2 * TLB exception handling code for r4k.
4 * Copyright (C) 1994, 1995, 1996 by Ralf Baechle and Andreas Busse
6 * Multi-cpu abstraction and reworking:
7 * Copyright (C) 1996 David S. Miller (dm@engr.sgi.com)
9 * Carsten Langgaard, carstenl@mips.com
10 * Copyright (C) 2000 MIPS Technologies, Inc. All rights reserved.
12 #include <linux/config.h>
13 #include <linux/init.h>
16 #include <asm/current.h>
17 #include <asm/offset.h>
18 #include <asm/cachectl.h>
19 #include <asm/fpregdef.h>
20 #include <asm/mipsregs.h>
22 #include <asm/pgtable-bits.h>
23 #include <asm/processor.h>
24 #include <asm/regdef.h>
25 #include <asm/stackframe.h>
28 #define TLB_OPTIMIZE /* If you are paranoid, disable this. */
30 #ifdef CONFIG_64BIT_PHYS_ADDR
42 #define PTE_PAGE_SIZE (_PAGE_SIZE << _PTE_ORDER)
43 #define PTE_PAGE_SHIFT (_PAGE_SHIFT + _PTE_ORDER)
44 #define PTEP_INDX_MSK ((PTE_PAGE_SIZE - 1) & ~(_PTE_T_SIZE << 1 - 1))
45 #define PTE_INDX_MSK ((PTE_PAGE_SIZE - 1) & ~(_PTE_T_SIZE - 1))
46 #define PTE_INDX_SHIFT (PTE_PAGE_SHIFT - _PTE_T_LOG2)
49 * ABUSE of CPP macros 101.
51 * After this macro runs, the pte faulted on is
52 * in register PTE, a ptr into the table in which
53 * the pte belongs is in PTR.
57 #define GET_PGD(scratch, ptr) \
58 mfc0 ptr, CP0_CONTEXT; \
59 la scratch, pgd_current;\
62 addu ptr, scratch, ptr; \
65 #define GET_PGD(scratch, ptr) \
69 #define LOAD_PTE(pte, ptr) \
71 mfc0 pte, CP0_BADVADDR; \
72 srl pte, pte, _PGDIR_SHIFT; \
73 sll pte, pte, _PGD_T_LOG2; \
75 mfc0 pte, CP0_BADVADDR; \
77 srl pte, pte, PTE_INDX_SHIFT; \
78 and pte, pte, PTE_INDX_MSK; \
82 /* This places the even/odd pte pair in the page
83 * table at PTR into ENTRYLO0 and ENTRYLO1 using
84 * TMP as a scratch register.
86 #define PTE_RELOAD(ptr, tmp) \
87 ori ptr, ptr, _PTE_T_SIZE; \
88 xori ptr, ptr, _PTE_T_SIZE; \
89 PTE_L tmp, _PTE_T_SIZE(ptr); \
91 PTE_SRL tmp, tmp, 6; \
92 P_MTC0 tmp, CP0_ENTRYLO1; \
93 PTE_SRL ptr, ptr, 6; \
94 P_MTC0 ptr, CP0_ENTRYLO0;
96 #define DO_FAULT(write) \
99 mfc0 a2, CP0_BADVADDR; \
105 j ret_from_exception; \
109 /* Check is PTE is present, if not then jump to LABEL.
110 * PTR points to the page table where this PTE is located,
111 * when the macro is done executing PTE will be restored
112 * with it's original value.
114 #define PTE_PRESENT(pte, ptr, label) \
115 andi pte, pte, (_PAGE_PRESENT | _PAGE_READ); \
116 xori pte, pte, (_PAGE_PRESENT | _PAGE_READ); \
120 /* Make PTE valid, store result in PTR. */
121 #define PTE_MAKEVALID(pte, ptr) \
122 ori pte, pte, (_PAGE_VALID | _PAGE_ACCESSED); \
125 /* Check if PTE can be written to, if not branch to LABEL.
126 * Regardless restore PTE with value from PTR when done.
128 #define PTE_WRITABLE(pte, ptr, label) \
129 andi pte, pte, (_PAGE_PRESENT | _PAGE_WRITE); \
130 xori pte, pte, (_PAGE_PRESENT | _PAGE_WRITE); \
134 /* Make PTE writable, update software status bits as well,
137 #define PTE_MAKEWRITE(pte, ptr) \
138 ori pte, pte, (_PAGE_ACCESSED | _PAGE_MODIFIED | \
139 _PAGE_VALID | _PAGE_DIRTY); \
145 * Different for VR41xx because it supports 1k as smallest page size
147 #ifdef CONFIG_CPU_VR41XX
148 #define BASE_VPN_SHIFT 6
150 #define BASE_VPN_SHIFT 4
153 #if (BASE_VPN_SHIFT- PTE_T_LOG2-1) > 0
154 #define GET_PTE_OFF(reg) srl reg, reg, BASE_VPN_SHIFT-_PTE_T_LOG2-1
156 #define GET_PTE_OFF(reg)
161 * These handlers much be written in a relocatable manner
162 * because based upon the cpu type an arbitrary one of the
163 * following pieces of code will be copied to the KSEG0
166 /* TLB refill, EXL == 0, R4xx0, non-R4600 version */
169 LEAF(except_vec0_r4000)
171 GET_PGD(k0, k1) # get pgd pointer
172 mfc0 k0, CP0_BADVADDR # Get faulting address
173 srl k0, k0, _PGDIR_SHIFT # get pgd only bits
174 sll k0, k0, _PGD_T_LOG2
175 addu k1, k1, k0 # add in pgd offset
176 mfc0 k0, CP0_CONTEXT # get context reg
178 GET_PTE_OFF(k0) # get pte offset
179 and k0, k0, PTEP_INDX_MSK
180 addu k1, k1, k0 # add in offset
181 PTE_L k0, 0(k1) # get even pte
182 PTE_L k1, _PTE_T_SIZE(k1) # get odd pte
183 PTE_SRL k0, k0, 6 # convert to entrylo0
184 P_MTC0 k0, CP0_ENTRYLO0 # load it
185 PTE_SRL k1, k1, 6 # convert to entrylo1
186 P_MTC0 k1, CP0_ENTRYLO1 # load it
189 tlbwr # write random tlb entry
193 eret # return from trap
194 END(except_vec0_r4000)
196 /* TLB refill, EXL == 0, R4600 version */
197 LEAF(except_vec0_r4600)
199 GET_PGD(k0, k1) # get pgd pointer
200 mfc0 k0, CP0_BADVADDR
201 srl k0, k0, _PGDIR_SHIFT
202 sll k0, k0, _PGD_T_LOG2
206 GET_PTE_OFF(k0) # get pte offset
207 and k0, k0, PTEP_INDX_MSK
210 PTE_L k1, _PTE_T_SIZE(k1)
212 P_MTC0 k0, CP0_ENTRYLO0
214 P_MTC0 k1, CP0_ENTRYLO1
219 END(except_vec0_r4600)
221 /* TLB refill, EXL == 0, R52x0 "Nevada" version */
223 * This version has a bug workaround for the Nevada. It seems
224 * as if under certain circumstances the move from cp0_context
225 * might produce a bogus result when the mfc0 instruction and
226 * it's consumer are in a different cacheline or a load instruction,
227 * probably any memory reference, is between them. This is
228 * potencially slower than the R4000 version, so we use this
233 LEAF(except_vec0_nevada)
235 mfc0 k0, CP0_BADVADDR # Get faulting address
236 srl k0, k0, _PGDIR_SHIFT # get pgd only bits
237 lw k1, pgd_current # get pgd pointer
238 sll k0, k0, _PGD_T_LOG2
239 addu k1, k1, k0 # add in pgd offset
241 mfc0 k0, CP0_CONTEXT # get context reg
242 GET_PTE_OFF(k0) # get pte offset
243 and k0, k0, PTEP_INDX_MSK
244 addu k1, k1, k0 # add in offset
245 PTE_L k0, 0(k1) # get even pte
246 PTE_L k1, _PTE_T_SIZE(k1) # get odd pte
247 PTE_SRL k0, k0, 6 # convert to entrylo0
248 P_MTC0 k0, CP0_ENTRYLO0 # load it
249 PTE_SRL k1, k1, 6 # convert to entrylo1
250 P_MTC0 k1, CP0_ENTRYLO1 # load it
251 nop # QED specified nops
253 tlbwr # write random tlb entry
254 nop # traditional nop
255 eret # return from trap
256 END(except_vec0_nevada)
258 /* TLB refill, EXL == 0, SB1 with M3 errata handling version */
259 LEAF(except_vec0_sb1)
261 mfc0 k0, CP0_BADVADDR
264 srl k0, k0, PAGE_SHIFT+1
267 GET_PGD(k0, k1) # get pgd pointer
268 mfc0 k0, CP0_BADVADDR # Get faulting address
269 srl k0, k0, _PGDIR_SHIFT # get pgd only bits
270 sll k0, k0, _PGD_T_LOG2
271 addu k1, k1, k0 # add in pgd offset
272 mfc0 k0, CP0_CONTEXT # get context reg
274 GET_PTE_OFF(k0) # get pte offset
275 and k0, k0, PTEP_INDX_MSK
276 addu k1, k1, k0 # add in offset
277 PTE_L k0, 0(k1) # get even pte
278 PTE_L k1, _PTE_T_SIZE(k1) # get odd pte
279 PTE_SRL k0, k0, 6 # convert to entrylo0
280 P_MTC0 k0, CP0_ENTRYLO0 # load it
281 PTE_SRL k1, k1, 6 # convert to entrylo1
282 P_MTC0 k1, CP0_ENTRYLO1 # load it
283 tlbwr # write random tlb entry
284 1: eret # return from trap
287 /* TLB refill, EXL == 0, R4[40]00/R5000 badvaddr hwbug version */
288 LEAF(except_vec0_r45k_bvahwbug)
290 GET_PGD(k0, k1) # get pgd pointer
291 mfc0 k0, CP0_BADVADDR
292 srl k0, k0, _PGDIR_SHIFT
293 sll k0, k0, _PGD_T_LOG2
297 #ifndef CONFIG_64BIT_PHYS_ADDR
300 and k0, k0, PTEP_INDX_MSK
303 PTE_L k1, _PTE_T_SIZE(k1)
307 P_MTC0 k0, CP0_ENTRYLO0
310 P_MTC0 k1, CP0_ENTRYLO1
316 END(except_vec0_r45k_bvahwbug)
319 /* TLB refill, EXL == 0, R4000 MP badvaddr hwbug version */
320 LEAF(except_vec0_r4k_mphwbug)
322 GET_PGD(k0, k1) # get pgd pointer
323 mfc0 k0, CP0_BADVADDR
324 srl k0, k0, _PGDIR_SHIFT
325 sll k0, k0, _PGD_T_LOG2
329 #ifndef CONFIG_64BIT_PHYS_ADDR
332 and k0, k0, PTEP_INDX_MSK
335 PTE_L k1, _PTE_T_SIZE(k1)
339 P_MTC0 k0, CP0_ENTRYLO0
342 P_MTC0 k1, CP0_ENTRYLO1
348 END(except_vec0_r4k_mphwbug)
351 /* TLB refill, EXL == 0, R4000 UP 250MHZ entrylo[01] hwbug version */
352 LEAF(except_vec0_r4k_250MHZhwbug)
354 GET_PGD(k0, k1) # get pgd pointer
355 mfc0 k0, CP0_BADVADDR
356 srl k0, k0, _PGDIR_SHIFT
357 sll k0, k0, _PGD_T_LOG2
361 #ifndef CONFIG_64BIT_PHYS_ADDR
364 and k0, k0, PTEP_INDX_MSK
367 PTE_L k1, _PTE_T_SIZE(k1)
369 P_MTC0 zero, CP0_ENTRYLO0
370 P_MTC0 k0, CP0_ENTRYLO0
372 P_MTC0 zero, CP0_ENTRYLO1
373 P_MTC0 k1, CP0_ENTRYLO1
379 END(except_vec0_r4k_250MHZhwbug)
382 /* TLB refill, EXL == 0, R4000 MP 250MHZ entrylo[01]+badvaddr bug version */
383 LEAF(except_vec0_r4k_MP250MHZhwbug)
385 GET_PGD(k0, k1) # get pgd pointer
386 mfc0 k0, CP0_BADVADDR
387 srl k0, k0, _PGDIR_SHIFT
388 sll k0, k0, _PGD_T_LOG2
392 #ifndef CONFIG_64BIT_PHYS_ADDR
395 and k0, k0, PTEP_INDX_MSK
398 PTE_L k1, _PTE_T_SIZE(k1)
402 P_MTC0 zero, CP0_ENTRYLO0
403 P_MTC0 k0, CP0_ENTRYLO0
406 P_MTC0 zero, CP0_ENTRYLO1
407 P_MTC0 k1, CP0_ENTRYLO1
413 END(except_vec0_r4k_MP250MHZhwbug)
421 * From the IDT errata for the QED RM5230 (Nevada), processor revision 1.0:
422 * 2. A timing hazard exists for the TLBP instruction.
424 * stalling_instruction
427 * The JTLB is being read for the TLBP throughout the stall generated by the
428 * previous instruction. This is not really correct as the stalling instruction
429 * can modify the address used to access the JTLB. The failure symptom is that
430 * the TLBP instruction will use an address created for the stalling instruction
431 * and not the address held in C0_ENHI and thus report the wrong results.
433 * The software work-around is to not allow the instruction preceding the TLBP
434 * to stall - make it an NOP or some other instruction guaranteed not to stall.
436 * Errata 2 will not be fixed. This errata is also on the R5000.
438 * As if we MIPS hackers wouldn't know how to nop pipelines happy ...
440 #define R5K_HAZARD nop
443 * Note for many R4k variants tlb probes cannot be executed out
444 * of the instruction cache else you get bogus results.
447 NESTED(handle_tlbl, PT_SIZE, sp)
450 mfc0 k0, CP0_BADVADDR
453 srl k0, k0, PAGE_SHIFT+1
464 /* Test present bit in entry. */
468 PTE_PRESENT(k0, k1, nopage_tlbl)
469 PTE_MAKEVALID(k0, k1)
488 NESTED(handle_tlbs, PT_SIZE, sp)
495 tlbp # find faulting entry
496 PTE_WRITABLE(k0, k1, nopage_tlbs)
497 PTE_MAKEWRITE(k0, k1)
516 NESTED(handle_mod, PT_SIZE, sp)
522 tlbp # find faulting entry
523 andi k0, k0, _PAGE_WRITE
527 /* Present and writable bits set, set accessed and dirty bits. */
528 PTE_MAKEWRITE(k0, k1)
530 /* Now reload the entry into the tlb. */