1 /* arch/sparc64/mm/tsb.c
2  *
3  * Copyright (C) 2006, 2008 David S. Miller <davem@davemloft.net>
4  */
5 
6 #include <linux/kernel.h>
7 #include <linux/preempt.h>
8 #include <linux/slab.h>
9 #include <asm/system.h>
10 #include <asm/page.h>
11 #include <asm/tlbflush.h>
12 #include <asm/tlb.h>
13 #include <asm/mmu_context.h>
14 #include <asm/pgtable.h>
15 #include <asm/tsb.h>
16 #include <asm/oplib.h>
17 
18 extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES];
19 
tsb_hash(unsigned long vaddr,unsigned long hash_shift,unsigned long nentries)20 static inline unsigned long tsb_hash(unsigned long vaddr, unsigned long hash_shift, unsigned long nentries)
21 {
22 	vaddr >>= hash_shift;
23 	return vaddr & (nentries - 1);
24 }
25 
tag_compare(unsigned long tag,unsigned long vaddr)26 static inline int tag_compare(unsigned long tag, unsigned long vaddr)
27 {
28 	return (tag == (vaddr >> 22));
29 }
30 
31 /* TSB flushes need only occur on the processor initiating the address
32  * space modification, not on each cpu the address space has run on.
33  * Only the TLB flush needs that treatment.
34  */
35 
flush_tsb_kernel_range(unsigned long start,unsigned long end)36 void flush_tsb_kernel_range(unsigned long start, unsigned long end)
37 {
38 	unsigned long v;
39 
40 	for (v = start; v < end; v += PAGE_SIZE) {
41 		unsigned long hash = tsb_hash(v, PAGE_SHIFT,
42 					      KERNEL_TSB_NENTRIES);
43 		struct tsb *ent = &swapper_tsb[hash];
44 
45 		if (tag_compare(ent->tag, v))
46 			ent->tag = (1UL << TSB_TAG_INVALID_BIT);
47 	}
48 }
49 
__flush_tsb_one(struct mmu_gather * mp,unsigned long hash_shift,unsigned long tsb,unsigned long nentries)50 static void __flush_tsb_one(struct mmu_gather *mp, unsigned long hash_shift, unsigned long tsb, unsigned long nentries)
51 {
52 	unsigned long i;
53 
54 	for (i = 0; i < mp->tlb_nr; i++) {
55 		unsigned long v = mp->vaddrs[i];
56 		unsigned long tag, ent, hash;
57 
58 		v &= ~0x1UL;
59 
60 		hash = tsb_hash(v, hash_shift, nentries);
61 		ent = tsb + (hash * sizeof(struct tsb));
62 		tag = (v >> 22UL);
63 
64 		tsb_flush(ent, tag);
65 	}
66 }
67 
flush_tsb_user(struct mmu_gather * mp)68 void flush_tsb_user(struct mmu_gather *mp)
69 {
70 	struct mm_struct *mm = mp->mm;
71 	unsigned long nentries, base, flags;
72 
73 	spin_lock_irqsave(&mm->context.lock, flags);
74 
75 	base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb;
76 	nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries;
77 	if (tlb_type == cheetah_plus || tlb_type == hypervisor)
78 		base = __pa(base);
79 	__flush_tsb_one(mp, PAGE_SHIFT, base, nentries);
80 
81 #ifdef CONFIG_HUGETLB_PAGE
82 	if (mm->context.tsb_block[MM_TSB_HUGE].tsb) {
83 		base = (unsigned long) mm->context.tsb_block[MM_TSB_HUGE].tsb;
84 		nentries = mm->context.tsb_block[MM_TSB_HUGE].tsb_nentries;
85 		if (tlb_type == cheetah_plus || tlb_type == hypervisor)
86 			base = __pa(base);
87 		__flush_tsb_one(mp, HPAGE_SHIFT, base, nentries);
88 	}
89 #endif
90 	spin_unlock_irqrestore(&mm->context.lock, flags);
91 }
92 
93 #if defined(CONFIG_SPARC64_PAGE_SIZE_8KB)
94 #define HV_PGSZ_IDX_BASE	HV_PGSZ_IDX_8K
95 #define HV_PGSZ_MASK_BASE	HV_PGSZ_MASK_8K
96 #elif defined(CONFIG_SPARC64_PAGE_SIZE_64KB)
97 #define HV_PGSZ_IDX_BASE	HV_PGSZ_IDX_64K
98 #define HV_PGSZ_MASK_BASE	HV_PGSZ_MASK_64K
99 #else
100 #error Broken base page size setting...
101 #endif
102 
103 #ifdef CONFIG_HUGETLB_PAGE
104 #if defined(CONFIG_HUGETLB_PAGE_SIZE_64K)
105 #define HV_PGSZ_IDX_HUGE	HV_PGSZ_IDX_64K
106 #define HV_PGSZ_MASK_HUGE	HV_PGSZ_MASK_64K
107 #elif defined(CONFIG_HUGETLB_PAGE_SIZE_512K)
108 #define HV_PGSZ_IDX_HUGE	HV_PGSZ_IDX_512K
109 #define HV_PGSZ_MASK_HUGE	HV_PGSZ_MASK_512K
110 #elif defined(CONFIG_HUGETLB_PAGE_SIZE_4MB)
111 #define HV_PGSZ_IDX_HUGE	HV_PGSZ_IDX_4MB
112 #define HV_PGSZ_MASK_HUGE	HV_PGSZ_MASK_4MB
113 #else
114 #error Broken huge page size setting...
115 #endif
116 #endif
117 
setup_tsb_params(struct mm_struct * mm,unsigned long tsb_idx,unsigned long tsb_bytes)118 static void setup_tsb_params(struct mm_struct *mm, unsigned long tsb_idx, unsigned long tsb_bytes)
119 {
120 	unsigned long tsb_reg, base, tsb_paddr;
121 	unsigned long page_sz, tte;
122 
123 	mm->context.tsb_block[tsb_idx].tsb_nentries =
124 		tsb_bytes / sizeof(struct tsb);
125 
126 	base = TSBMAP_BASE;
127 	tte = pgprot_val(PAGE_KERNEL_LOCKED);
128 	tsb_paddr = __pa(mm->context.tsb_block[tsb_idx].tsb);
129 	BUG_ON(tsb_paddr & (tsb_bytes - 1UL));
130 
131 	/* Use the smallest page size that can map the whole TSB
132 	 * in one TLB entry.
133 	 */
134 	switch (tsb_bytes) {
135 	case 8192 << 0:
136 		tsb_reg = 0x0UL;
137 #ifdef DCACHE_ALIASING_POSSIBLE
138 		base += (tsb_paddr & 8192);
139 #endif
140 		page_sz = 8192;
141 		break;
142 
143 	case 8192 << 1:
144 		tsb_reg = 0x1UL;
145 		page_sz = 64 * 1024;
146 		break;
147 
148 	case 8192 << 2:
149 		tsb_reg = 0x2UL;
150 		page_sz = 64 * 1024;
151 		break;
152 
153 	case 8192 << 3:
154 		tsb_reg = 0x3UL;
155 		page_sz = 64 * 1024;
156 		break;
157 
158 	case 8192 << 4:
159 		tsb_reg = 0x4UL;
160 		page_sz = 512 * 1024;
161 		break;
162 
163 	case 8192 << 5:
164 		tsb_reg = 0x5UL;
165 		page_sz = 512 * 1024;
166 		break;
167 
168 	case 8192 << 6:
169 		tsb_reg = 0x6UL;
170 		page_sz = 512 * 1024;
171 		break;
172 
173 	case 8192 << 7:
174 		tsb_reg = 0x7UL;
175 		page_sz = 4 * 1024 * 1024;
176 		break;
177 
178 	default:
179 		printk(KERN_ERR "TSB[%s:%d]: Impossible TSB size %lu, killing process.\n",
180 		       current->comm, current->pid, tsb_bytes);
181 		do_exit(SIGSEGV);
182 	};
183 	tte |= pte_sz_bits(page_sz);
184 
185 	if (tlb_type == cheetah_plus || tlb_type == hypervisor) {
186 		/* Physical mapping, no locked TLB entry for TSB.  */
187 		tsb_reg |= tsb_paddr;
188 
189 		mm->context.tsb_block[tsb_idx].tsb_reg_val = tsb_reg;
190 		mm->context.tsb_block[tsb_idx].tsb_map_vaddr = 0;
191 		mm->context.tsb_block[tsb_idx].tsb_map_pte = 0;
192 	} else {
193 		tsb_reg |= base;
194 		tsb_reg |= (tsb_paddr & (page_sz - 1UL));
195 		tte |= (tsb_paddr & ~(page_sz - 1UL));
196 
197 		mm->context.tsb_block[tsb_idx].tsb_reg_val = tsb_reg;
198 		mm->context.tsb_block[tsb_idx].tsb_map_vaddr = base;
199 		mm->context.tsb_block[tsb_idx].tsb_map_pte = tte;
200 	}
201 
202 	/* Setup the Hypervisor TSB descriptor.  */
203 	if (tlb_type == hypervisor) {
204 		struct hv_tsb_descr *hp = &mm->context.tsb_descr[tsb_idx];
205 
206 		switch (tsb_idx) {
207 		case MM_TSB_BASE:
208 			hp->pgsz_idx = HV_PGSZ_IDX_BASE;
209 			break;
210 #ifdef CONFIG_HUGETLB_PAGE
211 		case MM_TSB_HUGE:
212 			hp->pgsz_idx = HV_PGSZ_IDX_HUGE;
213 			break;
214 #endif
215 		default:
216 			BUG();
217 		};
218 		hp->assoc = 1;
219 		hp->num_ttes = tsb_bytes / 16;
220 		hp->ctx_idx = 0;
221 		switch (tsb_idx) {
222 		case MM_TSB_BASE:
223 			hp->pgsz_mask = HV_PGSZ_MASK_BASE;
224 			break;
225 #ifdef CONFIG_HUGETLB_PAGE
226 		case MM_TSB_HUGE:
227 			hp->pgsz_mask = HV_PGSZ_MASK_HUGE;
228 			break;
229 #endif
230 		default:
231 			BUG();
232 		};
233 		hp->tsb_base = tsb_paddr;
234 		hp->resv = 0;
235 	}
236 }
237 
238 static struct kmem_cache *tsb_caches[8] __read_mostly;
239 
240 static const char *tsb_cache_names[8] = {
241 	"tsb_8KB",
242 	"tsb_16KB",
243 	"tsb_32KB",
244 	"tsb_64KB",
245 	"tsb_128KB",
246 	"tsb_256KB",
247 	"tsb_512KB",
248 	"tsb_1MB",
249 };
250 
pgtable_cache_init(void)251 void __init pgtable_cache_init(void)
252 {
253 	unsigned long i;
254 
255 	for (i = 0; i < 8; i++) {
256 		unsigned long size = 8192 << i;
257 		const char *name = tsb_cache_names[i];
258 
259 		tsb_caches[i] = kmem_cache_create(name,
260 						  size, size,
261 						  0, NULL);
262 		if (!tsb_caches[i]) {
263 			prom_printf("Could not create %s cache\n", name);
264 			prom_halt();
265 		}
266 	}
267 }
268 
269 int sysctl_tsb_ratio = -2;
270 
tsb_size_to_rss_limit(unsigned long new_size)271 static unsigned long tsb_size_to_rss_limit(unsigned long new_size)
272 {
273 	unsigned long num_ents = (new_size / sizeof(struct tsb));
274 
275 	if (sysctl_tsb_ratio < 0)
276 		return num_ents - (num_ents >> -sysctl_tsb_ratio);
277 	else
278 		return num_ents + (num_ents >> sysctl_tsb_ratio);
279 }
280 
281 /* When the RSS of an address space exceeds tsb_rss_limit for a TSB,
282  * do_sparc64_fault() invokes this routine to try and grow it.
283  *
284  * When we reach the maximum TSB size supported, we stick ~0UL into
285  * tsb_rss_limit for that TSB so the grow checks in do_sparc64_fault()
286  * will not trigger any longer.
287  *
288  * The TSB can be anywhere from 8K to 1MB in size, in increasing powers
289  * of two.  The TSB must be aligned to it's size, so f.e. a 512K TSB
290  * must be 512K aligned.  It also must be physically contiguous, so we
291  * cannot use vmalloc().
292  *
293  * The idea here is to grow the TSB when the RSS of the process approaches
294  * the number of entries that the current TSB can hold at once.  Currently,
295  * we trigger when the RSS hits 3/4 of the TSB capacity.
296  */
tsb_grow(struct mm_struct * mm,unsigned long tsb_index,unsigned long rss)297 void tsb_grow(struct mm_struct *mm, unsigned long tsb_index, unsigned long rss)
298 {
299 	unsigned long max_tsb_size = 1 * 1024 * 1024;
300 	unsigned long new_size, old_size, flags;
301 	struct tsb *old_tsb, *new_tsb;
302 	unsigned long new_cache_index, old_cache_index;
303 	unsigned long new_rss_limit;
304 	gfp_t gfp_flags;
305 
306 	if (max_tsb_size > (PAGE_SIZE << MAX_ORDER))
307 		max_tsb_size = (PAGE_SIZE << MAX_ORDER);
308 
309 	new_cache_index = 0;
310 	for (new_size = 8192; new_size < max_tsb_size; new_size <<= 1UL) {
311 		new_rss_limit = tsb_size_to_rss_limit(new_size);
312 		if (new_rss_limit > rss)
313 			break;
314 		new_cache_index++;
315 	}
316 
317 	if (new_size == max_tsb_size)
318 		new_rss_limit = ~0UL;
319 
320 retry_tsb_alloc:
321 	gfp_flags = GFP_KERNEL;
322 	if (new_size > (PAGE_SIZE * 2))
323 		gfp_flags = __GFP_NOWARN | __GFP_NORETRY;
324 
325 	new_tsb = kmem_cache_alloc_node(tsb_caches[new_cache_index],
326 					gfp_flags, numa_node_id());
327 	if (unlikely(!new_tsb)) {
328 		/* Not being able to fork due to a high-order TSB
329 		 * allocation failure is very bad behavior.  Just back
330 		 * down to a 0-order allocation and force no TSB
331 		 * growing for this address space.
332 		 */
333 		if (mm->context.tsb_block[tsb_index].tsb == NULL &&
334 		    new_cache_index > 0) {
335 			new_cache_index = 0;
336 			new_size = 8192;
337 			new_rss_limit = ~0UL;
338 			goto retry_tsb_alloc;
339 		}
340 
341 		/* If we failed on a TSB grow, we are under serious
342 		 * memory pressure so don't try to grow any more.
343 		 */
344 		if (mm->context.tsb_block[tsb_index].tsb != NULL)
345 			mm->context.tsb_block[tsb_index].tsb_rss_limit = ~0UL;
346 		return;
347 	}
348 
349 	/* Mark all tags as invalid.  */
350 	tsb_init(new_tsb, new_size);
351 
352 	/* Ok, we are about to commit the changes.  If we are
353 	 * growing an existing TSB the locking is very tricky,
354 	 * so WATCH OUT!
355 	 *
356 	 * We have to hold mm->context.lock while committing to the
357 	 * new TSB, this synchronizes us with processors in
358 	 * flush_tsb_user() and switch_mm() for this address space.
359 	 *
360 	 * But even with that lock held, processors run asynchronously
361 	 * accessing the old TSB via TLB miss handling.  This is OK
362 	 * because those actions are just propagating state from the
363 	 * Linux page tables into the TSB, page table mappings are not
364 	 * being changed.  If a real fault occurs, the processor will
365 	 * synchronize with us when it hits flush_tsb_user(), this is
366 	 * also true for the case where vmscan is modifying the page
367 	 * tables.  The only thing we need to be careful with is to
368 	 * skip any locked TSB entries during copy_tsb().
369 	 *
370 	 * When we finish committing to the new TSB, we have to drop
371 	 * the lock and ask all other cpus running this address space
372 	 * to run tsb_context_switch() to see the new TSB table.
373 	 */
374 	spin_lock_irqsave(&mm->context.lock, flags);
375 
376 	old_tsb = mm->context.tsb_block[tsb_index].tsb;
377 	old_cache_index =
378 		(mm->context.tsb_block[tsb_index].tsb_reg_val & 0x7UL);
379 	old_size = (mm->context.tsb_block[tsb_index].tsb_nentries *
380 		    sizeof(struct tsb));
381 
382 
383 	/* Handle multiple threads trying to grow the TSB at the same time.
384 	 * One will get in here first, and bump the size and the RSS limit.
385 	 * The others will get in here next and hit this check.
386 	 */
387 	if (unlikely(old_tsb &&
388 		     (rss < mm->context.tsb_block[tsb_index].tsb_rss_limit))) {
389 		spin_unlock_irqrestore(&mm->context.lock, flags);
390 
391 		kmem_cache_free(tsb_caches[new_cache_index], new_tsb);
392 		return;
393 	}
394 
395 	mm->context.tsb_block[tsb_index].tsb_rss_limit = new_rss_limit;
396 
397 	if (old_tsb) {
398 		extern void copy_tsb(unsigned long old_tsb_base,
399 				     unsigned long old_tsb_size,
400 				     unsigned long new_tsb_base,
401 				     unsigned long new_tsb_size);
402 		unsigned long old_tsb_base = (unsigned long) old_tsb;
403 		unsigned long new_tsb_base = (unsigned long) new_tsb;
404 
405 		if (tlb_type == cheetah_plus || tlb_type == hypervisor) {
406 			old_tsb_base = __pa(old_tsb_base);
407 			new_tsb_base = __pa(new_tsb_base);
408 		}
409 		copy_tsb(old_tsb_base, old_size, new_tsb_base, new_size);
410 	}
411 
412 	mm->context.tsb_block[tsb_index].tsb = new_tsb;
413 	setup_tsb_params(mm, tsb_index, new_size);
414 
415 	spin_unlock_irqrestore(&mm->context.lock, flags);
416 
417 	/* If old_tsb is NULL, we're being invoked for the first time
418 	 * from init_new_context().
419 	 */
420 	if (old_tsb) {
421 		/* Reload it on the local cpu.  */
422 		tsb_context_switch(mm);
423 
424 		/* Now force other processors to do the same.  */
425 		preempt_disable();
426 		smp_tsb_sync(mm);
427 		preempt_enable();
428 
429 		/* Now it is safe to free the old tsb.  */
430 		kmem_cache_free(tsb_caches[old_cache_index], old_tsb);
431 	}
432 }
433 
init_new_context(struct task_struct * tsk,struct mm_struct * mm)434 int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
435 {
436 #ifdef CONFIG_HUGETLB_PAGE
437 	unsigned long huge_pte_count;
438 #endif
439 	unsigned int i;
440 
441 	spin_lock_init(&mm->context.lock);
442 
443 	mm->context.sparc64_ctx_val = 0UL;
444 
445 #ifdef CONFIG_HUGETLB_PAGE
446 	/* We reset it to zero because the fork() page copying
447 	 * will re-increment the counters as the parent PTEs are
448 	 * copied into the child address space.
449 	 */
450 	huge_pte_count = mm->context.huge_pte_count;
451 	mm->context.huge_pte_count = 0;
452 #endif
453 
454 	/* copy_mm() copies over the parent's mm_struct before calling
455 	 * us, so we need to zero out the TSB pointer or else tsb_grow()
456 	 * will be confused and think there is an older TSB to free up.
457 	 */
458 	for (i = 0; i < MM_NUM_TSBS; i++)
459 		mm->context.tsb_block[i].tsb = NULL;
460 
461 	/* If this is fork, inherit the parent's TSB size.  We would
462 	 * grow it to that size on the first page fault anyways.
463 	 */
464 	tsb_grow(mm, MM_TSB_BASE, get_mm_rss(mm));
465 
466 #ifdef CONFIG_HUGETLB_PAGE
467 	if (unlikely(huge_pte_count))
468 		tsb_grow(mm, MM_TSB_HUGE, huge_pte_count);
469 #endif
470 
471 	if (unlikely(!mm->context.tsb_block[MM_TSB_BASE].tsb))
472 		return -ENOMEM;
473 
474 	return 0;
475 }
476 
tsb_destroy_one(struct tsb_config * tp)477 static void tsb_destroy_one(struct tsb_config *tp)
478 {
479 	unsigned long cache_index;
480 
481 	if (!tp->tsb)
482 		return;
483 	cache_index = tp->tsb_reg_val & 0x7UL;
484 	kmem_cache_free(tsb_caches[cache_index], tp->tsb);
485 	tp->tsb = NULL;
486 	tp->tsb_reg_val = 0UL;
487 }
488 
destroy_context(struct mm_struct * mm)489 void destroy_context(struct mm_struct *mm)
490 {
491 	unsigned long flags, i;
492 
493 	for (i = 0; i < MM_NUM_TSBS; i++)
494 		tsb_destroy_one(&mm->context.tsb_block[i]);
495 
496 	spin_lock_irqsave(&ctx_alloc_lock, flags);
497 
498 	if (CTX_VALID(mm->context)) {
499 		unsigned long nr = CTX_NRBITS(mm->context);
500 		mmu_context_bmap[nr>>6] &= ~(1UL << (nr & 63));
501 	}
502 
503 	spin_unlock_irqrestore(&ctx_alloc_lock, flags);
504 }
505