2019-05-30 07:57:47 +08:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0-only */
|
2011-11-23 01:30:29 +08:00
|
|
|
/*
|
|
|
|
* arch/arm/mm/proc-v7-3level.S
|
|
|
|
*
|
|
|
|
* Copyright (C) 2001 Deep Blue Solutions Ltd.
|
|
|
|
* Copyright (C) 2011 ARM Ltd.
|
|
|
|
* Author: Catalin Marinas <catalin.marinas@arm.com>
|
|
|
|
* based on arch/arm/mm/proc-v7-2level.S
|
|
|
|
*/
|
2014-06-30 23:29:12 +08:00
|
|
|
#include <asm/assembler.h>
|
2011-11-23 01:30:29 +08:00
|
|
|
|
|
|
|
#define TTB_IRGN_NC (0 << 8)
|
|
|
|
#define TTB_IRGN_WBWA (1 << 8)
|
|
|
|
#define TTB_IRGN_WT (2 << 8)
|
|
|
|
#define TTB_IRGN_WB (3 << 8)
|
|
|
|
#define TTB_RGN_NC (0 << 10)
|
|
|
|
#define TTB_RGN_OC_WBWA (1 << 10)
|
|
|
|
#define TTB_RGN_OC_WT (2 << 10)
|
|
|
|
#define TTB_RGN_OC_WB (3 << 10)
|
|
|
|
#define TTB_S (3 << 12)
|
|
|
|
#define TTB_EAE (1 << 31)
|
|
|
|
|
|
|
|
/* PTWs cacheable, inner WB not shareable, outer WB not shareable */
|
|
|
|
#define TTB_FLAGS_UP (TTB_IRGN_WB|TTB_RGN_OC_WB)
|
|
|
|
#define PMD_FLAGS_UP (PMD_SECT_WB)
|
|
|
|
|
|
|
|
/* PTWs cacheable, inner WBWA shareable, outer WBWA not shareable */
|
|
|
|
#define TTB_FLAGS_SMP (TTB_IRGN_WBWA|TTB_S|TTB_RGN_OC_WBWA)
|
|
|
|
#define PMD_FLAGS_SMP (PMD_SECT_WBWA|PMD_SECT_S)
|
|
|
|
|
2012-07-17 03:37:06 +08:00
|
|
|
#ifndef __ARMEB__
|
|
|
|
# define rpgdl r0
|
|
|
|
# define rpgdh r1
|
|
|
|
#else
|
|
|
|
# define rpgdl r1
|
|
|
|
# define rpgdh r0
|
|
|
|
#endif
|
|
|
|
|
2011-11-23 01:30:29 +08:00
|
|
|
/*
|
|
|
|
* cpu_v7_switch_mm(pgd_phys, tsk)
|
|
|
|
*
|
|
|
|
* Set the translation table base pointer to be pgd_phys (physical address of
|
|
|
|
* the new TTB).
|
|
|
|
*/
|
|
|
|
ENTRY(cpu_v7_switch_mm)
|
|
|
|
#ifdef CONFIG_MMU
|
2012-07-17 03:37:06 +08:00
|
|
|
mmid r2, r2
|
|
|
|
asid r2, r2
|
|
|
|
orr rpgdh, rpgdh, r2, lsl #(48 - 32) @ upper 32-bits of pgd
|
|
|
|
mcrr p15, 0, rpgdl, rpgdh, c2 @ set TTB 0
|
2011-11-23 01:30:29 +08:00
|
|
|
isb
|
|
|
|
#endif
|
2014-06-30 23:29:12 +08:00
|
|
|
ret lr
|
2011-11-23 01:30:29 +08:00
|
|
|
ENDPROC(cpu_v7_switch_mm)
|
|
|
|
|
ARM: 8037/1: mm: support big-endian page tables
When enable LPAE and big-endian in a hisilicon board, while specify
mem=384M mem=512M@7680M, will get bad page state:
Freeing unused kernel memory: 180K (c0466000 - c0493000)
BUG: Bad page state in process init pfn:fa442
page:c7749840 count:0 mapcount:-1 mapping: (null) index:0x0
page flags: 0x40000400(reserved)
Modules linked in:
CPU: 0 PID: 1 Comm: init Not tainted 3.10.27+ #66
[<c000f5f0>] (unwind_backtrace+0x0/0x11c) from [<c000cbc4>] (show_stack+0x10/0x14)
[<c000cbc4>] (show_stack+0x10/0x14) from [<c009e448>] (bad_page+0xd4/0x104)
[<c009e448>] (bad_page+0xd4/0x104) from [<c009e520>] (free_pages_prepare+0xa8/0x14c)
[<c009e520>] (free_pages_prepare+0xa8/0x14c) from [<c009f8ec>] (free_hot_cold_page+0x18/0xf0)
[<c009f8ec>] (free_hot_cold_page+0x18/0xf0) from [<c00b5444>] (handle_pte_fault+0xcf4/0xdc8)
[<c00b5444>] (handle_pte_fault+0xcf4/0xdc8) from [<c00b6458>] (handle_mm_fault+0xf4/0x120)
[<c00b6458>] (handle_mm_fault+0xf4/0x120) from [<c0013754>] (do_page_fault+0xfc/0x354)
[<c0013754>] (do_page_fault+0xfc/0x354) from [<c0008400>] (do_DataAbort+0x2c/0x90)
[<c0008400>] (do_DataAbort+0x2c/0x90) from [<c0008fb4>] (__dabt_usr+0x34/0x40)
The bad pfn:fa442 is not system memory(mem=384M mem=512M@7680M), after debugging,
I find in page fault handler, will get wrong pfn from pte just after set pte,
as follow:
do_anonymous_page()
{
...
set_pte_at(mm, address, page_table, entry);
//debug code
pfn = pte_pfn(entry);
pr_info("pfn:0x%lx, pte:0x%llxn", pfn, pte_val(entry));
//read out the pte just set
new_pte = pte_offset_map(pmd, address);
new_pfn = pte_pfn(*new_pte);
pr_info("new pfn:0x%lx, new pte:0x%llxn", pfn, pte_val(entry));
...
}
pfn: 0x1fa4f5, pte:0xc00001fa4f575f
new_pfn:0xfa4f5, new_pte:0xc00000fa4f5f5f //new pfn/pte is wrong.
The bug is happened in cpu_v7_set_pte_ext(ptep, pte):
An LPAE PTE is a 64bit quantity, passed to cpu_v7_set_pte_ext in the r2 and r3 registers.
On an LE kernel, r2 contains the LSB of the PTE, and r3 the MSB.
On a BE kernel, the assignment is reversed.
Unfortunately, the current code always assumes the LE case,
leading to corruption of the PTE when clearing/setting bits.
This patch fixes this issue much like it has been done already in the
cpu_v7_switch_mm case.
CC stable <stable@vger.kernel.org>
Signed-off-by: Jianguo Wu <wujianguo@huawei.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2014-04-24 10:45:56 +08:00
|
|
|
#ifdef __ARMEB__
|
|
|
|
#define rl r3
|
|
|
|
#define rh r2
|
|
|
|
#else
|
|
|
|
#define rl r2
|
|
|
|
#define rh r3
|
|
|
|
#endif
|
|
|
|
|
2011-11-23 01:30:29 +08:00
|
|
|
/*
|
|
|
|
* cpu_v7_set_pte_ext(ptep, pte)
|
|
|
|
*
|
|
|
|
* Set a level 2 translation table entry.
|
|
|
|
* - ptep - pointer to level 3 translation table entry
|
|
|
|
* - pte - PTE value to store (64-bit in r2 and r3)
|
|
|
|
*/
|
|
|
|
ENTRY(cpu_v7_set_pte_ext)
|
|
|
|
#ifdef CONFIG_MMU
|
ARM: 8037/1: mm: support big-endian page tables
When enable LPAE and big-endian in a hisilicon board, while specify
mem=384M mem=512M@7680M, will get bad page state:
Freeing unused kernel memory: 180K (c0466000 - c0493000)
BUG: Bad page state in process init pfn:fa442
page:c7749840 count:0 mapcount:-1 mapping: (null) index:0x0
page flags: 0x40000400(reserved)
Modules linked in:
CPU: 0 PID: 1 Comm: init Not tainted 3.10.27+ #66
[<c000f5f0>] (unwind_backtrace+0x0/0x11c) from [<c000cbc4>] (show_stack+0x10/0x14)
[<c000cbc4>] (show_stack+0x10/0x14) from [<c009e448>] (bad_page+0xd4/0x104)
[<c009e448>] (bad_page+0xd4/0x104) from [<c009e520>] (free_pages_prepare+0xa8/0x14c)
[<c009e520>] (free_pages_prepare+0xa8/0x14c) from [<c009f8ec>] (free_hot_cold_page+0x18/0xf0)
[<c009f8ec>] (free_hot_cold_page+0x18/0xf0) from [<c00b5444>] (handle_pte_fault+0xcf4/0xdc8)
[<c00b5444>] (handle_pte_fault+0xcf4/0xdc8) from [<c00b6458>] (handle_mm_fault+0xf4/0x120)
[<c00b6458>] (handle_mm_fault+0xf4/0x120) from [<c0013754>] (do_page_fault+0xfc/0x354)
[<c0013754>] (do_page_fault+0xfc/0x354) from [<c0008400>] (do_DataAbort+0x2c/0x90)
[<c0008400>] (do_DataAbort+0x2c/0x90) from [<c0008fb4>] (__dabt_usr+0x34/0x40)
The bad pfn:fa442 is not system memory(mem=384M mem=512M@7680M), after debugging,
I find in page fault handler, will get wrong pfn from pte just after set pte,
as follow:
do_anonymous_page()
{
...
set_pte_at(mm, address, page_table, entry);
//debug code
pfn = pte_pfn(entry);
pr_info("pfn:0x%lx, pte:0x%llxn", pfn, pte_val(entry));
//read out the pte just set
new_pte = pte_offset_map(pmd, address);
new_pfn = pte_pfn(*new_pte);
pr_info("new pfn:0x%lx, new pte:0x%llxn", pfn, pte_val(entry));
...
}
pfn: 0x1fa4f5, pte:0xc00001fa4f575f
new_pfn:0xfa4f5, new_pte:0xc00000fa4f5f5f //new pfn/pte is wrong.
The bug is happened in cpu_v7_set_pte_ext(ptep, pte):
An LPAE PTE is a 64bit quantity, passed to cpu_v7_set_pte_ext in the r2 and r3 registers.
On an LE kernel, r2 contains the LSB of the PTE, and r3 the MSB.
On a BE kernel, the assignment is reversed.
Unfortunately, the current code always assumes the LE case,
leading to corruption of the PTE when clearing/setting bits.
This patch fixes this issue much like it has been done already in the
cpu_v7_switch_mm case.
CC stable <stable@vger.kernel.org>
Signed-off-by: Jianguo Wu <wujianguo@huawei.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2014-04-24 10:45:56 +08:00
|
|
|
tst rl, #L_PTE_VALID
|
2011-11-23 01:30:29 +08:00
|
|
|
beq 1f
|
ARM: 8037/1: mm: support big-endian page tables
When enable LPAE and big-endian in a hisilicon board, while specify
mem=384M mem=512M@7680M, will get bad page state:
Freeing unused kernel memory: 180K (c0466000 - c0493000)
BUG: Bad page state in process init pfn:fa442
page:c7749840 count:0 mapcount:-1 mapping: (null) index:0x0
page flags: 0x40000400(reserved)
Modules linked in:
CPU: 0 PID: 1 Comm: init Not tainted 3.10.27+ #66
[<c000f5f0>] (unwind_backtrace+0x0/0x11c) from [<c000cbc4>] (show_stack+0x10/0x14)
[<c000cbc4>] (show_stack+0x10/0x14) from [<c009e448>] (bad_page+0xd4/0x104)
[<c009e448>] (bad_page+0xd4/0x104) from [<c009e520>] (free_pages_prepare+0xa8/0x14c)
[<c009e520>] (free_pages_prepare+0xa8/0x14c) from [<c009f8ec>] (free_hot_cold_page+0x18/0xf0)
[<c009f8ec>] (free_hot_cold_page+0x18/0xf0) from [<c00b5444>] (handle_pte_fault+0xcf4/0xdc8)
[<c00b5444>] (handle_pte_fault+0xcf4/0xdc8) from [<c00b6458>] (handle_mm_fault+0xf4/0x120)
[<c00b6458>] (handle_mm_fault+0xf4/0x120) from [<c0013754>] (do_page_fault+0xfc/0x354)
[<c0013754>] (do_page_fault+0xfc/0x354) from [<c0008400>] (do_DataAbort+0x2c/0x90)
[<c0008400>] (do_DataAbort+0x2c/0x90) from [<c0008fb4>] (__dabt_usr+0x34/0x40)
The bad pfn:fa442 is not system memory(mem=384M mem=512M@7680M), after debugging,
I find in page fault handler, will get wrong pfn from pte just after set pte,
as follow:
do_anonymous_page()
{
...
set_pte_at(mm, address, page_table, entry);
//debug code
pfn = pte_pfn(entry);
pr_info("pfn:0x%lx, pte:0x%llxn", pfn, pte_val(entry));
//read out the pte just set
new_pte = pte_offset_map(pmd, address);
new_pfn = pte_pfn(*new_pte);
pr_info("new pfn:0x%lx, new pte:0x%llxn", pfn, pte_val(entry));
...
}
pfn: 0x1fa4f5, pte:0xc00001fa4f575f
new_pfn:0xfa4f5, new_pte:0xc00000fa4f5f5f //new pfn/pte is wrong.
The bug is happened in cpu_v7_set_pte_ext(ptep, pte):
An LPAE PTE is a 64bit quantity, passed to cpu_v7_set_pte_ext in the r2 and r3 registers.
On an LE kernel, r2 contains the LSB of the PTE, and r3 the MSB.
On a BE kernel, the assignment is reversed.
Unfortunately, the current code always assumes the LE case,
leading to corruption of the PTE when clearing/setting bits.
This patch fixes this issue much like it has been done already in the
cpu_v7_switch_mm case.
CC stable <stable@vger.kernel.org>
Signed-off-by: Jianguo Wu <wujianguo@huawei.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2014-04-24 10:45:56 +08:00
|
|
|
tst rh, #1 << (57 - 32) @ L_PTE_NONE
|
|
|
|
bicne rl, #L_PTE_VALID
|
2012-09-01 12:22:12 +08:00
|
|
|
bne 1f
|
2014-07-18 23:16:15 +08:00
|
|
|
|
|
|
|
eor ip, rh, #1 << (55 - 32) @ toggle L_PTE_DIRTY in temp reg to
|
|
|
|
@ test for !L_PTE_DIRTY || L_PTE_RDONLY
|
|
|
|
tst ip, #1 << (55 - 32) | 1 << (58 - 32)
|
|
|
|
orrne rl, #PTE_AP2
|
|
|
|
biceq rl, #PTE_AP2
|
|
|
|
|
2011-11-23 01:30:29 +08:00
|
|
|
1: strd r2, r3, [r0]
|
2013-07-15 21:26:19 +08:00
|
|
|
ALT_SMP(W(nop))
|
2013-04-04 00:16:57 +08:00
|
|
|
ALT_UP (mcr p15, 0, r0, c7, c10, 1) @ flush_pte
|
2011-11-23 01:30:29 +08:00
|
|
|
#endif
|
2014-06-30 23:29:12 +08:00
|
|
|
ret lr
|
2011-11-23 01:30:29 +08:00
|
|
|
ENDPROC(cpu_v7_set_pte_ext)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Memory region attributes for LPAE (defined in pgtable-3level.h):
|
|
|
|
*
|
|
|
|
* n = AttrIndx[2:0]
|
|
|
|
*
|
|
|
|
* n MAIR
|
|
|
|
* UNCACHED 000 00000000
|
|
|
|
* BUFFERABLE 001 01000100
|
|
|
|
* DEV_WC 001 01000100
|
|
|
|
* WRITETHROUGH 010 10101010
|
|
|
|
* WRITEBACK 011 11101110
|
|
|
|
* DEV_CACHED 011 11101110
|
|
|
|
* DEV_SHARED 100 00000100
|
|
|
|
* DEV_NONSHARED 100 00000100
|
|
|
|
* unused 101
|
|
|
|
* unused 110
|
|
|
|
* WRITEALLOC 111 11111111
|
|
|
|
*/
|
|
|
|
.equ PRRR, 0xeeaa4400 @ MAIR0
|
|
|
|
.equ NMRR, 0xff000004 @ MAIR1
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Macro for setting up the TTBRx and TTBCR registers.
|
|
|
|
* - \ttbr1 updated.
|
|
|
|
*/
|
2015-04-05 03:09:46 +08:00
|
|
|
.macro v7_ttb_setup, zero, ttbr0l, ttbr0h, ttbr1, tmp
|
2011-11-23 01:30:29 +08:00
|
|
|
ldr \tmp, =swapper_pg_dir @ swapper_pg_dir virtual address
|
2015-04-05 03:09:46 +08:00
|
|
|
cmp \ttbr1, \tmp, lsr #12 @ PHYS_OFFSET > PAGE_OFFSET?
|
2017-08-07 13:49:19 +08:00
|
|
|
mov \tmp, #TTB_EAE @ for TTB control egister
|
2011-11-23 01:30:29 +08:00
|
|
|
ALT_SMP(orr \tmp, \tmp, #TTB_FLAGS_SMP)
|
|
|
|
ALT_UP(orr \tmp, \tmp, #TTB_FLAGS_UP)
|
|
|
|
ALT_SMP(orr \tmp, \tmp, #TTB_FLAGS_SMP << 16)
|
|
|
|
ALT_UP(orr \tmp, \tmp, #TTB_FLAGS_UP << 16)
|
|
|
|
/*
|
2012-07-22 07:47:52 +08:00
|
|
|
* Only use split TTBRs if PHYS_OFFSET <= PAGE_OFFSET (cmp above),
|
|
|
|
* otherwise booting secondary CPUs would end up using TTBR1 for the
|
|
|
|
* identity mapping set up in TTBR0.
|
2011-11-23 01:30:29 +08:00
|
|
|
*/
|
2012-07-22 07:47:52 +08:00
|
|
|
orrls \tmp, \tmp, #TTBR1_SIZE @ TTBCR.T1SZ
|
|
|
|
mcr p15, 0, \tmp, c2, c0, 2 @ TTBCR
|
2015-04-05 03:09:46 +08:00
|
|
|
mov \tmp, \ttbr1, lsr #20
|
|
|
|
mov \ttbr1, \ttbr1, lsl #12
|
2012-07-22 07:47:52 +08:00
|
|
|
addls \ttbr1, \ttbr1, #TTBR1_OFFSET
|
2014-07-25 16:16:28 +08:00
|
|
|
mcrr p15, 1, \ttbr1, \tmp, c2 @ load TTBR1
|
2011-11-23 01:30:29 +08:00
|
|
|
.endm
|
|
|
|
|
|
|
|
/*
|
|
|
|
* AT
|
|
|
|
* TFR EV X F IHD LR S
|
|
|
|
* .EEE ..EE PUI. .TAT 4RVI ZWRS BLDP WCAM
|
|
|
|
* rxxx rrxx xxx0 0101 xxxx xxxx x111 xxxx < forced
|
2014-09-25 18:39:19 +08:00
|
|
|
* 11 0 110 0 0011 1100 .111 1101 < we want
|
2011-11-23 01:30:29 +08:00
|
|
|
*/
|
|
|
|
.align 2
|
|
|
|
.type v7_crval, #object
|
|
|
|
v7_crval:
|
2014-09-25 18:39:19 +08:00
|
|
|
crval clear=0x0122c302, mmuset=0x30c03c7d, ucset=0x00c01c7c
|