_FTR_SECTION_IFSET(CPU_FTR_SMT) 451 .endm 452 453 tlb_unlock_e6500 454 tlb_epilog_bolted 455 rfi 456 457 tlb_miss_huge_e6500: 458 beq tlb_miss_fault_e6500 459 li r10,1 460 andi. r15,r14,HUGEPD_SHIFT_MASK@l /* r15 = psize */ 461 rldimi r14,r10,63,0 /* Set PD_HUGE */ 462 xor r14,r14,r15 /* Clear size bits */ 463 ldx r14,0,r14 464 465 /* 466 * Now we build the MAS for a huge page. 467 * 468 * MAS 0 : ESEL needs to be filled by software round-robin 469 * - can be handled by indirect code 470 * MAS 1 : Need to clear IND and set TSIZE 471 * MAS 2,3+7: Needs to be redone similar to non-tablewalk handler 472 */ 473 474 subi r15,r15,10 /* Convert psize to tsize */ 475 mfspr r10,SPRN_MAS1 476 rlwinm r10,r10,0,~MAS1_IND 477 rlwimi r10,r15,MAS1_TSIZE_SHIFT,MAS1_TSIZE_MASK 478 mtspr SPRN_MAS1,r10 479 480 li r10,-0x400 481 sld r15,r10,r15 /* Generate mask based on size */ 482 and r10,r16,r15 483 rldicr r15,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT 484 rlwimi r10,r14,32-19,27,31 /* Insert WIMGE */ 485 clrldi r15,r15,PAGE_SHIFT /* Clear crap at the top */ 486 rlwimi r15,r14,32-8,22,25 /* Move in U bits */ 487 mtspr SPRN_MAS2,r10 488 andi. r10,r14,_PAGE_DIRTY 489 rlwimi r15,r14,32-2,26,31 /* Move in BAP bits */ 490 491 /* Mask out SW and UW if !DIRTY (XXX optimize this !) */ 492 bne 1f 493 li r10,MAS3_SW|MAS3_UW 494 andc r15,r15,r10 495 1: 496 mtspr SPRN_MAS7_MAS3,r15 497 498 mfspr r10,SPRN_MAS0 499 b tlb_miss_huge_done_e6500 500 501 tlb_miss_kernel_e6500: 502 ld r14,PACA_KERNELPGD(r13) 503 cmpldi cr1,r15,8 /* Check for vmalloc region */ 504 beq+ cr1,tlb_miss_common_e6500 505 506 tlb_miss_fault_e6500: 507 tlb_unlock_e6500 508 /* We need to check if it was an instruction miss */ 509 andi. r16,r16,1 510 bne itlb_miss_fault_e6500 511 dtlb_miss_fault_e6500: 512 tlb_epilog_bolted 513 b exc_data_storage_book3e 514 itlb_miss_fault_e6500: 515 tlb_epilog_bolted 516 b exc_instruction_storage_book3e 517 #endif /* CONFIG_PPC_FSL_BOOK3E */ 518 519 /********************************************************************** 520 * * 521 * TLB miss handling for Book3E with TLB reservation and HES support * 522 * * 523 **********************************************************************/ 524 525 526 /* Data TLB miss */ 527 START_EXCEPTION(data_tlb_miss) 528 TLB_MISS_PROLOG 529 530 /* Now we handle the fault proper. We only save DEAR in normal 531 * fault case since that's the only interesting values here. 532 * We could probably also optimize by not saving SRR0/1 in the 533 * linear mapping case but I'll leave that for later 534 */ 535 mfspr r14,SPRN_ESR 536 mfspr r16,SPRN_DEAR /* get faulting address */ 537 srdi r15,r16,60 /* get region */ 538 cmpldi cr0,r15,0xc /* linear mapping ? */ 539 beq tlb_load_linear /* yes -> go to linear map load */ 540 541 /* The page tables are mapped virtually linear. At this point, though, 542 * we don't know whether we are trying to fault in a first level 543 * virtual address or a virtual page table address. We can get that 544 * from bit 0x1 of the region ID which we have set for a page table 545 */ 546 andi. r10,r15,0x1 547 bne- virt_page_table_tlb_miss 548 549 std r14,EX_TLB_ESR(r12); /* save ESR */ 550 std r16,EX_TLB_DEAR(r12); /* save DEAR */ 551 552 /* We need _PAGE_PRESENT and _PAGE_ACCESSED set */ 553 li r11,_PAGE_PRESENT 554 oris r11,r11,_PAGE_ACCESSED@h 555 556 /* We do the user/kernel test for the PID here along with the RW test 557 */ 558 cmpldi cr0,r15,0 /* Check for user region */ 559 560 /* We pre-test some combination of permissions to avoid double 561 * faults: 562 * 563 * We move the ESR:ST bit into the position of _PAGE_BAP_SW in the PTE 564 * ESR_ST is 0x00800000 565 * _PAGE_BAP_SW is 0x00000010 566 * So the shift is >> 19. This tests for supervisor writeability. 567 * If the page happens to be supervisor writeable and not user 568 * writeable, we will take a new fault later, but that should be 569 * a rare enough case. 570 * 571 * We also move ESR_ST in _PAGE_DIRTY position 572 * _PAGE_DIRTY is 0x00001000 so the shift is >> 11 573 * 574 * MAS1 is preset for all we need except for TID that needs to 575 * be cleared for kernel translations 576 */ 577 rlwimi r11,r14,32-19,27,27 578 rlwimi r11,r14,32-16,19,19 579 beq normal_tlb_miss 580 /* XXX replace the RMW cycles with immediate loads + writes */ 581 1: mfspr r10,SPRN_MAS1 582 cmpldi cr0,r15,8 /* Check for vmalloc region */ 583 rlwinm r10,r10,0,16,1 /* Clear TID */ 584 mtspr SPRN_MAS1,r10 585 beq+ normal_tlb_miss 586 587 /* We got a crappy address, just fault with whatever DEAR and ESR 588 * are here 589 */ 590 TLB_MISS_EPILOG_ERROR 591 b exc_data_storage_book3e 592 593 /* Instruction TLB miss */ 594 START_EXCEPTION(instruction_tlb_miss) 595 TLB_MISS_PROLOG 596 597 /* If we take a recursive fault, the second level handler may need 598 * to know whether we are handling a data or instruction fault in 599 * order to get to the right store fault handler. We provide that 600 * info by writing a crazy value in ESR in our exception frame 601 */ 602 li r14,-1 /* store to exception frame is done later */ 603 604 /* Now we handle the fault proper. We only save DEAR in the non 605 * linear mapping case since we know the linear mapping case will 606 * not re-enter. We could indeed optimize and also not save SRR0/1 607 * in the linear mapping case but I'll leave that for later 608 * 609 * Faulting address is SRR0 which is already in r16 610 */ 611 srdi r15,r16,60 /* get region */ 612 cmpldi cr0,r15,0xc /* linear mapping ? */ 613 beq tlb_load_linear /* yes -> go to linear map load */ 614 615 /* We do the user/kernel test for the PID here along with the RW test 616 */ 617 li r11,_PAGE_PRESENT|_PAGE_EXEC /* Base perm */ 618 oris r11,r11,_PAGE_ACCESSED@h 619 620 cmpldi cr0,r15,0 /* Check for user region */ 621 std r14,EX_TLB_ESR(r12) /* write crazy -1 to frame */ 622 beq normal_tlb_miss 623 624 li r11,_PAGE_PRESENT|_PAGE_BAP_SX /* Base perm */ 625 oris r11,r11,_PAGE_ACCESSED@h 626 /* XXX replace the RMW cycles with immediate loads + writes */ 627 mfspr r10,SPRN_MAS1 628 cmpldi cr0,r15,8 /* Check for vmalloc region */ 629 rlwinm r10,r10,0,16,1 /* Clear TID */ 630 mtspr SPRN_MAS1,r10 631 beq+ normal_tlb_miss 632 633 /* We got a crappy address, just fault */ 634 TLB_MISS_EPILOG_ERROR 635 b exc_instruction_storage_book3e 636 637 /* 638 * This is the guts of the first-level TLB miss handler for direct 639 * misses. We are entered with: 640 * 641 * r16 = faulting address 642 * r15 = region ID 643 * r14 = crap (free to use) 644 * r13 = PACA 645 * r12 = TLB exception frame in PACA 646 * r11 = PTE permission mask 647 * r10 = crap (free to use) 648 */ 649 normal_tlb_miss: 650 /* So we first construct the page table address. We do that by 651 * shifting the bottom of the address (not the region ID) by 652 * PAGE_SHIFT-3, clearing the bottom 3 bits (get a PTE ptr) and 653 * or'ing the fourth high bit. 654 * 655 * NOTE: For 64K pages, we do things slightly differently in 656 * order to handle the weird page table format used by linux 657 */ 658 ori r10,r15,0x1 659 rldicl r14,r16,64-(PAGE_SHIFT-3),PAGE_SHIFT-3+4 660 sldi r15,r10,60 661 clrrdi r14,r14,3 662 or r10,r15,r14 663 664 BEGIN_MMU_FTR_SECTION 665 /* Set the TLB reservation and search for existing entry. Then load 666 * the entry. 667 */ 668 PPC_TLBSRX_DOT(0,R16) 669 ld r14,0(r10) 670 beq normal_tlb_miss_done 671 MMU_FTR_SECTION_ELSE 672 ld r14,0(r10) 673 ALT_MMU_FTR_SECTION_END_IFSET(MMU_FTR_USE_TLBRSRV) 674 675 finish_normal_tlb_miss: 676 /* Check if required permissions are met */ 677 andc. r15,r11,r14 678 bne- normal_tlb_miss_access_fault 679 680 /* Now we build the MAS: 681 * 682 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG 683 * MAS 1 : Almost fully setup 684 * - PID already updated by caller if necessary 685 * - TSIZE need change if !base page size, not 686 * yet implemented for now 687 * MAS 2 : Defaults not useful, need to be redone 688 * MAS 3+7 : Needs to be done 689 * 690 * TODO: mix up code below for better scheduling 691 */ 692 clrrdi r11,r16,12 /* Clear low crap in EA */ 693 rlwimi r11,r14,32-19,27,31 /* Insert WIMGE */ 694 mtspr SPRN_MAS2,r11 695 696 /* Check page size, if not standard, update MAS1 */ 697 rldicl r11,r14,64-8,64-8 698 cmpldi cr0,r11,BOOK3E_PAGESZ_4K 699 beq- 1f 700 mfspr r11,SPRN_MAS1 701 rlwimi r11,r14,31,21,24 702 rlwinm r11,r11,0,21,19 703 mtspr SPRN_MAS1,r11 704 1: 705 /* Move RPN in position */ 706 rldicr r11,r14,64-(PTE_RPN_SHIFT-PAGE_SHIFT),63-PAGE_SHIFT 707 clrldi r15,r11,12 /* Clear crap at the top */ 708 rlwimi r15,r14,32-8,22,25 /* Move in U bits */ 709 rlwimi r15,r14,32-2,26,31 /* Move in BAP bits */ 710 711 /* Mask out SW and UW if !DIRTY (XXX optimize this !) */ 712 andi. r11,r14,_PAGE_DIRTY 713 bne 1f 714 li r11,MAS3_SW|MAS3_UW 715 andc r15,r15,r11 716 1: 717 BEGIN_MMU_FTR_SECTION 718 srdi r16,r15,32 719 mtspr SPRN_MAS3,r15 720 mtspr SPRN_MAS7,r16 721 MMU_FTR_SECTION_ELSE 722 mtspr SPRN_MAS7_MAS3,r15 723 ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) 724 725 tlbwe 726 727 normal_tlb_miss_done: 728 /* We don't bother with restoring DEAR or ESR since we know we are 729 * level 0 and just going back to userland. They are only needed 730 * if you are going to take an access fault 731 */ 732 TLB_MISS_EPILOG_SUCCESS 733 rfi 734 735 normal_tlb_miss_access_fault: 736 /* We need to check if it was an instruction miss */ 737 andi. r10,r11,_PAGE_EXEC 738 bne 1f 739 ld r14,EX_TLB_DEAR(r12) 740 ld r15,EX_TLB_ESR(r12) 741 mtspr SPRN_DEAR,r14 742 mtspr SPRN_ESR,r15 743 TLB_MISS_EPILOG_ERROR 744 b exc_data_storage_book3e 745 1: TLB_MISS_EPILOG_ERROR 746 b exc_instruction_storage_book3e 747 748 749 /* 750 * This is the guts of the second-level TLB miss handler for direct 751 * misses. We are entered with: 752 * 753 * r16 = virtual page table faulting address 754 * r15 = region (top 4 bits of address) 755 * r14 = crap (free to use) 756 * r13 = PACA 757 * r12 = TLB exception frame in PACA 758 * r11 = crap (free to use) 759 * r10 = crap (free to use) 760 * 761 * Note that this should only ever be called as a second level handler 762 * with the current scheme when using SW load. 763 * That means we can always get the original fault DEAR at 764 * EX_TLB_DEAR-EX_TLB_SIZE(r12) 765 * 766 * It can be re-entered by the linear mapping miss handler. However, to 767 * avoid too much complication, it will restart the whole fault at level 768 * 0 so we don't care too much about clobbers 769 * 770 * XXX That code was written back when we couldn't clobber r14. We can now, 771 * so we could probably optimize things a bit 772 */ 773 virt_page_table_tlb_miss: 774 /* Are we hitting a kernel page table ? */ 775 andi. r10,r15,0x8 776 777 /* The cool thing now is that r10 contains 0 for user and 8 for kernel, 778 * and we happen to have the swapper_pg_dir at offset 8 from the user 779 * pgdir in the PACA :-). 780 */ 781 add r11,r10,r13 782 783 /* If kernel, we need to clear MAS1 TID */ 784 beq 1f 785 /* XXX replace the RMW cycles with immediate loads + writes */ 786 mfspr r10,SPRN_MAS1 787 rlwinm r10,r10,0,16,1 /* Clear TID */ 788 mtspr SPRN_MAS1,r10 789 1: 790 BEGIN_MMU_FTR_SECTION 791 /* Search if we already have a TLB entry for that virtual address, and 792 * if we do, bail out. 793 */ 794 PPC_TLBSRX_DOT(0,R16) 795 beq virt_page_table_tlb_miss_done 796 END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_TLBRSRV) 797 798 /* Now, we need to walk the page tables. First check if we are in 799 * range. 800 */ 801 rldicl. r10,r16,64-(VPTE_INDEX_SIZE+3),VPTE_INDEX_SIZE+3+4 802 bne- virt_page_table_tlb_miss_fault 803 804 /* Get the PGD pointer */ 805 ld r15,PACAPGD(r11) 806 cmpldi cr0,r15,0 807 beq- virt_page_table_tlb_miss_fault 808 809 /* Get to PGD entry */ 810 rldicl r11,r16,64-VPTE_PGD_SHIFT,64-PGD_INDEX_SIZE-3 811 clrrdi r10,r11,3 812 ldx r15,r10,r15 813 cmpdi cr0,r15,0 814 bge virt_page_table_tlb_miss_fault 815 816 /* Get to PUD entry */ 817 rldicl r11,r16,64-VPTE_PUD_SHIFT,64-PUD_INDEX_SIZE-3 818 clrrdi r10,r11,3 819 ldx r15,r10,r15 820 cmpdi cr0,r15,0 821 bge virt_page_table_tlb_miss_fault 822 823 /* Get to PMD entry */ 824 rldicl r11,r16,64-VPTE_PMD_SHIFT,64-PMD_INDEX_SIZE-3 825 clrrdi r10,r11,3 826 ldx r15,r10,r15 827 cmpdi cr0,r15,0 828 bge virt_page_table_tlb_miss_fault 829 830 /* Ok, we're all right, we can now create a kernel translation for 831 * a 4K or 64K page from r16 -> r15. 832 */ 833 /* Now we build the MAS: 834 * 835 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG 836 * MAS 1 : Almost fully setup 837 * - PID already updated by caller if necessary 838 * - TSIZE for now is base page size always 839 * MAS 2 : Use defaults 840 * MAS 3+7 : Needs to be done 841 * 842 * So we only do MAS 2 and 3 for now... 843 */ 844 clrldi r11,r15,4 /* remove region ID from RPN */ 845 ori r10,r11,1 /* Or-in SR */ 846 847 BEGIN_MMU_FTR_SECTION 848 srdi r16,r10,32 849 mtspr SPRN_MAS3,r10 850 mtspr SPRN_MAS7,r16 851 MMU_FTR_SECTION_ELSE 852 mtspr SPRN_MAS7_MAS3,r10 853 ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) 854 855 tlbwe 856 857 BEGIN_MMU_FTR_SECTION 858 virt_page_table_tlb_miss_done: 859 860 /* We have overridden MAS2:EPN but currently our primary TLB miss 861 * handler will always restore it so that should not be an issue, 862 * if we ever optimize the primary handler to not write MAS2 on 863 * some cases, we'll have to restore MAS2:EPN here based on the 864 * original fault's DEAR. If we do that we have to modify the 865 * ITLB miss handler to also store SRR0 in the exception frame 866 * as DEAR. 867 * 868 * However, one nasty thing we did is we cleared the reservation 869 * (well, potentially we did). We do a trick here thus if we 870 * are not a level 0 exception (we interrupted the TLB miss) we 871 * offset the return address by -4 in order to replay the tlbsrx 872 * instruction there 873 */ 874 subf r10,r13,r12 875 cmpldi cr0,r10,PACA_EXTLB+EX_TLB_SIZE 876 bne- 1f 877 ld r11,PACA_EXTLB+EX_TLB_SIZE+EX_TLB_SRR0(r13) 878 addi r10,r11,-4 879 std r10,PACA_EXTLB+EX_TLB_SIZE+EX_TLB_SRR0(r13) 880 1: 881 END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_TLBRSRV) 882 /* Return to caller, normal case */ 883 TLB_MISS_EPILOG_SUCCESS 884 rfi 885 886 virt_page_table_tlb_miss_fault: 887 /* If we fault here, things are a little bit tricky. We need to call 888 * either data or instruction store fault, and we need to retrieve 889 * the original fault address and ESR (for data). 890 * 891 * The thing is, we know that in normal circumstances, this is 892 * always called as a second level tlb miss for SW load or as a first 893 * level TLB miss for HW load, so we should be able to peek at the 894 * relevant information in the first exception frame in the PACA. 895 * 896 * However, we do need to double check that, because we may just hit 897 * a stray kernel pointer or a userland attack trying to hit those 898 * areas. If that is the case, we do a data fault. (We can't get here 899 * from an instruction tlb miss anyway). 900 * 901 * Note also that when going to a fault, we must unwind the previous 902 * level as well. Since we are doing that, we don't need to clear or 903 * restore the TLB reservation neither. 904 */ 905 subf r10,r13,r12 906 cmpldi cr0,r10,PACA_EXTLB+EX_TLB_SIZE 907 bne- virt_page_table_tlb_miss_whacko_fault 908 909 /* We dig the original DEAR and ESR from slot 0 */ 910 ld r15,EX_TLB_DEAR+PACA_EXTLB(r13) 911 ld r16,EX_TLB_ESR+PACA_EXTLB(r13) 912 913 /* We check for the "special" ESR value for instruction faults */ 914 cmpdi cr0,r16,-1 915 beq 1f 916 mtspr SPRN_DEAR,r15 917 mtspr SPRN_ESR,r16 918 TLB_MISS_EPILOG_ERROR 919 b exc_data_storage_book3e 920 1: TLB_MISS_EPILOG_ERROR 921 b exc_instruction_storage_book3e 922 923 virt_page_table_tlb_miss_whacko_fault: 924 /* The linear fault will restart everything so ESR and DEAR will 925 * not have been clobbered, let's just fault with what we have 926 */ 927 TLB_MISS_EPILOG_ERROR 928 b exc_data_storage_book3e 929 930 931 /************************************************************** 932 * * 933 * TLB miss handling for Book3E with hw page table support * 934 * * 935 **************************************************************/ 936 937 938 /* Data TLB miss */ 939 START_EXCEPTION(data_tlb_miss_htw) 940 TLB_MISS_PROLOG 941 942 /* Now we handle the fault proper. We only save DEAR in normal 943 * fault case since that's the only interesting values here. 944 * We could probably also optimize by not saving SRR0/1 in the 945 * linear mapping case but I'll leave that for later 946 */ 947 mfspr r14,SPRN_ESR 948 mfspr r16,SPRN_DEAR /* get faulting address */ 949 srdi r11,r16,60 /* get region */ 950 cmpldi cr0,r11,0xc /* linear mapping ? */ 951 beq tlb_load_linear /* yes -> go to linear map load */ 952 953 /* We do the user/kernel test for the PID here along with the RW test 954 */ 955 cmpldi cr0,r11,0 /* Check for user region */ 956 ld r15,PACAPGD(r13) /* Load user pgdir */ 957 beq htw_tlb_miss 958 959 /* XXX replace the RMW cycles with immediate loads + writes */ 960 1: mfspr r10,SPRN_MAS1 961 cmpldi cr0,r11,8 /* Check for vmalloc region */ 962 rlwinm r10,r10,0,16,1 /* Clear TID */ 963 mtspr SPRN_MAS1,r10 964 ld r15,PACA_KERNELPGD(r13) /* Load kernel pgdir */ 965 beq+ htw_tlb_miss 966 967 /* We got a crappy address, just fault with whatever DEAR and ESR 968 * are here 969 */ 970 TLB_MISS_EPILOG_ERROR 971 b exc_data_storage_book3e 972 973 /* Instruction TLB miss */ 974 START_EXCEPTION(instruction_tlb_miss_htw) 975 TLB_MISS_PROLOG 976 977 /* If we take a recursive fault, the second level handler may need 978 * to know whether we are handling a data or instruction fault in 979 * order to get to the right store fault handler. We provide that 980 * info by keeping a crazy value for ESR in r14 981 */ 982 li r14,-1 /* store to exception frame is done later */ 983 984 /* Now we handle the fault proper. We only save DEAR in the non 985 * linear mapping case since we know the linear mapping case will 986 * not re-enter. We could indeed optimize and also not save SRR0/1 987 * in the linear mapping case but I'll leave that for later 988 * 989 * Faulting address is SRR0 which is already in r16 990 */ 991 srdi r11,r16,60 /* get region */ 992 cmpldi cr0,r11,0xc /* linear mapping ? */ 993 beq tlb_load_linear /* yes -> go to linear map load */ 994 995 /* We do the user/kernel test for the PID here along with the RW test 996 */ 997 cmpldi cr0,r11,0 /* Check for user region */ 998 ld r15,PACAPGD(r13) /* Load user pgdir */ 999 beq htw_tlb_miss 1000 1001 /* XXX replace the RMW cycles with immediate loads + writes */ 1002 1: mfspr r10,SPRN_MAS1 1003 cmpldi cr0,r11,8 /* Check for vmalloc region */ 1004 rlwinm r10,r10,0,16,1 /* Clear TID */ 1005 mtspr SPRN_MAS1,r10 1006 ld r15,PACA_KERNELPGD(r13) /* Load kernel pgdir */ 1007 beq+ htw_tlb_miss 1008 1009 /* We got a crappy address, just fault */ 1010 TLB_MISS_EPILOG_ERROR 1011 b exc_instruction_storage_book3e 1012 1013 1014 /* 1015 * This is the guts of the second-level TLB miss handler for direct 1016 * misses. We are entered with: 1017 * 1018 * r16 = virtual page table faulting address 1019 * r15 = PGD pointer 1020 * r14 = ESR 1021 * r13 = PACA 1022 * r12 = TLB exception frame in PACA 1023 * r11 = crap (free to use) 1024 * r10 = crap (free to use) 1025 * 1026 * It can be re-entered by the linear mapping miss handler. However, to 1027 * avoid too much complication, it will save/restore things for us 1028 */ 1029 htw_tlb_miss: 1030 /* Search if we already have a TLB entry for that virtual address, and 1031 * if we do, bail out. 1032 * 1033 * MAS1:IND should be already set based on MAS4 1034 */ 1035 PPC_TLBSRX_DOT(0,R16) 1036 beq htw_tlb_miss_done 1037 1038 /* Now, we need to walk the page tables. First check if we are in 1039 * range. 1040 */ 1041 rldicl. r10,r16,64-PGTABLE_EADDR_SIZE,PGTABLE_EADDR_SIZE+4 1042 bne- htw_tlb_miss_fault 1043 1044 /* Get the PGD pointer */ 1045 cmpldi cr0,r15,0 1046 beq- htw_tlb_miss_fault 1047 1048 /* Get to PGD entry */ 1049 rldicl r11,r16,64-(PGDIR_SHIFT-3),64-PGD_INDEX_SIZE-3 1050 clrrdi r10,r11,3 1051 ldx r15,r10,r15 1052 cmpdi cr0,r15,0 1053 bge htw_tlb_miss_fault 1054 1055 /* Get to PUD entry */ 1056 rldicl r11,r16,64-(PUD_SHIFT-3),64-PUD_INDEX_SIZE-3 1057 clrrdi r10,r11,3 1058 ldx r15,r10,r15 1059 cmpdi cr0,r15,0 1060 bge htw_tlb_miss_fault 1061 1062 /* Get to PMD entry */ 1063 rldicl r11,r16,64-(PMD_SHIFT-3),64-PMD_INDEX_SIZE-3 1064 clrrdi r10,r11,3 1065 ldx r15,r10,r15 1066 cmpdi cr0,r15,0 1067 bge htw_tlb_miss_fault 1068 1069 /* Ok, we're all right, we can now create an indirect entry for 1070 * a 1M or 256M page. 1071 * 1072 * The last trick is now that because we use "half" pages for 1073 * the HTW (1M IND is 2K and 256M IND is 32K) we need to account 1074 * for an added LSB bit to the RPN. For 64K pages, there is no 1075 * problem as we already use 32K arrays (half PTE pages), but for 1076 * 4K page we need to extract a bit from the virtual address and 1077 * insert it into the "PA52" bit of the RPN. 1078 */ 1079 rlwimi r15,r16,32-9,20,20 1080 /* Now we build the MAS: 1081 * 1082 * MAS 0 : Fully setup with defaults in MAS4 and TLBnCFG 1083 * MAS 1 : Almost fully setup 1084 * - PID already updated by caller if necessary 1085 * - TSIZE for now is base ind page size always 1086 * MAS 2 : Use defaults 1087 * MAS 3+7 : Needs to be done 1088 */ 1089 ori r10,r15,(BOOK3E_PAGESZ_4K << MAS3_SPSIZE_SHIFT) 1090 1091 BEGIN_MMU_FTR_SECTION 1092 srdi r16,r10,32 1093 mtspr SPRN_MAS3,r10 1094 mtspr SPRN_MAS7,r16 1095 MMU_FTR_SECTION_ELSE 1096 mtspr SPRN_MAS7_MAS3,r10 1097 ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) 1098 1099 tlbwe 1100 1101 htw_tlb_miss_done: 1102 /* We don't bother with restoring DEAR or ESR since we know we are 1103 * level 0 and just going back to userland. They are only needed 1104 * if you are going to take an access fault 1105 */ 1106 TLB_MISS_EPILOG_SUCCESS 1107 rfi 1108 1109 htw_tlb_miss_fault: 1110 /* We need to check if it was an instruction miss. We know this 1111 * though because r14 would contain -1 1112 */ 1113 cmpdi cr0,r14,-1 1114 beq 1f 1115 mtspr SPRN_DEAR,r16 1116 mtspr SPRN_ESR,r14 1117 TLB_MISS_EPILOG_ERROR 1118 b exc_data_storage_book3e 1119 1: TLB_MISS_EPILOG_ERROR 1120 b exc_instruction_storage_book3e 1121 1122 /* 1123 * This is the guts of "any" level TLB miss handler for kernel linear 1124 * mapping misses. We are entered with: 1125 * 1126 * 1127 * r16 = faulting address 1128 * r15 = crap (free to use) 1129 * r14 = ESR (data) or -1 (instruction) 1130 * r13 = PACA 1131 * r12 = TLB exception frame in PACA 1132 * r11 = crap (free to use) 1133 * r10 = crap (free to use) 1134 * 1135 * In addition we know that we will not re-enter, so in theory, we could 1136 * use a simpler epilog not restoring SRR0/1 etc.. but we'll do that later. 1137 * 1138 * We also need to be careful about MAS registers here & TLB reservation, 1139 * as we know we'll have clobbered them if we interrupt the main TLB miss 1140 * handlers in which case we probably want to do a full restart at level 1141 * 0 rather than saving / restoring the MAS. 1142 * 1143 * Note: If we care about performance of that core, we can easily shuffle 1144 * a few things around 1145 */ 1146 tlb_load_linear: 1147 /* For now, we assume the linear mapping is contiguous and stops at 1148 * linear_map_top. We also assume the size is a multiple of 1G, thus 1149 * we only use 1G pages for now. That might have to be changed in a 1150 * final implementation, especially when dealing with hypervisors 1151 */ 1152 ld r11,PACATOC(r13) 1153 ld r11,linear_map_top@got(r11) 1154 ld r10,0(r11) 1155 tovirt(10,10) 1156 cmpld cr0,r16,r10 1157 bge tlb_load_linear_fault 1158 1159 /* MAS1 need whole new setup. */ 1160 li r15,(BOOK3E_PAGESZ_1GB<<MAS1_TSIZE_SHIFT) 1161 oris r15,r15,MAS1_VALID@h /* MAS1 needs V and TSIZE */ 1162 mtspr SPRN_MAS1,r15 1163 1164 /* Already somebody there ? */ 1165 PPC_TLBSRX_DOT(0,R16) 1166 beq tlb_load_linear_done 1167 1168 /* Now we build the remaining MAS. MAS0 and 2 should be fine 1169 * with their defaults, which leaves us with MAS 3 and 7. The 1170 * mapping is linear, so we just take the address, clear the 1171 * region bits, and or in the permission bits which are currently 1172 * hard wired 1173 */ 1174 clrrdi r10,r16,30 /* 1G page index */ 1175 clrldi r10,r10,4 /* clear region bits */ 1176 ori r10,r10,MAS3_SR|MAS3_SW|MAS3_SX 1177 1178 BEGIN_MMU_FTR_SECTION 1179 srdi r16,r10,32 1180 mtspr SPRN_MAS3,r10 1181 mtspr SPRN_MAS7,r16 1182 MMU_FTR_SECTION_ELSE 1183 mtspr SPRN_MAS7_MAS3,r10 1184 ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_USE_PAIRED_MAS) 1185 1186 tlbwe 1187 1188 tlb_load_linear_done: 1189 /* We use the "error" epilog for success as we do want to 1190 * restore to the initial faulting context, whatever it was. 1191 * We do that because we can't resume a fault within a TLB 1192 * miss handler, due to MAS and TLB reservation being clobbered. 1193 */ 1194 TLB_MISS_EPILOG_ERROR 1195 rfi 1196 1197 tlb_load_linear_fault: 1198 /* We keep the DEAR and ESR around, this shouldn't have happened */ 1199 cmpdi cr0,r14,-1 1200 beq 1f 1201 TLB_MISS_EPILOG_ERROR_SPECIAL 1202 b exc_data_storage_book3e 1203 1: TLB_MISS_EPILOG_ERROR_SPECIAL 1204 b exc_instruction_storage_book3e 1205