* [PATCH 0/8] Fix 8xx MMU/TLB.
@ 2009-10-11 16:35 Joakim Tjernlund
  2009-10-11 16:35 ` [PATCH 1/8] 8xx: invalidate non present TLBs Joakim Tjernlund
  2009-10-14 17:23 ` [PATCH 0/8] Fix 8xx MMU/TLB Scott Wood
  0 siblings, 2 replies; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-11 16:35 UTC (permalink / raw)
  To: Benjamin Herrenschmidt, linuxppc-dev@ozlabs.org, Rex Feany,
	Scott Wood
This is the latest batch of mu 8xx MMU/TLB rework.
I think this is complete now and will relax with
other work the next few days. I hope I can get some
testing from Scott and Rex during this time.
Joakim Tjernlund (8):
  8xx: invalidate non present TLBs
  8xx: Update TLB asm so it behaves as linux mm expects.
  8xx: Tag DAR with 0x00f0 to catch buggy instructions.
  8xx: Fixup DAR from buggy dcbX instructions.
  8xx: dcbst sets store bit in DTLB error, workaround.
  8xx: Add missing Guarded setting in DTLB Error.
  8xx: Restore _PAGE_WRITETHRU
  8xx: start using dcbX instructions in various copy routines
 arch/powerpc/include/asm/pte-8xx.h |   14 +-
 arch/powerpc/kernel/head_8xx.S     |  307 ++++++++++++++++++++++++++++++------
 arch/powerpc/kernel/misc_32.S      |   18 --
 arch/powerpc/lib/copy_32.S         |   24 ---
 arch/powerpc/mm/fault.c            |    8 +-
 5 files changed, 269 insertions(+), 102 deletions(-)
^ permalink raw reply	[flat|nested] 37+ messages in thread
* [PATCH 1/8] 8xx: invalidate non present TLBs
  2009-10-11 16:35 [PATCH 0/8] Fix 8xx MMU/TLB Joakim Tjernlund
@ 2009-10-11 16:35 ` Joakim Tjernlund
  2009-10-11 16:35   ` [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects Joakim Tjernlund
  2009-10-14 16:56   ` [PATCH 1/8] 8xx: invalidate non present TLBs Scott Wood
  2009-10-14 17:23 ` [PATCH 0/8] Fix 8xx MMU/TLB Scott Wood
  1 sibling, 2 replies; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-11 16:35 UTC (permalink / raw)
  To: Benjamin Herrenschmidt, linuxppc-dev@ozlabs.org, Rex Feany,
	Scott Wood
8xx sometimes need to load a invalid/non-present TLBs in
it DTLB asm handler.
These must be invalidated separaly as linux mm don't.
---
 arch/powerpc/mm/fault.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index 7699394..72941c7 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -39,7 +39,7 @@
 #include <asm/uaccess.h>
 #include <asm/tlbflush.h>
 #include <asm/siginfo.h>
-
+#include <mm/mmu_decl.h>
 
 #ifdef CONFIG_KPROBES
 static inline int notify_page_fault(struct pt_regs *regs)
@@ -243,6 +243,12 @@ good_area:
 		goto bad_area;
 #endif /* CONFIG_6xx */
 #if defined(CONFIG_8xx)
+	/* 8xx sometimes need to load a invalid/non-present TLBs.
+	 * These must be invalidated separately as linux mm don't.
+	 */
+	if (error_code & 0x40000000) /* no translation? */
+		_tlbil_va(address);
+
         /* The MPC8xx seems to always set 0x80000000, which is
          * "undefined".  Of those that can be set, this is the only
          * one which seems bad.
-- 
1.6.4.4
^ permalink raw reply related	[flat|nested] 37+ messages in thread
* [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects.
  2009-10-11 16:35 ` [PATCH 1/8] 8xx: invalidate non present TLBs Joakim Tjernlund
@ 2009-10-11 16:35   ` Joakim Tjernlund
  2009-10-11 16:35     ` [PATCH 3/8] 8xx: Tag DAR with 0x00f0 to catch buggy instructions Joakim Tjernlund
                       ` (2 more replies)
  2009-10-14 16:56   ` [PATCH 1/8] 8xx: invalidate non present TLBs Scott Wood
  1 sibling, 3 replies; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-11 16:35 UTC (permalink / raw)
  To: Benjamin Herrenschmidt, linuxppc-dev@ozlabs.org, Rex Feany,
	Scott Wood
Update the TLB asm to make proper use of _PAGE_DIRY and _PAGE_ACCESSED.
Get rid of _PAGE_HWWRITE too.
Pros:
 - I/D TLB Miss never needs to write to the linux pte.
 - _PAGE_ACCESSED is only set on TLB Error fixing accounting
 - _PAGE_DIRTY is mapped to 0x100, the changed bit, and is set directly
    when a page has been made dirty.
 - Proper RO/RW mapping of user space.
 - Free up 2 SW TLB bits in the linux pte(add back _PAGE_WRITETHRU ?)
 - Less instructions in I/D TLB Miss.
 - kernel RO/user NA support.
Cons:
 - A few more instructions in the TLB Miss routines.
---
 arch/powerpc/include/asm/pte-8xx.h |   13 ++---
 arch/powerpc/kernel/head_8xx.S     |   99 ++++++++++++++++++-----------------
 2 files changed, 57 insertions(+), 55 deletions(-)
diff --git a/arch/powerpc/include/asm/pte-8xx.h b/arch/powerpc/include/asm/pte-8xx.h
index 8c6e312..f23cd15 100644
--- a/arch/powerpc/include/asm/pte-8xx.h
+++ b/arch/powerpc/include/asm/pte-8xx.h
@@ -32,22 +32,21 @@
 #define _PAGE_FILE	0x0002	/* when !present: nonlinear file mapping */
 #define _PAGE_NO_CACHE	0x0002	/* I: cache inhibit */
 #define _PAGE_SHARED	0x0004	/* No ASID (context) compare */
+#define _PAGE_DIRTY	0x0100	/* C: page changed */
 
-/* These five software bits must be masked out when the entry is loaded
- * into the TLB.
+/* These 3 software bits must be masked out when the entry is loaded
+ * into the TLB, 2 SW bits left.
  */
 #define _PAGE_EXEC	0x0008	/* software: i-cache coherency required */
 #define _PAGE_GUARDED	0x0010	/* software: guarded access */
-#define _PAGE_DIRTY	0x0020	/* software: page changed */
-#define _PAGE_RW	0x0040	/* software: user write access allowed */
-#define _PAGE_ACCESSED	0x0080	/* software: page referenced */
+#define _PAGE_ACCESSED	0x0020	/* software: page referenced */
 
 /* Setting any bits in the nibble with the follow two controls will
  * require a TLB exception handler change.  It is assumed unused bits
  * are always zero.
  */
-#define _PAGE_HWWRITE	0x0100	/* h/w write enable: never set in Linux PTE */
-#define _PAGE_USER	0x0800	/* One of the PP bits, the other is USER&~RW */
+#define _PAGE_RW	0x0400	/* lsb PP bits, inverted in HW */
+#define _PAGE_USER	0x0800	/* msb PP bits */
 
 #define _PMD_PRESENT	0x0001
 #define _PMD_BAD	0x0ff0
diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
index 52ff8c5..3bf0603 100644
--- a/arch/powerpc/kernel/head_8xx.S
+++ b/arch/powerpc/kernel/head_8xx.S
@@ -333,26 +333,20 @@ InstructionTLBMiss:
 	mfspr	r11, SPRN_MD_TWC	/* ....and get the pte address */
 	lwz	r10, 0(r11)	/* Get the pte */
 
-#ifdef CONFIG_SWAP
-	/* do not set the _PAGE_ACCESSED bit of a non-present page */
-	andi.	r11, r10, _PAGE_PRESENT
-	beq	4f
-	ori	r10, r10, _PAGE_ACCESSED
-	mfspr	r11, SPRN_MD_TWC	/* get the pte address again */
-	stw	r10, 0(r11)
-4:
-#else
-	ori	r10, r10, _PAGE_ACCESSED
-	stw	r10, 0(r11)
-#endif
+	andi.	r11, r10, _PAGE_ACCESSED | _PAGE_PRESENT
+	cmpwi	cr0, r11, _PAGE_ACCESSED | _PAGE_PRESENT
+	bne-	cr0, 2f
+
+	/* Clear PP lsb, 0x400 */
+	rlwinm 	r10, r10, 0, 22, 20
 
 	/* The Linux PTE won't go exactly into the MMU TLB.
-	 * Software indicator bits 21, 22 and 28 must be clear.
+	 * Software indicator bits 22 and 28 must be clear.
 	 * Software indicator bits 24, 25, 26, and 27 must be
 	 * set.  All other Linux PTE bits control the behavior
 	 * of the MMU.
 	 */
-2:	li	r11, 0x00f0
+	li	r11, 0x00f0
 	rlwimi	r10, r11, 0, 24, 28	/* Set 24-27, clear 28 */
 	DO_8xx_CPU6(0x2d80, r3)
 	mtspr	SPRN_MI_RPN, r10	/* Update TLB entry */
@@ -365,6 +359,22 @@ InstructionTLBMiss:
 	lwz	r3, 8(r0)
 #endif
 	rfi
+2:
+	mfspr	r11, SRR1
+	/* clear all error bits as TLB Miss
+	 * sets a few unconditionally
+	*/
+	rlwinm	r11, r11, 0, 0xffff
+	mtspr	SRR1, r11
+
+	mfspr	r10, SPRN_M_TW	/* Restore registers */
+	lwz	r11, 0(r0)
+	mtcr	r11
+	lwz	r11, 4(r0)
+#ifdef CONFIG_8xx_CPU6
+	lwz	r3, 8(r0)
+#endif
+	b	InstructionAccess
 
 	. = 0x1200
 DataStoreTLBMiss:
@@ -409,21 +419,27 @@ DataStoreTLBMiss:
 	DO_8xx_CPU6(0x3b80, r3)
 	mtspr	SPRN_MD_TWC, r11
 
-#ifdef CONFIG_SWAP
-	/* do not set the _PAGE_ACCESSED bit of a non-present page */
-	andi.	r11, r10, _PAGE_PRESENT
-	beq	4f
-	ori	r10, r10, _PAGE_ACCESSED
-4:
-	/* and update pte in table */
-#else
-	ori	r10, r10, _PAGE_ACCESSED
-#endif
-	mfspr	r11, SPRN_MD_TWC	/* get the pte address again */
-	stw	r10, 0(r11)
+	/* Both _PAGE_ACCESSED and _PAGE_PRESENT has to be set.
+	 * We also need to know if the insn is a load/store, so:
+	 * Clear _PAGE_PRESENT and load that which will
+	 * trap into DTLB Error with store bit set accordinly.
+	 */
+	/* PRESENT=0x1, ACCESSED=0x20
+	 * r11 = ((r10 & PRESENT) & ((r10 & ACCESSED) >> 5));
+	 * r10 = (r10 & ~PRESENT) | r11;
+	 */
+	rlwinm	r11, r10, 32-5, 31, 31
+	and	r11, r11, r10
+	rlwimi	r10, r11, 0, 31, 31
+
+	/* Honour kernel RO, User NA */
+	andi.	r11, r10, _PAGE_USER | _PAGE_RW
+	bne-	cr0, 5f
+	ori	r10,r10, 0x200 /* Extended encoding, bit 22 */
+5:	xori	r10, r10, _PAGE_RW  /* invert RW bit */
 
 	/* The Linux PTE won't go exactly into the MMU TLB.
-	 * Software indicator bits 21, 22 and 28 must be clear.
+	 * Software indicator bits 22 and 28 must be clear.
 	 * Software indicator bits 24, 25, 26, and 27 must be
 	 * set.  All other Linux PTE bits control the behavior
 	 * of the MMU.
@@ -469,11 +485,12 @@ DataTLBError:
 	stw	r10, 0(r0)
 	stw	r11, 4(r0)
 
-	/* First, make sure this was a store operation.
+	mfspr	r11, SPRN_DSISR
+	andis.	r11, r11, 0x4800	/* !translation or protection */
+	bne	2f	/* branch if either is set */
+	/* Only Change bit left now, do it here as it is faster
+	 * than trapping to the C fault handler.
 	*/
-	mfspr	r10, SPRN_DSISR
-	andis.	r11, r10, 0x0200	/* If set, indicates store op */
-	beq	2f
 
 	/* The EA of a data TLB miss is automatically stored in the MD_EPN
 	 * register.  The EA of a data TLB error is automatically stored in
@@ -522,26 +539,12 @@ DataTLBError:
 	mfspr	r11, SPRN_MD_TWC		/* ....and get the pte address */
 	lwz	r10, 0(r11)		/* Get the pte */
 
-	andi.	r11, r10, _PAGE_RW	/* Is it writeable? */
-	beq	2f			/* Bail out if not */
-
-	/* Update 'changed', among others.
-	*/
-#ifdef CONFIG_SWAP
-	ori	r10, r10, _PAGE_DIRTY|_PAGE_HWWRITE
-	/* do not set the _PAGE_ACCESSED bit of a non-present page */
-	andi.	r11, r10, _PAGE_PRESENT
-	beq	4f
-	ori	r10, r10, _PAGE_ACCESSED
-4:
-#else
-	ori	r10, r10, _PAGE_DIRTY|_PAGE_ACCESSED|_PAGE_HWWRITE
-#endif
-	mfspr	r11, SPRN_MD_TWC		/* Get pte address again */
+	ori	r10, r10, _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_HWWRITE
 	stw	r10, 0(r11)		/* and update pte in table */
+	xori	r10, r10, _PAGE_RW	/* RW bit is inverted */
 
 	/* The Linux PTE won't go exactly into the MMU TLB.
-	 * Software indicator bits 21, 22 and 28 must be clear.
+	 * Software indicator bits 22 and 28 must be clear.
 	 * Software indicator bits 24, 25, 26, and 27 must be
 	 * set.  All other Linux PTE bits control the behavior
 	 * of the MMU.
-- 
1.6.4.4
^ permalink raw reply related	[flat|nested] 37+ messages in thread
* [PATCH 3/8] 8xx: Tag DAR with 0x00f0 to catch buggy instructions.
  2009-10-11 16:35   ` [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects Joakim Tjernlund
@ 2009-10-11 16:35     ` Joakim Tjernlund
  2009-10-11 16:35       ` [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions Joakim Tjernlund
  2009-10-11 21:25     ` [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects Benjamin Herrenschmidt
  2009-10-14 16:57     ` Scott Wood
  2 siblings, 1 reply; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-11 16:35 UTC (permalink / raw)
  To: Benjamin Herrenschmidt, linuxppc-dev@ozlabs.org, Rex Feany,
	Scott Wood
dcbz, dcbf, dcbi, dcbst and icbi do not set DAR when they
cause a DTLB Error. Dectect this by tagging DAR with 0x00f0
at every exception exit that modifies DAR.
Test for DAR=0x00f0 in DataTLBError and bail
to handle_page_fault().
---
 arch/powerpc/kernel/head_8xx.S |   15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)
diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
index 3bf0603..093176c 100644
--- a/arch/powerpc/kernel/head_8xx.S
+++ b/arch/powerpc/kernel/head_8xx.S
@@ -206,6 +206,8 @@ MachineCheck:
 	EXCEPTION_PROLOG
 	mfspr r4,SPRN_DAR
 	stw r4,_DAR(r11)
+	li r5,0x00f0
+	mtspr SPRN_DAR,r5	/* Tag DAR, to be used in DTLB Error */
 	mfspr r5,SPRN_DSISR
 	stw r5,_DSISR(r11)
 	addi r3,r1,STACK_FRAME_OVERHEAD
@@ -222,6 +224,8 @@ DataAccess:
 	stw	r10,_DSISR(r11)
 	mr	r5,r10
 	mfspr	r4,SPRN_DAR
+	li	r10,0x00f0
+	mtspr	SPRN_DAR,r10	/* Tag DAR, to be used in DTLB Error */
 	EXC_XFER_EE_LITE(0x300, handle_page_fault)
 
 /* Instruction access exception.
@@ -244,6 +248,8 @@ Alignment:
 	EXCEPTION_PROLOG
 	mfspr	r4,SPRN_DAR
 	stw	r4,_DAR(r11)
+	li	r5,0x00f0
+	mtspr	SPRN_DAR,r5	/* Tag DAR, to be used in DTLB Error */
 	mfspr	r5,SPRN_DSISR
 	stw	r5,_DSISR(r11)
 	addi	r3,r1,STACK_FRAME_OVERHEAD
@@ -445,6 +451,7 @@ DataStoreTLBMiss:
 	 * of the MMU.
 	 */
 2:	li	r11, 0x00f0
+	mtspr	SPRN_DAR,r11	/* Tag DAR */
 	rlwimi	r10, r11, 0, 24, 28	/* Set 24-27, clear 28 */
 	DO_8xx_CPU6(0x3d80, r3)
 	mtspr	SPRN_MD_RPN, r10	/* Update TLB entry */
@@ -485,6 +492,10 @@ DataTLBError:
 	stw	r10, 0(r0)
 	stw	r11, 4(r0)
 
+	mfspr	r10, SPRN_DAR
+	cmpwi	cr0, r10, 0x00f0
+	beq-	2f	/* must be a buggy dcbX, icbi insn. */
+
 	mfspr	r11, SPRN_DSISR
 	andis.	r11, r11, 0x4800	/* !translation or protection */
 	bne	2f	/* branch if either is set */
@@ -508,7 +519,8 @@ DataTLBError:
 	 * are initialized in mapin_ram().  This will avoid the problem,
 	 * assuming we only use the dcbi instruction on kernel addresses.
 	 */
-	mfspr	r10, SPRN_DAR
+
+	/* DAR is in r10 already */
 	rlwinm	r11, r10, 0, 0, 19
 	ori	r11, r11, MD_EVALID
 	mfspr	r10, SPRN_M_CASID
@@ -550,6 +562,7 @@ DataTLBError:
 	 * of the MMU.
 	 */
 	li	r11, 0x00f0
+	mtspr	SPRN_DAR,r11	/* Tag DAR */
 	rlwimi	r10, r11, 0, 24, 28	/* Set 24-27, clear 28 */
 	DO_8xx_CPU6(0x3d80, r3)
 	mtspr	SPRN_MD_RPN, r10	/* Update TLB entry */
-- 
1.6.4.4
^ permalink raw reply related	[flat|nested] 37+ messages in thread
* [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-10-11 16:35     ` [PATCH 3/8] 8xx: Tag DAR with 0x00f0 to catch buggy instructions Joakim Tjernlund
@ 2009-10-11 16:35       ` Joakim Tjernlund
  2009-10-11 16:35         ` [PATCH 5/8] 8xx: dcbst sets store bit in DTLB error, workaround Joakim Tjernlund
  2009-10-14 17:20         ` [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions Scott Wood
  0 siblings, 2 replies; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-11 16:35 UTC (permalink / raw)
  To: Benjamin Herrenschmidt, linuxppc-dev@ozlabs.org, Rex Feany,
	Scott Wood
This is an assembler version to fixup DAR not being set
by dcbX, icbi instructions. There are two versions, one
uses selfmodifing code, the other uses a
jump table but is much bigger(default).
---
 arch/powerpc/kernel/head_8xx.S |  146 +++++++++++++++++++++++++++++++++++++++-
 1 files changed, 145 insertions(+), 1 deletions(-)
diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
index 093176c..9839e79 100644
--- a/arch/powerpc/kernel/head_8xx.S
+++ b/arch/powerpc/kernel/head_8xx.S
@@ -494,7 +494,8 @@ DataTLBError:
 
 	mfspr	r10, SPRN_DAR
 	cmpwi	cr0, r10, 0x00f0
-	beq-	2f	/* must be a buggy dcbX, icbi insn. */
+	beq-	FixDAR	/* must be a buggy dcbX, icbi insn. */
+DARFix:	/* Return from dcbx instruction bug workaround, r10 holds value of DAR */
 
 	mfspr	r11, SPRN_DSISR
 	andis.	r11, r11, 0x4800	/* !translation or protection */
@@ -604,6 +605,149 @@ DataTLBError:
 
 	. = 0x2000
 
+/* This is the procedure to calculate the data EA for buggy dcbx,dcbi instructions
+ * by decoding the registers used by the dcbx instruction and adding them.
+ * DAR is set to the calculated address and r10 also holds the EA on exit.
+ */
+#define NO_SELF_MODIFYING_CODE /* define if you don't want to use self modifying code */
+	nop	/* A few nops to make the modified_instr: space below cache line aligned */
+	nop
+139:	/* fetch instruction from userspace memory */
+	DO_8xx_CPU6(0x3780, r3)
+	mtspr	SPRN_MD_EPN, r10
+	mfspr	r11, SPRN_M_TWB	/* Get level 1 table entry address */
+	lwz	r11, 0(r11)	/* Get the level 1 entry */
+	tophys  (r11, r11)
+	DO_8xx_CPU6(0x3b80, r3)
+	mtspr	SPRN_MD_TWC, r11	/* Load pte table base address */
+	mfspr	r11, SPRN_MD_TWC	/* ....and get the pte address */
+	lwz	r11, 0(r11)	/* Get the pte */
+	/* concat physical page address(r11) and page offset(r10) */
+	rlwimi	r11, r10, 0, 20, 31
+	b	140f
+FixDAR:	/* Entry point for dcbx workaround. */
+	/* fetch instruction from memory. */
+	mfspr	r10, SPRN_SRR0
+	andis.	r11, r10, 0x8000
+	tophys  (r11, r10)
+	beq-	139b		/* Branch if user space address */
+140:	lwz	r11,0(r11)
+#ifdef CONFIG_8xx_CPU6
+	lwz	r3, 8(r0)	/* restore r3 from memory */
+#endif
+#ifndef NO_SELF_MODIFYING_CODE
+	andis.	r10,r11,0x1f	/* test if reg RA is r0 */
+	li	r10,modified_instr@l
+	dcbtst	r0,r10		/* touch for store */
+	rlwinm	r11,r11,0,0,20	/* Zero lower 10 bits */
+	oris	r11,r11,640	/* Transform instr. to a "add r10,RA,RB" */
+	ori	r11,r11,532
+	stw	r11,0(r10)	/* store add/and instruction */
+	dcbf	0,r10		/* flush new instr. to memory. */
+	icbi	0,r10		/* invalidate instr. cache line */
+	lwz	r11, 4(r0)	/* restore r11 from memory */
+	mfspr	r10, SPRN_M_TW	/* restore r10 from M_TW */
+	isync			/* Wait until new instr is loaded from memory */
+modified_instr:
+	.space	4		/* this is where the add/and instr. is stored */
+	bne+	143f
+	subf	r10,r0,r10	/* r10=r10-r0, only if reg RA is r0 */
+143:	mtdar	r10		/* store faulting EA in DAR */
+	b	DARFix		/* Go back to normal TLB handling */
+#else
+	mfctr	r10
+	mtdar	r10			/* save ctr reg in DAR */
+	rlwinm	r10, r11, 24, 24, 28	/* offset into jump table for reg RB */
+	addi	r10, r10, 150f@l	/* add start of table */
+	mtctr	r10			/* load ctr with jump address */
+	xor	r10, r10, r10		/* sum starts at zero */
+	bctr				/* jump into table */
+150:
+	add	r10, r10, r0
+	b	151f
+	add	r10, r10, r1
+	b	151f
+	add	r10, r10, r2
+	b	151f
+	add	r10, r10, r3
+	b	151f
+	add	r10, r10, r4
+	b	151f
+	add	r10, r10, r5
+	b	151f
+	add	r10, r10, r6
+	b	151f
+	add	r10, r10, r7
+	b	151f
+	add	r10, r10, r8
+	b	151f
+	add	r10, r10, r9
+	b	151f
+	add	r10, r10, r10
+	b	151f
+	add	r10, r10, r11
+	b	151f
+	add	r10, r10, r12
+	b	151f
+	add	r10, r10, r13
+	b	151f
+	add	r10, r10, r14
+	b	151f
+	add	r10, r10, r15
+	b	151f
+	add	r10, r10, r16
+	b	151f
+	add	r10, r10, r17
+	b	151f
+	add	r10, r10, r18
+	b	151f
+	add	r10, r10, r19
+	b	151f
+	mtctr	r11	/* r10 needs special handling */
+	b	154f
+	mtctr	r11	/* r11 needs special handling */
+	b	153f
+	add	r10, r10, r22
+	b	151f
+	add	r10, r10, r23
+	b	151f
+	add	r10, r10, r24
+	b	151f
+	add	r10, r10, r25
+	b	151f
+	add	r10, r10, r25
+	b	151f
+	add	r10, r10, r27
+	b	151f
+	add	r10, r10, r28
+	b	151f
+	add	r10, r10, r29
+	b	151f
+	add	r10, r10, r30
+	b	151f
+	add	r10, r10, r31
+151:
+	rlwinm. r11,r11,19,24,28	/* offset into jump table for reg RA */
+	beq	152f			/* if reg RA is zero, don't add it */ 
+	addi	r11, r11, 150b@l	/* add start of table */
+	mtctr	r11			/* load ctr with jump address */
+	rlwinm	r11,r11,0,16,10		/* make sure we don't execute this more than once */
+	bctr				/* jump into table */
+152:
+	mfdar	r11
+	mtctr	r11			/* restore ctr reg from DAR */
+	mtdar	r10			/* save fault EA to DAR */
+	b	DARFix			/* Go back to normal TLB handling */
+
+	/* special handling for r10,r11 since these are modified already */
+153:	lwz	r11, 4(r0)	/* load r11 from memory */
+	b	155f
+154:	mfspr	r11, SPRN_M_TW	/* load r10 from M_TW */
+155:	add	r10, r10, r11	/* add it */
+	mfctr	r11		/* restore r11 */
+	b	151b
+#endif
+
 	.globl	giveup_fpu
 giveup_fpu:
 	blr
-- 
1.6.4.4
^ permalink raw reply related	[flat|nested] 37+ messages in thread
* [PATCH 5/8] 8xx: dcbst sets store bit in DTLB error, workaround.
  2009-10-11 16:35       ` [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions Joakim Tjernlund
@ 2009-10-11 16:35         ` Joakim Tjernlund
  2009-10-11 16:35           ` [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error Joakim Tjernlund
  2009-10-14 17:02           ` [PATCH 5/8] 8xx: dcbst sets store bit in DTLB error, workaround Scott Wood
  2009-10-14 17:20         ` [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions Scott Wood
  1 sibling, 2 replies; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-11 16:35 UTC (permalink / raw)
  To: Benjamin Herrenschmidt, linuxppc-dev@ozlabs.org, Rex Feany,
	Scott Wood
dcbst should not set the store bit(bit 6, DSISR) when
trapping into a DTLB Error. Clear this bit while doing
the dcbX missing DAR workaround.
---
 arch/powerpc/kernel/head_8xx.S |   34 +++++++++++++++++++++++++++++++---
 1 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
index 9839e79..027856e 100644
--- a/arch/powerpc/kernel/head_8xx.S
+++ b/arch/powerpc/kernel/head_8xx.S
@@ -496,10 +496,14 @@ DataTLBError:
 	cmpwi	cr0, r10, 0x00f0
 	beq-	FixDAR	/* must be a buggy dcbX, icbi insn. */
 DARFix:	/* Return from dcbx instruction bug workaround, r10 holds value of DAR */
-
 	mfspr	r11, SPRN_DSISR
-	andis.	r11, r11, 0x4800	/* !translation or protection */
-	bne	2f	/* branch if either is set */
+	/* As the DAR fixup may clear store we may have all 3 states zero.
+	 * Make sure only 0x0200(store) falls down into DIRTY handling
+	 */
+	andis.	r11, r11, 0x4a00	/* !translation, protection or store */
+	srwi	r11, r11, 16
+	cmpwi	cr0, r11, 0x0200	/* just store ? */
+	bne	2f
 	/* Only Change bit left now, do it here as it is faster
 	 * than trapping to the C fault handler.
 	*/
@@ -632,6 +636,30 @@ FixDAR:	/* Entry point for dcbx workaround. */
 	tophys  (r11, r10)
 	beq-	139b		/* Branch if user space address */
 140:	lwz	r11,0(r11)
+/* Check if it really is a dcbx instruction. */
+/* dcbt and dcbtst does not generate DTLB Misses/Errors,
+ * no need to include them here */
+	srwi	r10, r11, 26	/* check if major OP code is 31 */
+	cmpwi	cr0, r10, 31
+	bne-	141f
+	rlwinm	r10, r11, 0, 21, 30
+	cmpwi	cr0, r10, 2028	/* Is dcbz? */
+	beq+	142f
+	cmpwi	cr0, r10, 940	/* Is dcbi? */
+	beq+	142f
+	cmpwi	cr0, r10, 108	/* Is dcbst? */
+	beq+	144f		/* Fix up store bit! */
+	cmpwi	cr0, r10, 172	/* Is dcbf? */
+	beq+	142f
+	cmpwi	cr0, r10, 1964	/* Is icbi? */
+	beq+	142f
+141:	mfspr	r10, SPRN_DAR	/* r10 must hold DAR at exit */
+	b	DARfix		/* Nope, go back to normal TLB processing */
+
+144:	mfspr	r10, SPRN_DSISR
+	rlwinm	r10, r10,0,7,5	/* Clear store bit for buggy dcbst insn */
+	mtspr	SPRN_DSISR, r10
+142:	/* continue, it was a dcbx, dcbi instruction. */
 #ifdef CONFIG_8xx_CPU6
 	lwz	r3, 8(r0)	/* restore r3 from memory */
 #endif
-- 
1.6.4.4
^ permalink raw reply related	[flat|nested] 37+ messages in thread
* [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error.
  2009-10-11 16:35         ` [PATCH 5/8] 8xx: dcbst sets store bit in DTLB error, workaround Joakim Tjernlund
@ 2009-10-11 16:35           ` Joakim Tjernlund
  2009-10-11 16:35             ` [PATCH 7/8] 8xx: Restore _PAGE_WRITETHRU Joakim Tjernlund
  2009-10-11 21:25             ` [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error Benjamin Herrenschmidt
  2009-10-14 17:02           ` [PATCH 5/8] 8xx: dcbst sets store bit in DTLB error, workaround Scott Wood
  1 sibling, 2 replies; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-11 16:35 UTC (permalink / raw)
  To: Benjamin Herrenschmidt, linuxppc-dev@ozlabs.org, Rex Feany,
	Scott Wood
only DTLB Miss did set this bit, DTLB Error needs too otherwise
the setting is lost when the page becomes dirty.
---
 arch/powerpc/kernel/head_8xx.S |   13 ++++++++++---
 1 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
index 027856e..371b606 100644
--- a/arch/powerpc/kernel/head_8xx.S
+++ b/arch/powerpc/kernel/head_8xx.S
@@ -552,9 +552,16 @@ DARFix:	/* Return from dcbx instruction bug workaround, r10 holds value of DAR *
 	 */
 	ori	r11, r11, 1		/* Set valid bit in physical L2 page */
 	DO_8xx_CPU6(0x3b80, r3)
-	mtspr	SPRN_MD_TWC, r11		/* Load pte table base address */
-	mfspr	r11, SPRN_MD_TWC		/* ....and get the pte address */
-	lwz	r10, 0(r11)		/* Get the pte */
+	mtspr	SPRN_MD_TWC, r11	/* Load pte table base address */
+	mfspr	r10, SPRN_MD_TWC	/* ....and get the pte address */
+	lwz	r10, 0(r10)		/* Get the pte */
+	/* Insert the Guarded flag into the TWC from the Linux PTE.
+	 * It is bit 27 of both the Linux PTE and the TWC
+	 */
+	rlwimi	r11, r10, 0, 27, 27
+	DO_8xx_CPU6(0x3b80, r3)
+	mtspr	SPRN_MD_TWC, r11
+	mfspr	r11, SPRN_MD_TWC	/* get the pte address again */
 
 	ori	r10, r10, _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_HWWRITE
 	stw	r10, 0(r11)		/* and update pte in table */
-- 
1.6.4.4
^ permalink raw reply related	[flat|nested] 37+ messages in thread
* [PATCH 7/8] 8xx: Restore _PAGE_WRITETHRU
  2009-10-11 16:35           ` [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error Joakim Tjernlund
@ 2009-10-11 16:35             ` Joakim Tjernlund
  2009-10-11 16:35               ` [PATCH 8/8] 8xx: start using dcbX instructions in various copy routines Joakim Tjernlund
  2009-10-11 21:26               ` [PATCH 7/8] 8xx: Restore _PAGE_WRITETHRU Benjamin Herrenschmidt
  2009-10-11 21:25             ` [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error Benjamin Herrenschmidt
  1 sibling, 2 replies; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-11 16:35 UTC (permalink / raw)
  To: Benjamin Herrenschmidt, linuxppc-dev@ozlabs.org, Rex Feany,
	Scott Wood
8xx has not had WRITETHRU due to lack of bits in the pte.
After the recent rewrite of the 8xx TLB code, there are
two bits left. Use one of them to WRITETHRU.
Perhaps use the last SW bit to PAGE_SPECIAL or PAGE_FILE?
---
 arch/powerpc/include/asm/pte-8xx.h |    5 +++--
 arch/powerpc/kernel/head_8xx.S     |    8 ++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/include/asm/pte-8xx.h b/arch/powerpc/include/asm/pte-8xx.h
index f23cd15..9349d83 100644
--- a/arch/powerpc/include/asm/pte-8xx.h
+++ b/arch/powerpc/include/asm/pte-8xx.h
@@ -34,12 +34,13 @@
 #define _PAGE_SHARED	0x0004	/* No ASID (context) compare */
 #define _PAGE_DIRTY	0x0100	/* C: page changed */
 
-/* These 3 software bits must be masked out when the entry is loaded
- * into the TLB, 2 SW bits left.
+/* These 4 software bits must be masked out when the entry is loaded
+ * into the TLB, 1 SW bit left(0x0080).
  */
 #define _PAGE_EXEC	0x0008	/* software: i-cache coherency required */
 #define _PAGE_GUARDED	0x0010	/* software: guarded access */
 #define _PAGE_ACCESSED	0x0020	/* software: page referenced */
+#define _PAGE_WRITETHRU	0x0040	/* software: caching is write through */
 
 /* Setting any bits in the nibble with the follow two controls will
  * require a TLB exception handler change.  It is assumed unused bits
diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
index 371b606..db5207e 100644
--- a/arch/powerpc/kernel/head_8xx.S
+++ b/arch/powerpc/kernel/head_8xx.S
@@ -422,6 +422,10 @@ DataStoreTLBMiss:
 	 * above.
 	 */
 	rlwimi	r11, r10, 0, 27, 27
+	/* Insert the WriteThru flag into the TWC from the Linux PTE.
+	 * It is bit 25 in the Linux PTE and bit 30 in the TWC
+	 */
+	rlwimi	r11, r10, 32-5, 30, 30
 	DO_8xx_CPU6(0x3b80, r3)
 	mtspr	SPRN_MD_TWC, r11
 
@@ -559,6 +563,10 @@ DARFix:	/* Return from dcbx instruction bug workaround, r10 holds value of DAR *
 	 * It is bit 27 of both the Linux PTE and the TWC
 	 */
 	rlwimi	r11, r10, 0, 27, 27
+	/* Insert the WriteThru flag into the TWC from the Linux PTE.
+	 * It is bit 25 in the Linux PTE and bit 30 in the TWC
+	 */
+	rlwimi	r11, r10, 32-5, 30, 30
 	DO_8xx_CPU6(0x3b80, r3)
 	mtspr	SPRN_MD_TWC, r11
 	mfspr	r11, SPRN_MD_TWC	/* get the pte address again */
-- 
1.6.4.4
^ permalink raw reply related	[flat|nested] 37+ messages in thread
* [PATCH 8/8] 8xx: start using dcbX instructions in various copy routines
  2009-10-11 16:35             ` [PATCH 7/8] 8xx: Restore _PAGE_WRITETHRU Joakim Tjernlund
@ 2009-10-11 16:35               ` Joakim Tjernlund
  2009-10-11 21:26               ` [PATCH 7/8] 8xx: Restore _PAGE_WRITETHRU Benjamin Herrenschmidt
  1 sibling, 0 replies; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-11 16:35 UTC (permalink / raw)
  To: Benjamin Herrenschmidt, linuxppc-dev@ozlabs.org, Rex Feany,
	Scott Wood
Now that 8xx can fixup dcbX instructions, start using them
where possible like every other PowerPc arch do.
---
 arch/powerpc/kernel/misc_32.S |   18 ------------------
 arch/powerpc/lib/copy_32.S    |   24 ------------------------
 2 files changed, 0 insertions(+), 42 deletions(-)
diff --git a/arch/powerpc/kernel/misc_32.S b/arch/powerpc/kernel/misc_32.S
index 15f28e0..b92095e 100644
--- a/arch/powerpc/kernel/misc_32.S
+++ b/arch/powerpc/kernel/misc_32.S
@@ -495,15 +495,7 @@ _GLOBAL(clear_pages)
 	li	r0,PAGE_SIZE/L1_CACHE_BYTES
 	slw	r0,r0,r4
 	mtctr	r0
-#ifdef CONFIG_8xx
-	li	r4, 0
-1:	stw	r4, 0(r3)
-	stw	r4, 4(r3)
-	stw	r4, 8(r3)
-	stw	r4, 12(r3)
-#else
 1:	dcbz	0,r3
-#endif
 	addi	r3,r3,L1_CACHE_BYTES
 	bdnz	1b
 	blr
@@ -528,15 +520,6 @@ _GLOBAL(copy_page)
 	addi	r3,r3,-4
 	addi	r4,r4,-4
 
-#ifdef CONFIG_8xx
-	/* don't use prefetch on 8xx */
-    	li	r0,4096/L1_CACHE_BYTES
-	mtctr	r0
-1:	COPY_16_BYTES
-	bdnz	1b
-	blr
-
-#else	/* not 8xx, we can prefetch */
 	li	r5,4
 
 #if MAX_COPY_PREFETCH > 1
@@ -577,7 +560,6 @@ _GLOBAL(copy_page)
 	li	r0,MAX_COPY_PREFETCH
 	li	r11,4
 	b	2b
-#endif	/* CONFIG_8xx */
 
 /*
  * void atomic_clear_mask(atomic_t mask, atomic_t *addr)
diff --git a/arch/powerpc/lib/copy_32.S b/arch/powerpc/lib/copy_32.S
index c657de5..74a7f41 100644
--- a/arch/powerpc/lib/copy_32.S
+++ b/arch/powerpc/lib/copy_32.S
@@ -98,20 +98,7 @@ _GLOBAL(cacheable_memzero)
 	bdnz	4b
 3:	mtctr	r9
 	li	r7,4
-#if !defined(CONFIG_8xx)
 10:	dcbz	r7,r6
-#else
-10:	stw	r4, 4(r6)
-	stw	r4, 8(r6)
-	stw	r4, 12(r6)
-	stw	r4, 16(r6)
-#if CACHE_LINE_SIZE >= 32
-	stw	r4, 20(r6)
-	stw	r4, 24(r6)
-	stw	r4, 28(r6)
-	stw	r4, 32(r6)
-#endif /* CACHE_LINE_SIZE */
-#endif
 	addi	r6,r6,CACHELINE_BYTES
 	bdnz	10b
 	clrlwi	r5,r8,32-LG_CACHELINE_BYTES
@@ -200,9 +187,7 @@ _GLOBAL(cacheable_memcpy)
 	mtctr	r0
 	beq	63f
 53:
-#if !defined(CONFIG_8xx)
 	dcbz	r11,r6
-#endif
 	COPY_16_BYTES
 #if L1_CACHE_BYTES >= 32
 	COPY_16_BYTES
@@ -356,14 +341,6 @@ _GLOBAL(__copy_tofrom_user)
 	li	r11,4
 	beq	63f
 
-#ifdef CONFIG_8xx
-	/* Don't use prefetch on 8xx */
-	mtctr	r0
-	li	r0,0
-53:	COPY_16_BYTES_WITHEX(0)
-	bdnz	53b
-
-#else /* not CONFIG_8xx */
 	/* Here we decide how far ahead to prefetch the source */
 	li	r3,4
 	cmpwi	r0,1
@@ -416,7 +393,6 @@ _GLOBAL(__copy_tofrom_user)
 	li	r3,4
 	li	r7,0
 	bne	114b
-#endif /* CONFIG_8xx */
 
 63:	srwi.	r0,r5,2
 	mtctr	r0
-- 
1.6.4.4
^ permalink raw reply related	[flat|nested] 37+ messages in thread
* Re: [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects.
  2009-10-11 16:35   ` [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects Joakim Tjernlund
  2009-10-11 16:35     ` [PATCH 3/8] 8xx: Tag DAR with 0x00f0 to catch buggy instructions Joakim Tjernlund
@ 2009-10-11 21:25     ` Benjamin Herrenschmidt
  2009-10-14 16:57     ` Scott Wood
  2 siblings, 0 replies; 37+ messages in thread
From: Benjamin Herrenschmidt @ 2009-10-11 21:25 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Scott Wood, linuxppc-dev@ozlabs.org, Rex Feany
On Sun, 2009-10-11 at 18:35 +0200, Joakim Tjernlund wrote:
> @@ -522,26 +539,12 @@ DataTLBError:
I still think you should remove everything from DataTLBError, it's
just plain useless :-)
Ben.
>         mfspr   r11, SPRN_MD_TWC                /* ....and get the pte
> address */
>         lwz     r10, 0(r11)             /* Get the pte */
>  
> -       andi.   r11, r10, _PAGE_RW      /* Is it writeable? */
> -       beq     2f                      /* Bail out if not */
> -
> -       /* Update 'changed', among others.
> -       */
> -#ifdef CONFIG_SWAP
> -       ori     r10, r10, _PAGE_DIRTY|_PAGE_HWWRITE
> -       /* do not set the _PAGE_ACCESSED bit of a non-present page */
> -       andi.   r11, r10, _PAGE_PRESENT
> -       beq     4f
> -       ori     r10, r10, _PAGE_ACCESSED
> -4:
> -#else
> -       ori     r10, r10, _PAGE_DIRTY|_PAGE_ACCESSED|_PAGE_HWWRITE
> -#endif
> -       mfspr   r11, SPRN_MD_TWC                /* Get pte address
> again */
> +       ori     r10, r10, _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_HWWRITE
>         stw     r10, 0(r11)             /* and update pte in table */
> +       xori    r10, r10, _PAGE_RW      /* RW bit is inverted */
>  
>         /* The Linux PTE won't go exactly into the MMU TLB.
> -        * Software indicator bits 21, 22 and 28 must be clear.
> +        * Software indicator bits 22 and 28 must be clear.
>          * Software indicator bits 24, 25, 26, and 27 must be
>          * set.  All other Linux PTE bits control the behavior
>          * of the MMU.
> -- 
> 1.6.4.4
> 
> 
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error.
  2009-10-11 16:35           ` [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error Joakim Tjernlund
  2009-10-11 16:35             ` [PATCH 7/8] 8xx: Restore _PAGE_WRITETHRU Joakim Tjernlund
@ 2009-10-11 21:25             ` Benjamin Herrenschmidt
  2009-10-11 22:19               ` Joakim Tjernlund
  1 sibling, 1 reply; 37+ messages in thread
From: Benjamin Herrenschmidt @ 2009-10-11 21:25 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Scott Wood, linuxppc-dev@ozlabs.org, Rex Feany
On Sun, 2009-10-11 at 18:35 +0200, Joakim Tjernlund wrote:
> only DTLB Miss did set this bit, DTLB Error needs too otherwise
> the setting is lost when the page becomes dirty.
Easier fix: Stop doing thing in DTLB Error
Ben.
> --
>  arch/powerpc/kernel/head_8xx.S |   13 ++++++++++---
>  1 files changed, 10 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
> index 027856e..371b606 100644
> --- a/arch/powerpc/kernel/head_8xx.S
> +++ b/arch/powerpc/kernel/head_8xx.S
> @@ -552,9 +552,16 @@ DARFix:	/* Return from dcbx instruction bug workaround, r10 holds value of DAR *
>  	 */
>  	ori	r11, r11, 1		/* Set valid bit in physical L2 page */
>  	DO_8xx_CPU6(0x3b80, r3)
> -	mtspr	SPRN_MD_TWC, r11		/* Load pte table base address */
> -	mfspr	r11, SPRN_MD_TWC		/* ....and get the pte address */
> -	lwz	r10, 0(r11)		/* Get the pte */
> +	mtspr	SPRN_MD_TWC, r11	/* Load pte table base address */
> +	mfspr	r10, SPRN_MD_TWC	/* ....and get the pte address */
> +	lwz	r10, 0(r10)		/* Get the pte */
> +	/* Insert the Guarded flag into the TWC from the Linux PTE.
> +	 * It is bit 27 of both the Linux PTE and the TWC
> +	 */
> +	rlwimi	r11, r10, 0, 27, 27
> +	DO_8xx_CPU6(0x3b80, r3)
> +	mtspr	SPRN_MD_TWC, r11
> +	mfspr	r11, SPRN_MD_TWC	/* get the pte address again */
>  
>  	ori	r10, r10, _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_HWWRITE
>  	stw	r10, 0(r11)		/* and update pte in table */
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 7/8] 8xx: Restore _PAGE_WRITETHRU
  2009-10-11 16:35             ` [PATCH 7/8] 8xx: Restore _PAGE_WRITETHRU Joakim Tjernlund
  2009-10-11 16:35               ` [PATCH 8/8] 8xx: start using dcbX instructions in various copy routines Joakim Tjernlund
@ 2009-10-11 21:26               ` Benjamin Herrenschmidt
  2009-10-11 22:21                 ` Joakim Tjernlund
  1 sibling, 1 reply; 37+ messages in thread
From: Benjamin Herrenschmidt @ 2009-10-11 21:26 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Scott Wood, linuxppc-dev@ozlabs.org, Rex Feany
On Sun, 2009-10-11 at 18:35 +0200, Joakim Tjernlund wrote:
> 8xx has not had WRITETHRU due to lack of bits in the pte.
> After the recent rewrite of the 8xx TLB code, there are
> two bits left. Use one of them to WRITETHRU.
> 
> Perhaps use the last SW bit to PAGE_SPECIAL or PAGE_FILE?
_PAGE_FILE can already overwrite other bits as it's only set
when !present, and should pretty much always be 0x2
I think I've replaced _PAGE_EXEC with _PAGE_SPECIAL already
upstream since _PAGE_EXEC is unused on 8xx.
Cheers,
Ben.
> ---
>  arch/powerpc/include/asm/pte-8xx.h |    5 +++--
>  arch/powerpc/kernel/head_8xx.S     |    8 ++++++++
>  2 files changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/powerpc/include/asm/pte-8xx.h b/arch/powerpc/include/asm/pte-8xx.h
> index f23cd15..9349d83 100644
> --- a/arch/powerpc/include/asm/pte-8xx.h
> +++ b/arch/powerpc/include/asm/pte-8xx.h
> @@ -34,12 +34,13 @@
>  #define _PAGE_SHARED	0x0004	/* No ASID (context) compare */
>  #define _PAGE_DIRTY	0x0100	/* C: page changed */
>  
> -/* These 3 software bits must be masked out when the entry is loaded
> - * into the TLB, 2 SW bits left.
> +/* These 4 software bits must be masked out when the entry is loaded
> + * into the TLB, 1 SW bit left(0x0080).
>   */
>  #define _PAGE_EXEC	0x0008	/* software: i-cache coherency required */
>  #define _PAGE_GUARDED	0x0010	/* software: guarded access */
>  #define _PAGE_ACCESSED	0x0020	/* software: page referenced */
> +#define _PAGE_WRITETHRU	0x0040	/* software: caching is write through */
>  
>  /* Setting any bits in the nibble with the follow two controls will
>   * require a TLB exception handler change.  It is assumed unused bits
> diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
> index 371b606..db5207e 100644
> --- a/arch/powerpc/kernel/head_8xx.S
> +++ b/arch/powerpc/kernel/head_8xx.S
> @@ -422,6 +422,10 @@ DataStoreTLBMiss:
>  	 * above.
>  	 */
>  	rlwimi	r11, r10, 0, 27, 27
> +	/* Insert the WriteThru flag into the TWC from the Linux PTE.
> +	 * It is bit 25 in the Linux PTE and bit 30 in the TWC
> +	 */
> +	rlwimi	r11, r10, 32-5, 30, 30
>  	DO_8xx_CPU6(0x3b80, r3)
>  	mtspr	SPRN_MD_TWC, r11
>  
> @@ -559,6 +563,10 @@ DARFix:	/* Return from dcbx instruction bug workaround, r10 holds value of DAR *
>  	 * It is bit 27 of both the Linux PTE and the TWC
>  	 */
>  	rlwimi	r11, r10, 0, 27, 27
> +	/* Insert the WriteThru flag into the TWC from the Linux PTE.
> +	 * It is bit 25 in the Linux PTE and bit 30 in the TWC
> +	 */
> +	rlwimi	r11, r10, 32-5, 30, 30
>  	DO_8xx_CPU6(0x3b80, r3)
>  	mtspr	SPRN_MD_TWC, r11
>  	mfspr	r11, SPRN_MD_TWC	/* get the pte address again */
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error.
  2009-10-11 21:25             ` [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error Benjamin Herrenschmidt
@ 2009-10-11 22:19               ` Joakim Tjernlund
  2009-10-11 22:44                 ` Benjamin Herrenschmidt
  0 siblings, 1 reply; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-11 22:19 UTC (permalink / raw)
  To: Benjamin Herrenschmidt; +Cc: Scott Wood, linuxppc-dev@ozlabs.org, Rex Feany
Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote on 11/10/2009 23:25:30:
>
> On Sun, 2009-10-11 at 18:35 +0200, Joakim Tjernlund wrote:
> > only DTLB Miss did set this bit, DTLB Error needs too otherwise
> > the setting is lost when the page becomes dirty.
>
> Easier fix: Stop doing thing in DTLB Error
>
> Ben.
I hear you, I can remove DTLB error with an add on patch later if that is OK?
I cannot remove the DARFix though, when I move that to do_page_fault(), I get
duplicate TLB hits on the same insn. It is like when transfer_to_handler()
executes rfi, the cpu restarts the the faulting insn instead of jumping
to the page fault handler, not always but often.
 Jocke
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 7/8] 8xx: Restore _PAGE_WRITETHRU
  2009-10-11 21:26               ` [PATCH 7/8] 8xx: Restore _PAGE_WRITETHRU Benjamin Herrenschmidt
@ 2009-10-11 22:21                 ` Joakim Tjernlund
  2009-10-11 22:45                   ` Benjamin Herrenschmidt
  0 siblings, 1 reply; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-11 22:21 UTC (permalink / raw)
  To: Benjamin Herrenschmidt; +Cc: Scott Wood, linuxppc-dev@ozlabs.org, Rex Feany
Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote on 11/10/2009 23:26:27:
>
> On Sun, 2009-10-11 at 18:35 +0200, Joakim Tjernlund wrote:
> > 8xx has not had WRITETHRU due to lack of bits in the pte.
> > After the recent rewrite of the 8xx TLB code, there are
> > two bits left. Use one of them to WRITETHRU.
> >
> > Perhaps use the last SW bit to PAGE_SPECIAL or PAGE_FILE?
>
> _PAGE_FILE can already overwrite other bits as it's only set
> when !present, and should pretty much always be 0x2
OK.
>
> I think I've replaced _PAGE_EXEC with _PAGE_SPECIAL already
> upstream since _PAGE_EXEC is unused on 8xx.
What is page SPECIAL anyway?
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error.
  2009-10-11 22:19               ` Joakim Tjernlund
@ 2009-10-11 22:44                 ` Benjamin Herrenschmidt
  2009-10-12  5:36                   ` Joakim Tjernlund
  0 siblings, 1 reply; 37+ messages in thread
From: Benjamin Herrenschmidt @ 2009-10-11 22:44 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Scott Wood, linuxppc-dev@ozlabs.org, Rex Feany
On Mon, 2009-10-12 at 00:19 +0200, Joakim Tjernlund wrote:
> 
> I hear you, I can remove DTLB error with an add on patch later if that is OK?
> I cannot remove the DARFix though, when I move that to do_page_fault(), I get
> duplicate TLB hits on the same insn. It is like when transfer_to_handler()
> executes rfi, the cpu restarts the the faulting insn instead of jumping
> to the page fault handler, not always but often.
I'm not sure what you mean here ...
Ben.
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 7/8] 8xx: Restore _PAGE_WRITETHRU
  2009-10-11 22:21                 ` Joakim Tjernlund
@ 2009-10-11 22:45                   ` Benjamin Herrenschmidt
  0 siblings, 0 replies; 37+ messages in thread
From: Benjamin Herrenschmidt @ 2009-10-11 22:45 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Scott Wood, linuxppc-dev@ozlabs.org, Rex Feany
On Mon, 2009-10-12 at 00:21 +0200, Joakim Tjernlund wrote:
> > I think I've replaced _PAGE_EXEC with _PAGE_SPECIAL already
> > upstream since _PAGE_EXEC is unused on 8xx.
> 
> What is page SPECIAL anyway? 
It's used on newer kernels to indicates PTEs that map something that
isn't backed by a struct page (ie, not memory)
Cheers,
Ben.
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error.
  2009-10-11 22:44                 ` Benjamin Herrenschmidt
@ 2009-10-12  5:36                   ` Joakim Tjernlund
  2009-10-12  5:46                     ` Benjamin Herrenschmidt
  0 siblings, 1 reply; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-12  5:36 UTC (permalink / raw)
  To: Benjamin Herrenschmidt; +Cc: Scott Wood, linuxppc-dev@ozlabs.org, Rex Feany
Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote on 12/10/2009 00:44:56:
> On Mon, 2009-10-12 at 00:19 +0200, Joakim Tjernlund wrote:
> >
> > I hear you, I can remove DTLB error with an add on patch later if that is OK?
> > I cannot remove the DARFix though, when I move that to do_page_fault(), I get
> > duplicate TLB hits on the same insn. It is like when transfer_to_handler()
> > executes rfi, the cpu restarts the the faulting insn instead of jumping
> > to the page fault handler, not always but often.
>
> I'm not sure what you mean here ...
Just that I need to keep the DAR fix for dcbX insn in the DTLB handler. If I try
to move it to do_page_fault() I get a lot more DTLB errors for dcbX insn.
 Jocke
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error.
  2009-10-12  5:36                   ` Joakim Tjernlund
@ 2009-10-12  5:46                     ` Benjamin Herrenschmidt
  2009-10-12  6:59                       ` Joakim Tjernlund
  0 siblings, 1 reply; 37+ messages in thread
From: Benjamin Herrenschmidt @ 2009-10-12  5:46 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Scott Wood, linuxppc-dev@ozlabs.org, Rex Feany
On Mon, 2009-10-12 at 07:36 +0200, Joakim Tjernlund wrote:
> Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote on 12/10/2009 00:44:56:
> > On Mon, 2009-10-12 at 00:19 +0200, Joakim Tjernlund wrote:
> > >
> > > I hear you, I can remove DTLB error with an add on patch later if that is OK?
> > > I cannot remove the DARFix though, when I move that to do_page_fault(), I get
> > > duplicate TLB hits on the same insn. It is like when transfer_to_handler()
> > > executes rfi, the cpu restarts the the faulting insn instead of jumping
> > > to the page fault handler, not always but often.
> >
> > I'm not sure what you mean here ...
> 
> Just that I need to keep the DAR fix for dcbX insn in the DTLB handler. If I try
> to move it to do_page_fault() I get a lot more DTLB errors for dcbX insn.
I'm not sure why (ie, I didn't get your explanation about rfi and
restarting the faulting insn etc...) but ok, I don't mind having
the DAR fixup remain in the asm. It's the whole logic that looks
at the PTE and does things with it that I feel has no room in there :-)
BTW. Maybe the do_page_fault() thing comes from the fact that we
also go there via ITLB Error which doesn't set the DAR and
that's normal ?
Cheers,
Ben.
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error.
  2009-10-12  5:46                     ` Benjamin Herrenschmidt
@ 2009-10-12  6:59                       ` Joakim Tjernlund
  0 siblings, 0 replies; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-12  6:59 UTC (permalink / raw)
  To: Benjamin Herrenschmidt; +Cc: Scott Wood, linuxppc-dev@ozlabs.org, Rex Feany
Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote on 12/10/2009 07:46:14:
>
> On Mon, 2009-10-12 at 07:36 +0200, Joakim Tjernlund wrote:
> > Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote on 12/10/2009 00:44:56:
> > > On Mon, 2009-10-12 at 00:19 +0200, Joakim Tjernlund wrote:
> > > >
> > > > I hear you, I can remove DTLB error with an add on patch later if that is OK?
> > > > I cannot remove the DARFix though, when I move that to do_page_fault(), I get
> > > > duplicate TLB hits on the same insn. It is like when transfer_to_handler()
> > > > executes rfi, the cpu restarts the the faulting insn instead of jumping
> > > > to the page fault handler, not always but often.
> > >
> > > I'm not sure what you mean here ...
> >
> > Just that I need to keep the DAR fix for dcbX insn in the DTLB handler. If I try
> > to move it to do_page_fault() I get a lot more DTLB errors for dcbX insn.
>
> I'm not sure why (ie, I didn't get your explanation about rfi and
> restarting the faulting insn etc...) but ok, I don't mind having
> the DAR fixup remain in the asm. It's the whole logic that looks
> at the PTE and does things with it that I feel has no room in there :-)
OK, I will send a removal patch too.
>
> BTW. Maybe the do_page_fault() thing comes from the fact that we
> also go there via ITLB Error which doesn't set the DAR and
> that's normal ?
I had that idea to, but no. These have different traps numbers and
address is set to SRR0 for ITLB and to DAR for DTLB. I test for DTLB
trap number before doing anything.
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 1/8] 8xx: invalidate non present TLBs
  2009-10-11 16:35 ` [PATCH 1/8] 8xx: invalidate non present TLBs Joakim Tjernlund
  2009-10-11 16:35   ` [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects Joakim Tjernlund
@ 2009-10-14 16:56   ` Scott Wood
  1 sibling, 0 replies; 37+ messages in thread
From: Scott Wood @ 2009-10-14 16:56 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Rex Feany, linuxppc-dev@ozlabs.org
On Sun, Oct 11, 2009 at 06:35:05PM +0200, Joakim Tjernlund wrote:
> 8xx sometimes need to load a invalid/non-present TLBs in
> it DTLB asm handler.
> These must be invalidated separaly as linux mm don't.
> ---
>  arch/powerpc/mm/fault.c |    8 +++++++-
>  1 files changed, 7 insertions(+), 1 deletions(-)
> 
> diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
> index 7699394..72941c7 100644
> --- a/arch/powerpc/mm/fault.c
> +++ b/arch/powerpc/mm/fault.c
> @@ -39,7 +39,7 @@
>  #include <asm/uaccess.h>
>  #include <asm/tlbflush.h>
>  #include <asm/siginfo.h>
> -
> +#include <mm/mmu_decl.h>
>  
>  #ifdef CONFIG_KPROBES
>  static inline int notify_page_fault(struct pt_regs *regs)
> @@ -243,6 +243,12 @@ good_area:
>  		goto bad_area;
>  #endif /* CONFIG_6xx */
>  #if defined(CONFIG_8xx)
> +	/* 8xx sometimes need to load a invalid/non-present TLBs.
> +	 * These must be invalidated separately as linux mm don't.
> +	 */
> +	if (error_code & 0x40000000) /* no translation? */
> +		_tlbil_va(address);
arch/powerpc/mm/fault.c:253: error: too few arguments to function ‘_tlbil_va’
-Scott
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects.
  2009-10-11 16:35   ` [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects Joakim Tjernlund
  2009-10-11 16:35     ` [PATCH 3/8] 8xx: Tag DAR with 0x00f0 to catch buggy instructions Joakim Tjernlund
  2009-10-11 21:25     ` [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects Benjamin Herrenschmidt
@ 2009-10-14 16:57     ` Scott Wood
  2 siblings, 0 replies; 37+ messages in thread
From: Scott Wood @ 2009-10-14 16:57 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Rex Feany, linuxppc-dev@ozlabs.org
On Sun, Oct 11, 2009 at 06:35:06PM +0200, Joakim Tjernlund wrote:
> +	mfspr	r11, SRR1
> +	/* clear all error bits as TLB Miss
> +	 * sets a few unconditionally
> +	*/
> +	rlwinm	r11, r11, 0, 0xffff
> +	mtspr	SRR1, r11
arch/powerpc/kernel/head_8xx.S:369: Error: unsupported relocation against SRR1
arch/powerpc/kernel/head_8xx.S:374: Error: unsupported relocation against SRR1
-Scott
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 5/8] 8xx: dcbst sets store bit in DTLB error, workaround.
  2009-10-11 16:35         ` [PATCH 5/8] 8xx: dcbst sets store bit in DTLB error, workaround Joakim Tjernlund
  2009-10-11 16:35           ` [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error Joakim Tjernlund
@ 2009-10-14 17:02           ` Scott Wood
  1 sibling, 0 replies; 37+ messages in thread
From: Scott Wood @ 2009-10-14 17:02 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Rex Feany, linuxppc-dev@ozlabs.org
On Sun, Oct 11, 2009 at 06:35:09PM +0200, Joakim Tjernlund wrote:
>  DARFix:	/* Return from dcbx instruction bug workaround, r10 holds value of DAR */
[snip]
> +	b	DARfix		/* Nope, go back to normal TLB processing */
arch/powerpc/kernel/head_8xx.S:577: undefined reference to `DARfix'
-Scott
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-10-11 16:35       ` [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions Joakim Tjernlund
  2009-10-11 16:35         ` [PATCH 5/8] 8xx: dcbst sets store bit in DTLB error, workaround Joakim Tjernlund
@ 2009-10-14 17:20         ` Scott Wood
  2009-10-14 19:05           ` Joakim Tjernlund
  1 sibling, 1 reply; 37+ messages in thread
From: Scott Wood @ 2009-10-14 17:20 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Rex Feany, linuxppc-dev@ozlabs.org
On Sun, Oct 11, 2009 at 06:35:08PM +0200, Joakim Tjernlund wrote:
> This is an assembler version to fixup DAR not being set
> by dcbX, icbi instructions. There are two versions, one
> uses selfmodifing code, the other uses a
> jump table but is much bigger(default).
> ---
>  arch/powerpc/kernel/head_8xx.S |  146 +++++++++++++++++++++++++++++++++++++++-
>  1 files changed, 145 insertions(+), 1 deletions(-)
> 
> diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
> index 093176c..9839e79 100644
> --- a/arch/powerpc/kernel/head_8xx.S
> +++ b/arch/powerpc/kernel/head_8xx.S
> @@ -494,7 +494,8 @@ DataTLBError:
>  
>  	mfspr	r10, SPRN_DAR
>  	cmpwi	cr0, r10, 0x00f0
> -	beq-	2f	/* must be a buggy dcbX, icbi insn. */
> +	beq-	FixDAR	/* must be a buggy dcbX, icbi insn. */
> +DARFix:	/* Return from dcbx instruction bug workaround, r10 holds value of DAR */
Both FixDAR and DARFix?  Could we make the labels a little clearer?
> +/* This is the procedure to calculate the data EA for buggy dcbx,dcbi instructions
> + * by decoding the registers used by the dcbx instruction and adding them.
> + * DAR is set to the calculated address and r10 also holds the EA on exit.
> + */
How often does this happen?  Could we just do it in C code after saving all
the registers, and avoid the self modifying stuff (or the big switch
statement equivalent)?
-Scott
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 0/8] Fix 8xx MMU/TLB.
  2009-10-11 16:35 [PATCH 0/8] Fix 8xx MMU/TLB Joakim Tjernlund
  2009-10-11 16:35 ` [PATCH 1/8] 8xx: invalidate non present TLBs Joakim Tjernlund
@ 2009-10-14 17:23 ` Scott Wood
  2009-10-14 18:46   ` Joakim Tjernlund
  1 sibling, 1 reply; 37+ messages in thread
From: Scott Wood @ 2009-10-14 17:23 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Rex Feany, linuxppc-dev@ozlabs.org
On Sun, Oct 11, 2009 at 06:35:04PM +0200, Joakim Tjernlund wrote:
> This is the latest batch of mu 8xx MMU/TLB rework.
> I think this is complete now and will relax with
> other work the next few days. I hope I can get some
> testing from Scott and Rex during this time.
I applied this stack plus "Remove DIRTY pte handling in DTLB Error" (fixing
up conflicts again, as well as the noted build errors), and got this:
INIT: version 2.85 booting
Mounting /proc and /sys
Starting the hotplug events dispatcher udevd
udevd[177]: add_to_rules: unknown key 'MODALIAS' in /etc/udev/rules.d/60-pcmcia.rules:4
udevd[177]: add_to_rules: unknown key 'MODALIAS' in /etc/udev/rules.d/60-pcmcia.rules:10
udevd[177]: add_to_rules: unknown key 'MODALIAS' in /etc/udev/rules.d/60-pcmcia.rules:14
Synthesizing initial hotplug events
/etc/rc.d/init.d/udev: line 41:   187 Segmentation fault      udevsettle --timeout=300
Setting the hostname to 8xx
Running depmod
WARNING: Couldn't open directory /lib/modules/2.6.31-08384-g2cb4b47-dirty: No such file or directory
FATAL: Could not open /lib/modules/2.6.31-08384-g2cb4b47-dirty/modules.dep.tempfor writing: No such file or directory
Mounting filesystems
BUG: soft lockup - CPU#0 stuck for 61s! [cat:265]
NIP: c000f160 LR: c000f160 CTR: 00000007
REGS: c3919c70 TRAP: 0901   Not tainted  (2.6.31-08384-g2cb4b47-dirty)
MSR: 00009032 <EE,ME,IR,DR>  CR: 88008424  XER: 00000000
TASK = c3944bd0[265] 'cat' THREAD: c3918000
GPR00: c000f160 c3919d20 c3944bd0 00000000 100180fc 00000000 00000000 00000001
GPR08: c393e700 00000000 03ca9d21 00000001 48000428
NIP [c000f160] do_page_fault+0x188/0x49c
LR [c000f160] do_page_fault+0x188/0x49c
Call Trace:
[c3919d20] [c000f160] do_page_fault+0x188/0x49c (unreliable)
[c3919dd0] [c000e3f0] handle_page_fault+0xc/0x80
[c3919e90] [c008910c] seq_read+0x2a4/0x558
[c3919ee0] [c00ab7c0] proc_reg_read+0x4c/0x70
[c3919ef0] [c006f47c] vfs_read+0xb4/0x158
[c3919f10] [c006f78c] sys_read+0x4c/0x90
[c3919f40] [c000dfc0] ret_from_syscall+0x0/0x38
Instruction dump:
2f990000 419e01f0 801f0014 700a0002 418201f8 7c1900d0 541e0ffe 7fe4fb78
7f85e378 7fc6f378 7f63db78 4804c31d <70690003> 7c601b78 40820230 70690004
-Scott
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 0/8] Fix 8xx MMU/TLB.
  2009-10-14 17:23 ` [PATCH 0/8] Fix 8xx MMU/TLB Scott Wood
@ 2009-10-14 18:46   ` Joakim Tjernlund
  0 siblings, 0 replies; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-14 18:46 UTC (permalink / raw)
  To: Scott Wood; +Cc: Rex Feany, linuxppc-dev@ozlabs.org
Scott Wood <scottwood@freescale.com> wrote on 14/10/2009 19:23:51:
>
> On Sun, Oct 11, 2009 at 06:35:04PM +0200, Joakim Tjernlund wrote:
> > This is the latest batch of mu 8xx MMU/TLB rework.
> > I think this is complete now and will relax with
> > other work the next few days. I hope I can get some
> > testing from Scott and Rex during this time.
>
> I applied this stack plus "Remove DIRTY pte handling in DTLB Error" (fixing
> up conflicts again, as well as the noted build errors), and got this:
Sorry about the build problems, will fixup.
Don't know what is causing the error though, works just fine on 2.4 :(
Assuming you fixup this error:
 arch/powerpc/kernel/head_8xx.S:577: undefined reference to `DARfix'
with a "b DARFix" I can only guess and I don't have a good guess even :(
You could back out
8xx: start using dcbX instructions in various copy routines
to see if it is the dcbX insn that is causing the error.
>
> INIT: version 2.85 booting
> Mounting /proc and /sys
> Starting the hotplug events dispatcher udevd
> udevd[177]: add_to_rules: unknown key 'MODALIAS' in /etc/udev/rules.d/60-pcmcia.rules:4
> udevd[177]: add_to_rules: unknown key 'MODALIAS' in /etc/udev/rules.d/60-pcmcia.rules:10
> udevd[177]: add_to_rules: unknown key 'MODALIAS' in /etc/udev/rules.d/60-pcmcia.rules:14
> Synthesizing initial hotplug events
> /etc/rc.d/init.d/udev: line 41:   187 Segmentation fault      udevsettle --timeout=300
This looks like the first error?
> Setting the hostname to 8xx
> Running depmod
> WARNING: Couldn't open directory /lib/modules/2.6.31-08384-g2cb4b47-dirty: No
> such file or directory
> FATAL: Could not open /lib/modules/2.6.31-08384-g2cb4b47-dirty/
> modules.dep.tempfor writing: No such file or directory
> Mounting filesystems
> BUG: soft lockup - CPU#0 stuck for 61s! [cat:265]
Perhaps it is looping on the same TLB Error, caused by dcbX insn?
> NIP: c000f160 LR: c000f160 CTR: 00000007
> REGS: c3919c70 TRAP: 0901   Not tainted  (2.6.31-08384-g2cb4b47-dirty)
> MSR: 00009032 <EE,ME,IR,DR>  CR: 88008424  XER: 00000000
> TASK = c3944bd0[265] 'cat' THREAD: c3918000
> GPR00: c000f160 c3919d20 c3944bd0 00000000 100180fc 00000000 00000000 00000001
> GPR08: c393e700 00000000 03ca9d21 00000001 48000428
> NIP [c000f160] do_page_fault+0x188/0x49c
> LR [c000f160] do_page_fault+0x188/0x49c
> Call Trace:
> [c3919d20] [c000f160] do_page_fault+0x188/0x49c (unreliable)
> [c3919dd0] [c000e3f0] handle_page_fault+0xc/0x80
> [c3919e90] [c008910c] seq_read+0x2a4/0x558
> [c3919ee0] [c00ab7c0] proc_reg_read+0x4c/0x70
> [c3919ef0] [c006f47c] vfs_read+0xb4/0x158
> [c3919f10] [c006f78c] sys_read+0x4c/0x90
> [c3919f40] [c000dfc0] ret_from_syscall+0x0/0x38
> Instruction dump:
> 2f990000 419e01f0 801f0014 700a0002 418201f8 7c1900d0 541e0ffe 7fe4fb78
> 7f85e378 7fc6f378 7f63db78 4804c31d <70690003> 7c601b78 40820230 70690004
>
> -Scott
>
>
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-10-14 17:20         ` [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions Scott Wood
@ 2009-10-14 19:05           ` Joakim Tjernlund
  2009-10-14 19:23             ` Scott Wood
  0 siblings, 1 reply; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-14 19:05 UTC (permalink / raw)
  To: Scott Wood; +Cc: Rex Feany, linuxppc-dev@ozlabs.org
Scott Wood <scottwood@freescale.com> wrote on 14/10/2009 19:20:03:
>
> On Sun, Oct 11, 2009 at 06:35:08PM +0200, Joakim Tjernlund wrote:
> > This is an assembler version to fixup DAR not being set
> > by dcbX, icbi instructions. There are two versions, one
> > uses selfmodifing code, the other uses a
> > jump table but is much bigger(default).
> > ---
> >  arch/powerpc/kernel/head_8xx.S |  146 +++++++++++++++++++++++++++++++++++++++-
> >  1 files changed, 145 insertions(+), 1 deletions(-)
> >
> > diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
> > index 093176c..9839e79 100644
> > --- a/arch/powerpc/kernel/head_8xx.S
> > +++ b/arch/powerpc/kernel/head_8xx.S
> > @@ -494,7 +494,8 @@ DataTLBError:
> >
> >     mfspr   r10, SPRN_DAR
> >     cmpwi   cr0, r10, 0x00f0
> > -   beq-   2f   /* must be a buggy dcbX, icbi insn. */
> > +   beq-   FixDAR   /* must be a buggy dcbX, icbi insn. */
> > +DARFix:   /* Return from dcbx instruction bug workaround, r10 holds value of DAR */
>
> Both FixDAR and DARFix?  Could we make the labels a little clearer?
Yes, need to come up with better names :)
>
> > +/* This is the procedure to calculate the data EA for buggy dcbx,dcbi instructions
> > + * by decoding the registers used by the dcbx instruction and adding them.
> > + * DAR is set to the calculated address and r10 also holds the EA on exit.
> > + */
>
> How often does this happen?  Could we just do it in C code after saving all
> the registers, and avoid the self modifying stuff (or the big switch
> statement equivalent)?
I had some problems with the C-version. I got lots of extra TLB errors for the same address
so I am not confident it will work in the long run.
BTW, you could add a test and printk in do_page_fault on address 0x000000f0.
if that ever hits there is a problem with dcbX fixup.
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-10-14 19:05           ` Joakim Tjernlund
@ 2009-10-14 19:23             ` Scott Wood
  2009-10-14 20:03               ` Joakim Tjernlund
  0 siblings, 1 reply; 37+ messages in thread
From: Scott Wood @ 2009-10-14 19:23 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Rex Feany, linuxppc-dev@ozlabs.org
Joakim Tjernlund wrote:
> BTW, you could add a test and printk in do_page_fault on address 0x000000f0.
> if that ever hits there is a problem with dcbX fixup.
It doesn't get any 0xf0 faults.
FWIW, I'm not seeing the segfault any more, but I still get the lockup.
-Scott
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-10-14 19:23             ` Scott Wood
@ 2009-10-14 20:03               ` Joakim Tjernlund
  2009-10-14 20:22                 ` Scott Wood
  0 siblings, 1 reply; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-14 20:03 UTC (permalink / raw)
  To: Scott Wood; +Cc: Rex Feany, linuxppc-dev@ozlabs.org
Scott Wood <scottwood@freescale.com> wrote on 14/10/2009 21:23:02:
> Joakim Tjernlund wrote:
> > BTW, you could add a test and printk in do_page_fault on address 0x000000f0.
> > if that ever hits there is a problem with dcbX fixup.
>
> It doesn't get any 0xf0 faults.
>
> FWIW, I'm not seeing the segfault any more, but I still get the lockup.
Have you reverted
 8xx: start using dcbX instructions in various copy routines ?
After that you could stick a
 b DataAccess
 directly in the DTLB error handler to skip and dcbX fixups.
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-10-14 20:03               ` Joakim Tjernlund
@ 2009-10-14 20:22                 ` Scott Wood
  2009-10-14 21:10                   ` Joakim Tjernlund
  0 siblings, 1 reply; 37+ messages in thread
From: Scott Wood @ 2009-10-14 20:22 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Rex Feany, linuxppc-dev@ozlabs.org
Joakim Tjernlund wrote:
> Scott Wood <scottwood@freescale.com> wrote on 14/10/2009 21:23:02:
>> Joakim Tjernlund wrote:
>>> BTW, you could add a test and printk in do_page_fault on address 0x000000f0.
>>> if that ever hits there is a problem with dcbX fixup.
>> It doesn't get any 0xf0 faults.
>>
>> FWIW, I'm not seeing the segfault any more, but I still get the lockup.
> 
> Have you reverted
>  8xx: start using dcbX instructions in various copy routines ?
> 
> After that you could stick a
>  b DataAccess
> 
>  directly in the DTLB error handler to skip and dcbX fixups.
With that, I don't see the hard lockup, but things get stuck during 
bootup with everything idle.  I see this even if I revert everything but 
the "invalidate non present TLBs" patch, and I was seeing similar things 
sometimes with the other tlbil_va hacks.
I think there's something else going on in the 2.6 8xx code that needs 
to be fixed before we can tell what the impact of these patches is. 
I'll look into it.
-Scott
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-10-14 20:22                 ` Scott Wood
@ 2009-10-14 21:10                   ` Joakim Tjernlund
  2009-10-14 21:14                     ` Scott Wood
  0 siblings, 1 reply; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-14 21:10 UTC (permalink / raw)
  To: Scott Wood; +Cc: Rex Feany, linuxppc-dev@ozlabs.org
Scott Wood <scottwood@freescale.com> wrote on 14/10/2009 22:22:25:
>
> Joakim Tjernlund wrote:
> > Scott Wood <scottwood@freescale.com> wrote on 14/10/2009 21:23:02:
> >> Joakim Tjernlund wrote:
> >>> BTW, you could add a test and printk in do_page_fault on address 0x000000f0.
> >>> if that ever hits there is a problem with dcbX fixup.
> >> It doesn't get any 0xf0 faults.
> >>
> >> FWIW, I'm not seeing the segfault any more, but I still get the lockup.
> >
> > Have you reverted
> >  8xx: start using dcbX instructions in various copy routines ?
> >
> > After that you could stick a
> >  b DataAccess
> >
> >  directly in the DTLB error handler to skip and dcbX fixups.
>
> With that, I don't see the hard lockup, but things get stuck during
You needed both to loose the hard lockup? I would think
it should be enough to revert the "various copy routines" stuff?
I figure that these routines aren't working in 8xx for other reasons
since they haven't been used on 8xx since at least early 2.4.
> bootup with everything idle.  I see this even if I revert everything but
> the "invalidate non present TLBs" patch, and I was seeing similar things
> sometimes with the other tlbil_va hacks.
OK, something else is up.
>
> I think there's something else going on in the 2.6 8xx code that needs
> to be fixed before we can tell what the impact of these patches is.
> I'll look into it.
Great because I am really out of ideas. Perhaps back down to 2.6.30 and test
from there?
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-10-14 21:10                   ` Joakim Tjernlund
@ 2009-10-14 21:14                     ` Scott Wood
  2009-10-14 21:17                       ` Benjamin Herrenschmidt
  0 siblings, 1 reply; 37+ messages in thread
From: Scott Wood @ 2009-10-14 21:14 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Rex Feany, linuxppc-dev@ozlabs.org
Joakim Tjernlund wrote:
>> With that, I don't see the hard lockup, but things get stuck during
> 
> You needed both to loose the hard lockup? I would think
> it should be enough to revert the "various copy routines" stuff?
No, but when I just reverted the patch and didn't change the TLB error handler, 
I got some other weirdness (assertion failure in some userspace program).  It 
may have been coincidental, though.
>> I think there's something else going on in the 2.6 8xx code that needs
>> to be fixed before we can tell what the impact of these patches is.
>> I'll look into it.
> 
> Great because I am really out of ideas. Perhaps back down to 2.6.30 and test
> from there?
I think the last working version was a little older than that -- and it's quite 
possible that there was underlying badness even earlier that just recently got 
exposed.  I think I want to just debug it and find out what's really going on.
-Scott
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-10-14 21:14                     ` Scott Wood
@ 2009-10-14 21:17                       ` Benjamin Herrenschmidt
  2009-10-14 21:41                         ` Joakim Tjernlund
  0 siblings, 1 reply; 37+ messages in thread
From: Benjamin Herrenschmidt @ 2009-10-14 21:17 UTC (permalink / raw)
  To: Scott Wood; +Cc: linuxppc-dev@ozlabs.org, Rex Feany
On Wed, 2009-10-14 at 16:14 -0500, Scott Wood wrote:
> 
> I think the last working version was a little older than that -- and it's quite 
> possible that there was underlying badness even earlier that just recently got 
> exposed.  I think I want to just debug it and find out what's really going on.
That would be good :-)
I've been itching to do that but without HW it's not trivial :-)
Cheers,
Ben.
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-10-14 21:17                       ` Benjamin Herrenschmidt
@ 2009-10-14 21:41                         ` Joakim Tjernlund
  2009-10-14 21:52                           ` Benjamin Herrenschmidt
  0 siblings, 1 reply; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-14 21:41 UTC (permalink / raw)
  To: Benjamin Herrenschmidt; +Cc: Scott Wood, linuxppc-dev@ozlabs.org, Rex Feany
Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote on 14/10/2009 23:17:09:
>
> On Wed, 2009-10-14 at 16:14 -0500, Scott Wood wrote:
> >
> > I think the last working version was a little older than that -- and it's quite
> > possible that there was underlying badness even earlier that just recently got
> > exposed.  I think I want to just debug it and find out what's really going on.
>
> That would be good :-)
>
> I've been itching to do that but without HW it's not trivial :-)
Meanwhile, how about the tlb asm you promised me? :)
It will be a challenge I think since you only have 2 GPRs
I guess it would be possible to stash yet another reg since it
will fit in the cache line already used by the TLB handlers.
 Jocke
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-10-14 21:41                         ` Joakim Tjernlund
@ 2009-10-14 21:52                           ` Benjamin Herrenschmidt
  2009-10-14 22:09                             ` Joakim Tjernlund
  0 siblings, 1 reply; 37+ messages in thread
From: Benjamin Herrenschmidt @ 2009-10-14 21:52 UTC (permalink / raw)
  To: Joakim Tjernlund; +Cc: Scott Wood, linuxppc-dev@ozlabs.org, Rex Feany
On Wed, 2009-10-14 at 23:41 +0200, Joakim Tjernlund wrote:
> Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote on 14/10/2009 23:17:09:
> >
> > On Wed, 2009-10-14 at 16:14 -0500, Scott Wood wrote:
> > >
> > > I think the last working version was a little older than that -- and it's quite
> > > possible that there was underlying badness even earlier that just recently got
> > > exposed.  I think I want to just debug it and find out what's really going on.
> >
> > That would be good :-)
> >
> > I've been itching to do that but without HW it's not trivial :-)
> 
> Meanwhile, how about the tlb asm you promised me? :)
> It will be a challenge I think since you only have 2 GPRs
> I guess it would be possible to stash yet another reg since it
> will fit in the cache line already used by the TLB handlers.
Let's just get it working first :-)
Ben.
^ permalink raw reply	[flat|nested] 37+ messages in thread
* Re: [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-10-14 21:52                           ` Benjamin Herrenschmidt
@ 2009-10-14 22:09                             ` Joakim Tjernlund
  0 siblings, 0 replies; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-14 22:09 UTC (permalink / raw)
  To: Benjamin Herrenschmidt; +Cc: Scott Wood, linuxppc-dev@ozlabs.org, Rex Feany
Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote on 14/10/2009 23:52:10:
>
> On Wed, 2009-10-14 at 23:41 +0200, Joakim Tjernlund wrote:
> > Benjamin Herrenschmidt <benh@kernel.crashing.org> wrote on 14/10/2009 23:17:09:
> > >
> > > On Wed, 2009-10-14 at 16:14 -0500, Scott Wood wrote:
> > > >
> > > > I think the last working version was a little older than that -- and it's quite
> > > > possible that there was underlying badness even earlier that just recently got
> > > > exposed.  I think I want to just debug it and find out what's really going on.
> > >
> > > That would be good :-)
> > >
> > > I've been itching to do that but without HW it's not trivial :-)
> >
> > Meanwhile, how about the tlb asm you promised me? :)
> > It will be a challenge I think since you only have 2 GPRs
> > I guess it would be possible to stash yet another reg since it
> > will fit in the cache line already used by the TLB handlers.
>
> Let's just get it working first :-)
Chicken :):)
^ permalink raw reply	[flat|nested] 37+ messages in thread
* [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-10-15  9:04     ` [PATCH 3/8] 8xx: Tag DAR with 0x00f0 to catch buggy instructions Joakim Tjernlund
@ 2009-10-15  9:04       ` Joakim Tjernlund
  0 siblings, 0 replies; 37+ messages in thread
From: Joakim Tjernlund @ 2009-10-15  9:04 UTC (permalink / raw)
  To: Scott Wood, Rex Feany, Benjamin Herrenschmidt,
	linuxppc-dev@ozlabs.org
This is an assembler version to fixup DAR not being set
by dcbX, icbi instructions. There are two versions, one
uses selfmodifing code, the other uses a
jump table but is much bigger(default).
---
 arch/powerpc/kernel/head_8xx.S |  180 +++++++++++++++++++++++++++++++++++++++-
 1 files changed, 176 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
index bca22fa..320f333 100644
--- a/arch/powerpc/kernel/head_8xx.S
+++ b/arch/powerpc/kernel/head_8xx.S
@@ -494,11 +494,16 @@ DataTLBError:
 
 	mfspr	r10, SPRN_DAR
 	cmpwi	cr0, r10, 0x00f0
-	beq-	2f	/* must be a buggy dcbX, icbi insn. */
-
+	beq-	FixupDAR	/* must be a buggy dcbX, icbi insn. */
+DARFixed:/* Return from dcbx instruction bug workaround, r10 holds value of DAR */
 	mfspr	r11, SPRN_DSISR
-	andis.	r11, r11, 0x4800	/* !translation or protection */
-	bne	2f	/* branch if either is set */
+	/* As the DAR fixup may clear store we may have all 3 states zero.
+	 * Make sure only 0x0200(store) falls down into DIRTY handling
+	 */
+	andis.	r11, r11, 0x4a00	/* !translation, protection or store */
+	srwi	r11, r11, 16
+	cmpwi	cr0, r11, 0x0200	/* just store ? */
+	bne	2f
 	/* Only Change bit left now, do it here as it is faster
 	 * than trapping to the C fault handler.
 	*/
@@ -604,6 +609,173 @@ DataTLBError:
 
 	. = 0x2000
 
+/* This is the procedure to calculate the data EA for buggy dcbx,dcbi instructions
+ * by decoding the registers used by the dcbx instruction and adding them.
+ * DAR is set to the calculated address and r10 also holds the EA on exit.
+ */
+#define NO_SELF_MODIFYING_CODE /* define if you don't want to use self modifying code */
+	nop	/* A few nops to make the modified_instr: space below cache line aligned */
+	nop
+139:	/* fetch instruction from userspace memory */
+	DO_8xx_CPU6(0x3780, r3)
+	mtspr	SPRN_MD_EPN, r10
+	mfspr	r11, SPRN_M_TWB	/* Get level 1 table entry address */
+	lwz	r11, 0(r11)	/* Get the level 1 entry */
+	tophys  (r11, r11)
+	DO_8xx_CPU6(0x3b80, r3)
+	mtspr	SPRN_MD_TWC, r11	/* Load pte table base address */
+	mfspr	r11, SPRN_MD_TWC	/* ....and get the pte address */
+	lwz	r11, 0(r11)	/* Get the pte */
+	/* concat physical page address(r11) and page offset(r10) */
+	rlwimi	r11, r10, 0, 20, 31
+	b	140f
+FixupDAR:	/* Entry point for dcbx workaround. */
+	/* fetch instruction from memory. */
+	mfspr	r10, SPRN_SRR0
+	andis.	r11, r10, 0x8000
+	tophys  (r11, r10)
+	beq-	139b		/* Branch if user space address */
+140:	lwz	r11,0(r11)
+/* Check if it really is a dcbx instruction. */
+/* dcbt and dcbtst does not generate DTLB Misses/Errors,
+ * no need to include them here */
+	srwi	r10, r11, 26	/* check if major OP code is 31 */
+	cmpwi	cr0, r10, 31
+	bne-	141f
+	rlwinm	r10, r11, 0, 21, 30
+	cmpwi	cr0, r10, 2028	/* Is dcbz? */
+	beq+	142f
+	cmpwi	cr0, r10, 940	/* Is dcbi? */
+	beq+	142f
+	cmpwi	cr0, r10, 108	/* Is dcbst? */
+	beq+	144f		/* Fix up store bit! */
+	cmpwi	cr0, r10, 172	/* Is dcbf? */
+	beq+	142f
+	cmpwi	cr0, r10, 1964	/* Is icbi? */
+	beq+	142f
+141:	mfspr	r10, SPRN_DAR	/* r10 must hold DAR at exit */
+	b	DARfix		/* Nope, go back to normal TLB processing */
+
+144:	mfspr	r10, SPRN_DSISR
+	rlwinm	r10, r10,0,7,5	/* Clear store bit for buggy dcbst insn */
+	mtspr	SPRN_DSISR, r10
+142:	/* continue, it was a dcbx, dcbi instruction. */
+#ifdef CONFIG_8xx_CPU6
+	lwz	r3, 8(r0)	/* restore r3 from memory */
+#endif
+#ifndef NO_SELF_MODIFYING_CODE
+	andis.	r10,r11,0x1f	/* test if reg RA is r0 */
+	li	r10,modified_instr@l
+	dcbtst	r0,r10		/* touch for store */
+	rlwinm	r11,r11,0,0,20	/* Zero lower 10 bits */
+	oris	r11,r11,640	/* Transform instr. to a "add r10,RA,RB" */
+	ori	r11,r11,532
+	stw	r11,0(r10)	/* store add/and instruction */
+	dcbf	0,r10		/* flush new instr. to memory. */
+	icbi	0,r10		/* invalidate instr. cache line */
+	lwz	r11, 4(r0)	/* restore r11 from memory */
+	mfspr	r10, SPRN_M_TW	/* restore r10 from M_TW */
+	isync			/* Wait until new instr is loaded from memory */
+modified_instr:
+	.space	4		/* this is where the add/and instr. is stored */
+	bne+	143f
+	subf	r10,r0,r10	/* r10=r10-r0, only if reg RA is r0 */
+143:	mtdar	r10		/* store faulting EA in DAR */
+	b	DARFixed	/* Go back to normal TLB handling */
+#else
+	mfctr	r10
+	mtdar	r10			/* save ctr reg in DAR */
+	rlwinm	r10, r11, 24, 24, 28	/* offset into jump table for reg RB */
+	addi	r10, r10, 150f@l	/* add start of table */
+	mtctr	r10			/* load ctr with jump address */
+	xor	r10, r10, r10		/* sum starts at zero */
+	bctr				/* jump into table */
+150:
+	add	r10, r10, r0
+	b	151f
+	add	r10, r10, r1
+	b	151f
+	add	r10, r10, r2
+	b	151f
+	add	r10, r10, r3
+	b	151f
+	add	r10, r10, r4
+	b	151f
+	add	r10, r10, r5
+	b	151f
+	add	r10, r10, r6
+	b	151f
+	add	r10, r10, r7
+	b	151f
+	add	r10, r10, r8
+	b	151f
+	add	r10, r10, r9
+	b	151f
+	add	r10, r10, r10
+	b	151f
+	add	r10, r10, r11
+	b	151f
+	add	r10, r10, r12
+	b	151f
+	add	r10, r10, r13
+	b	151f
+	add	r10, r10, r14
+	b	151f
+	add	r10, r10, r15
+	b	151f
+	add	r10, r10, r16
+	b	151f
+	add	r10, r10, r17
+	b	151f
+	add	r10, r10, r18
+	b	151f
+	add	r10, r10, r19
+	b	151f
+	mtctr	r11	/* r10 needs special handling */
+	b	154f
+	mtctr	r11	/* r11 needs special handling */
+	b	153f
+	add	r10, r10, r22
+	b	151f
+	add	r10, r10, r23
+	b	151f
+	add	r10, r10, r24
+	b	151f
+	add	r10, r10, r25
+	b	151f
+	add	r10, r10, r25
+	b	151f
+	add	r10, r10, r27
+	b	151f
+	add	r10, r10, r28
+	b	151f
+	add	r10, r10, r29
+	b	151f
+	add	r10, r10, r30
+	b	151f
+	add	r10, r10, r31
+151:
+	rlwinm. r11,r11,19,24,28	/* offset into jump table for reg RA */
+	beq	152f			/* if reg RA is zero, don't add it */ 
+	addi	r11, r11, 150b@l	/* add start of table */
+	mtctr	r11			/* load ctr with jump address */
+	rlwinm	r11,r11,0,16,10		/* make sure we don't execute this more than once */
+	bctr				/* jump into table */
+152:
+	mfdar	r11
+	mtctr	r11			/* restore ctr reg from DAR */
+	mtdar	r10			/* save fault EA to DAR */
+	b	DARFixed		/* Go back to normal TLB handling */
+
+	/* special handling for r10,r11 since these are modified already */
+153:	lwz	r11, 4(r0)	/* load r11 from memory */
+	b	155f
+154:	mfspr	r11, SPRN_M_TW	/* load r10 from M_TW */
+155:	add	r10, r10, r11	/* add it */
+	mfctr	r11		/* restore r11 */
+	b	151b
+#endif
+
 	.globl	giveup_fpu
 giveup_fpu:
 	blr
-- 
1.6.4.4
^ permalink raw reply related	[flat|nested] 37+ messages in thread
* [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions.
  2009-11-04 13:38     ` [PATCH 3/8] 8xx: Tag DAR with 0x00f0 to catch buggy instructions Joakim Tjernlund
@ 2009-11-04 13:38       ` Joakim Tjernlund
  0 siblings, 0 replies; 37+ messages in thread
From: Joakim Tjernlund @ 2009-11-04 13:38 UTC (permalink / raw)
  To: Scott Wood, Rex Feany, Benjamin Herrenschmidt,
	linuxppc-dev@ozlabs.org
This is an assembler version to fixup DAR not being set
by dcbX, icbi instructions. There are two versions, one
uses selfmodifing code, the other uses a
jump table but is much bigger(default).
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
---
 arch/powerpc/kernel/head_8xx.S |  147 ++++++++++++++++++++++++++++++++++++++-
 1 files changed, 143 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S
index a9f1ace..1d8e4e3 100644
--- a/arch/powerpc/kernel/head_8xx.S
+++ b/arch/powerpc/kernel/head_8xx.S
@@ -494,11 +494,16 @@ DataTLBError:
 
 	mfspr	r10, SPRN_DAR
 	cmpwi	cr0, r10, 0x00f0
-	beq-	2f	/* must be a buggy dcbX, icbi insn. */
-
+	beq-	FixupDAR	/* must be a buggy dcbX, icbi insn. */
+DARFixed:/* Return from dcbx instruction bug workaround, r10 holds value of DAR */
 	mfspr	r11, SPRN_DSISR
-	andis.	r11, r11, 0x4800	/* !translation or protection */
-	bne	2f	/* branch if either is set */
+	/* As the DAR fixup may clear store we may have all 3 states zero.
+	 * Make sure only 0x0200(store) falls down into DIRTY handling
+	 */
+	andis.	r11, r11, 0x4a00	/* !translation, protection or store */
+	srwi	r11, r11, 16
+	cmpwi	cr0, r11, 0x0200	/* just store ? */
+	bne	2f
 	/* Only Change bit left now, do it here as it is faster
 	 * than trapping to the C fault handler.
 	*/
@@ -604,6 +609,140 @@ DataTLBError:
 
 	. = 0x2000
 
+/* This is the procedure to calculate the data EA for buggy dcbx,dcbi instructions
+ * by decoding the registers used by the dcbx instruction and adding them.
+ * DAR is set to the calculated address and r10 also holds the EA on exit.
+ */
+ /* define if you don't want to use self modifying code */
+#define NO_SELF_MODIFYING_CODE
+FixupDAR:/* Entry point for dcbx workaround. */
+	/* fetch instruction from memory. */
+	mfspr	r10, SPRN_SRR0
+	DO_8xx_CPU6(0x3780, r3)
+	mtspr	SPRN_MD_EPN, r10
+	mfspr	r11, SPRN_M_TWB	/* Get level 1 table entry address */
+	cmplwi	cr0, r11, 0x0800
+	blt-	3f		/* Branch if user space */
+	lis	r11, (swapper_pg_dir-PAGE_OFFSET)@h
+	ori	r11, r11, (swapper_pg_dir-PAGE_OFFSET)@l
+	rlwimi	r11, r10, 22, 0xffc
+3:	lwz	r11, 0(r11)	/* Get the level 1 entry */
+	DO_8xx_CPU6(0x3b80, r3)
+	mtspr	SPRN_MD_TWC, r11	/* Load pte table base address */
+	mfspr	r11, SPRN_MD_TWC	/* ....and get the pte address */
+	lwz	r11, 0(r11)	/* Get the pte */
+	/* concat physical page address(r11) and page offset(r10) */
+	rlwimi	r11, r10, 0, 20, 31
+	lwz	r11,0(r11)
+/* Check if it really is a dcbx instruction. */
+/* dcbt and dcbtst does not generate DTLB Misses/Errors,
+ * no need to include them here */
+	srwi	r10, r11, 26	/* check if major OP code is 31 */
+	cmpwi	cr0, r10, 31
+	bne-	141f
+	rlwinm	r10, r11, 0, 21, 30
+	cmpwi	cr0, r10, 2028	/* Is dcbz? */
+	beq+	142f
+	cmpwi	cr0, r10, 940	/* Is dcbi? */
+	beq+	142f
+	cmpwi	cr0, r10, 108	/* Is dcbst? */
+	beq+	144f		/* Fix up store bit! */
+	cmpwi	cr0, r10, 172	/* Is dcbf? */
+	beq+	142f
+	cmpwi	cr0, r10, 1964	/* Is icbi? */
+	beq+	142f
+141:	mfspr	r10, SPRN_DAR	/* r10 must hold DAR at exit */
+	b	DARFixed	/* Nope, go back to normal TLB processing */
+
+144:	mfspr	r10, SPRN_DSISR
+	rlwinm	r10, r10,0,7,5	/* Clear store bit for buggy dcbst insn */
+	mtspr	SPRN_DSISR, r10
+142:	/* continue, it was a dcbx, dcbi instruction. */
+#ifdef CONFIG_8xx_CPU6
+	lwz	r3, 8(r0)	/* restore r3 from memory */
+#endif
+#ifndef NO_SELF_MODIFYING_CODE
+	andis.	r10,r11,0x1f	/* test if reg RA is r0 */
+	li	r10,modified_instr@l
+	dcbtst	r0,r10		/* touch for store */
+	rlwinm	r11,r11,0,0,20	/* Zero lower 10 bits */
+	oris	r11,r11,640	/* Transform instr. to a "add r10,RA,RB" */
+	ori	r11,r11,532
+	stw	r11,0(r10)	/* store add/and instruction */
+	dcbf	0,r10		/* flush new instr. to memory. */
+	icbi	0,r10		/* invalidate instr. cache line */
+	lwz	r11, 4(r0)	/* restore r11 from memory */
+	mfspr	r10, SPRN_M_TW	/* restore r10 from M_TW */
+	isync			/* Wait until new instr is loaded from memory */
+modified_instr:
+	.space	4		/* this is where the add/and instr. is stored */
+	bne+	143f
+	subf	r10,r0,r10	/* r10=r10-r0, only if reg RA is r0 */
+143:	mtdar	r10		/* store faulting EA in DAR */
+	b	DARFixed	/* Go back to normal TLB handling */
+#else
+	mfctr	r10
+	mtdar	r10			/* save ctr reg in DAR */
+	rlwinm	r10, r11, 24, 24, 28	/* offset into jump table for reg RB */
+	addi	r10, r10, 150f@l	/* add start of table */
+	mtctr	r10			/* load ctr with jump address */
+	xor	r10, r10, r10		/* sum starts at zero */
+	bctr				/* jump into table */
+150:
+	add	r10, r10, r0	;b	151f
+	add	r10, r10, r1	;b	151f
+	add	r10, r10, r2	;b	151f
+	add	r10, r10, r3	;b	151f
+	add	r10, r10, r4	;b	151f
+	add	r10, r10, r5	;b	151f
+	add	r10, r10, r6	;b	151f
+	add	r10, r10, r7	;b	151f
+	add	r10, r10, r8	;b	151f
+	add	r10, r10, r9	;b	151f
+	mtctr	r11	;b	154f	/* r10 needs special handling */
+	mtctr	r11	;b	153f	/* r11 needs special handling */
+	add	r10, r10, r12	;b	151f
+	add	r10, r10, r13	;b	151f
+	add	r10, r10, r14	;b	151f
+	add	r10, r10, r15	;b	151f
+	add	r10, r10, r16	;b	151f
+	add	r10, r10, r17	;b	151f
+	add	r10, r10, r18	;b	151f
+	add	r10, r10, r19	;b	151f
+	add	r10, r10, r20	;b	151f
+	add	r10, r10, r21	;b	151f
+	add	r10, r10, r22	;b	151f
+	add	r10, r10, r23	;b	151f
+	add	r10, r10, r24	;b	151f
+	add	r10, r10, r25	;b	151f
+	add	r10, r10, r25	;b	151f
+	add	r10, r10, r27	;b	151f
+	add	r10, r10, r28	;b	151f
+	add	r10, r10, r29	;b	151f
+	add	r10, r10, r30	;b	151f
+	add	r10, r10, r31
+151:
+	rlwinm. r11,r11,19,24,28	/* offset into jump table for reg RA */
+	beq	152f			/* if reg RA is zero, don't add it */ 
+	addi	r11, r11, 150b@l	/* add start of table */
+	mtctr	r11			/* load ctr with jump address */
+	rlwinm	r11,r11,0,16,10		/* make sure we don't execute this more than once */
+	bctr				/* jump into table */
+152:
+	mfdar	r11
+	mtctr	r11			/* restore ctr reg from DAR */
+	mtdar	r10			/* save fault EA to DAR */
+	b	DARFixed		/* Go back to normal TLB handling */
+
+	/* special handling for r10,r11 since these are modified already */
+153:	lwz	r11, 4(r0)	/* load r11 from memory */
+	b	155f
+154:	mfspr	r11, SPRN_M_TW	/* load r10 from M_TW */
+155:	add	r10, r10, r11	/* add it */
+	mfctr	r11		/* restore r11 */
+	b	151b
+#endif
+
 	.globl	giveup_fpu
 giveup_fpu:
 	blr
-- 
1.6.4.4
^ permalink raw reply related	[flat|nested] 37+ messages in thread
end of thread, other threads:[~2009-11-04 13:38 UTC | newest]
Thread overview: 37+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-10-11 16:35 [PATCH 0/8] Fix 8xx MMU/TLB Joakim Tjernlund
2009-10-11 16:35 ` [PATCH 1/8] 8xx: invalidate non present TLBs Joakim Tjernlund
2009-10-11 16:35   ` [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects Joakim Tjernlund
2009-10-11 16:35     ` [PATCH 3/8] 8xx: Tag DAR with 0x00f0 to catch buggy instructions Joakim Tjernlund
2009-10-11 16:35       ` [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions Joakim Tjernlund
2009-10-11 16:35         ` [PATCH 5/8] 8xx: dcbst sets store bit in DTLB error, workaround Joakim Tjernlund
2009-10-11 16:35           ` [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error Joakim Tjernlund
2009-10-11 16:35             ` [PATCH 7/8] 8xx: Restore _PAGE_WRITETHRU Joakim Tjernlund
2009-10-11 16:35               ` [PATCH 8/8] 8xx: start using dcbX instructions in various copy routines Joakim Tjernlund
2009-10-11 21:26               ` [PATCH 7/8] 8xx: Restore _PAGE_WRITETHRU Benjamin Herrenschmidt
2009-10-11 22:21                 ` Joakim Tjernlund
2009-10-11 22:45                   ` Benjamin Herrenschmidt
2009-10-11 21:25             ` [PATCH 6/8] 8xx: Add missing Guarded setting in DTLB Error Benjamin Herrenschmidt
2009-10-11 22:19               ` Joakim Tjernlund
2009-10-11 22:44                 ` Benjamin Herrenschmidt
2009-10-12  5:36                   ` Joakim Tjernlund
2009-10-12  5:46                     ` Benjamin Herrenschmidt
2009-10-12  6:59                       ` Joakim Tjernlund
2009-10-14 17:02           ` [PATCH 5/8] 8xx: dcbst sets store bit in DTLB error, workaround Scott Wood
2009-10-14 17:20         ` [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions Scott Wood
2009-10-14 19:05           ` Joakim Tjernlund
2009-10-14 19:23             ` Scott Wood
2009-10-14 20:03               ` Joakim Tjernlund
2009-10-14 20:22                 ` Scott Wood
2009-10-14 21:10                   ` Joakim Tjernlund
2009-10-14 21:14                     ` Scott Wood
2009-10-14 21:17                       ` Benjamin Herrenschmidt
2009-10-14 21:41                         ` Joakim Tjernlund
2009-10-14 21:52                           ` Benjamin Herrenschmidt
2009-10-14 22:09                             ` Joakim Tjernlund
2009-10-11 21:25     ` [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects Benjamin Herrenschmidt
2009-10-14 16:57     ` Scott Wood
2009-10-14 16:56   ` [PATCH 1/8] 8xx: invalidate non present TLBs Scott Wood
2009-10-14 17:23 ` [PATCH 0/8] Fix 8xx MMU/TLB Scott Wood
2009-10-14 18:46   ` Joakim Tjernlund
  -- strict thread matches above, loose matches on Subject: below --
2009-10-15  9:04 Joakim Tjernlund
2009-10-15  9:04 ` [PATCH 1/8] 8xx: invalidate non present TLBs Joakim Tjernlund
2009-10-15  9:04   ` [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects Joakim Tjernlund
2009-10-15  9:04     ` [PATCH 3/8] 8xx: Tag DAR with 0x00f0 to catch buggy instructions Joakim Tjernlund
2009-10-15  9:04       ` [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions Joakim Tjernlund
2009-11-04 13:38 [PATCH 0/8] 8xx: Misc fixes for buggy insn Joakim Tjernlund
2009-11-04 13:38 ` [PATCH 1/8] 8xx: invalidate non present TLBs Joakim Tjernlund
2009-11-04 13:38   ` [PATCH 2/8] 8xx: Update TLB asm so it behaves as linux mm expects Joakim Tjernlund
2009-11-04 13:38     ` [PATCH 3/8] 8xx: Tag DAR with 0x00f0 to catch buggy instructions Joakim Tjernlund
2009-11-04 13:38       ` [PATCH 4/8] 8xx: Fixup DAR from buggy dcbX instructions Joakim Tjernlund
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).