1/* 2 * arch/ia64/kernel/ivt.S 3 * 4 * Copyright (C) 1998-2001, 2003, 2005 Hewlett-Packard Co 5 * Stephane Eranian <eranian@hpl.hp.com> 6 * David Mosberger <davidm@hpl.hp.com> 7 * Copyright (C) 2000, 2002-2003 Intel Co 8 * Asit Mallick <asit.k.mallick@intel.com> 9 * Suresh Siddha <suresh.b.siddha@intel.com> 10 * Kenneth Chen <kenneth.w.chen@intel.com> 11 * Fenghua Yu <fenghua.yu@intel.com> 12 * 13 * 00/08/23 Asit Mallick <asit.k.mallick@intel.com> TLB handling for SMP 14 * 00/12/20 David Mosberger-Tang <davidm@hpl.hp.com> DTLB/ITLB handler now uses virtual PT. 15 * 16 * Copyright (C) 2005 Hewlett-Packard Co 17 * Dan Magenheimer <dan.magenheimer@hp.com> 18 * Xen paravirtualization 19 * Copyright (c) 2008 Isaku Yamahata <yamahata at valinux co jp> 20 * VA Linux Systems Japan K.K. 21 * pv_ops. 22 * Yaozu (Eddie) Dong <eddie.dong@intel.com> 23 */ 24/* 25 * This file defines the interruption vector table used by the CPU. 26 * It does not include one entry per possible cause of interruption. 27 * 28 * The first 20 entries of the table contain 64 bundles each while the 29 * remaining 48 entries contain only 16 bundles each. 30 * 31 * The 64 bundles are used to allow inlining the whole handler for critical 32 * interruptions like TLB misses. 33 * 34 * For each entry, the comment is as follows: 35 * 36 * // 0x1c00 Entry 7 (size 64 bundles) Data Key Miss (12,51) 37 * entry offset ----/ / / / / 38 * entry number ---------/ / / / 39 * size of the entry -------------/ / / 40 * vector name -------------------------------------/ / 41 * interruptions triggering this vector ----------------------/ 42 * 43 * The table is 32KB in size and must be aligned on 32KB boundary. 44 * (The CPU ignores the 15 lower bits of the address) 45 * 46 * Table is based upon EAS2.6 (Oct 1999) 47 */ 48 49 50#include <asm/asmmacro.h> 51#include <asm/break.h> 52#include <asm/kregs.h> 53#include <asm/asm-offsets.h> 54#include <asm/pgtable.h> 55#include <asm/processor.h> 56#include <asm/ptrace.h> 57#include <asm/system.h> 58#include <asm/thread_info.h> 59#include <asm/unistd.h> 60#include <asm/errno.h> 61 62# define PSR_DEFAULT_BITS psr.ac 63 64# define DBG_FAULT(i) 65 66#include "minstate.h" 67 68#define FAULT(n) \ 69 mov r31=pr; \ 70 mov r19=n;; /* prepare to save predicates */ \ 71 br.sptk.many dispatch_to_fault_handler 72 73 .section .text..ivt,"ax" 74 75 .align 32768 // align on 32KB boundary 76 .global ia64_ivt 77ia64_ivt: 78///////////////////////////////////////////////////////////////////////////////////////// 79// 0x0000 Entry 0 (size 64 bundles) VHPT Translation (8,20,47) 80ENTRY(vhpt_miss) 81 DBG_FAULT(0) 82 /* 83 * The VHPT vector is invoked when the TLB entry for the virtual page table 84 * is missing. This happens only as a result of a previous 85 * (the "original") TLB miss, which may either be caused by an instruction 86 * fetch or a data access (or non-access). 87 * 88 * What we do here is normal TLB miss handing for the _original_ miss, 89 * followed by inserting the TLB entry for the virtual page table page 90 * that the VHPT walker was attempting to access. The latter gets 91 * inserted as long as page table entry above pte level have valid 92 * mappings for the faulting address. The TLB entry for the original 93 * miss gets inserted only if the pte entry indicates that the page is 94 * present. 95 * 96 * do_page_fault gets invoked in the following cases: 97 * - the faulting virtual address uses unimplemented address bits 98 * - the faulting virtual address has no valid page table mapping 99 */ 100 MOV_FROM_IFA(r16) // get address that caused the TLB miss 101#ifdef CONFIG_HUGETLB_PAGE 102 movl r18=PAGE_SHIFT 103 MOV_FROM_ITIR(r25) 104#endif 105 ;; 106 RSM_PSR_DT // use physical addressing for data 107 mov r31=pr // save the predicate registers 108 mov r19=IA64_KR(PT_BASE) // get page table base address 109 shl r21=r16,3 // shift bit 60 into sign bit 110 shr.u r17=r16,61 // get the region number into r17 111 ;; 112 shr.u r22=r21,3 113#ifdef CONFIG_HUGETLB_PAGE 114 extr.u r26=r25,2,6 115 ;; 116 cmp.ne p8,p0=r18,r26 117 sub r27=r26,r18 118 ;; 119(p8) dep r25=r18,r25,2,6 120(p8) shr r22=r22,r27 121#endif 122 ;; 123 cmp.eq p6,p7=5,r17 // is IFA pointing into to region 5? 124 shr.u r18=r22,PGDIR_SHIFT // get bottom portion of pgd index bit 125 ;; 126(p7) dep r17=r17,r19,(PAGE_SHIFT-3),3 // put region number bits in place 127 128 srlz.d 129 LOAD_PHYSICAL(p6, r19, swapper_pg_dir) // region 5 is rooted at swapper_pg_dir 130 131 .pred.rel "mutex", p6, p7 132(p6) shr.u r21=r21,PGDIR_SHIFT+PAGE_SHIFT 133(p7) shr.u r21=r21,PGDIR_SHIFT+PAGE_SHIFT-3 134 ;; 135(p6) dep r17=r18,r19,3,(PAGE_SHIFT-3) // r17=pgd_offset for region 5 136(p7) dep r17=r18,r17,3,(PAGE_SHIFT-6) // r17=pgd_offset for region[0-4] 137 cmp.eq p7,p6=0,r21 // unused address bits all zeroes? 138#ifdef CONFIG_PGTABLE_4 139 shr.u r28=r22,PUD_SHIFT // shift pud index into position 140#else 141 shr.u r18=r22,PMD_SHIFT // shift pmd index into position 142#endif 143 ;; 144 ld8 r17=[r17] // get *pgd (may be 0) 145 ;; 146(p7) cmp.eq p6,p7=r17,r0 // was pgd_present(*pgd) == NULL? 147#ifdef CONFIG_PGTABLE_4 148 dep r28=r28,r17,3,(PAGE_SHIFT-3) // r28=pud_offset(pgd,addr) 149 ;; 150 shr.u r18=r22,PMD_SHIFT // shift pmd index into position 151(p7) ld8 r29=[r28] // get *pud (may be 0) 152 ;; 153(p7) cmp.eq.or.andcm p6,p7=r29,r0 // was pud_present(*pud) == NULL? 154 dep r17=r18,r29,3,(PAGE_SHIFT-3) // r17=pmd_offset(pud,addr) 155#else 156 dep r17=r18,r17,3,(PAGE_SHIFT-3) // r17=pmd_offset(pgd,addr) 157#endif 158 ;; 159(p7) ld8 r20=[r17] // get *pmd (may be 0) 160 shr.u r19=r22,PAGE_SHIFT // shift pte index into position 161 ;; 162(p7) cmp.eq.or.andcm p6,p7=r20,r0 // was pmd_present(*pmd) == NULL? 163 dep r21=r19,r20,3,(PAGE_SHIFT-3) // r21=pte_offset(pmd,addr) 164 ;; 165(p7) ld8 r18=[r21] // read *pte 166 MOV_FROM_ISR(r19) // cr.isr bit 32 tells us if this is an insn miss 167 ;; 168(p7) tbit.z p6,p7=r18,_PAGE_P_BIT // page present bit cleared? 169 MOV_FROM_IHA(r22) // get the VHPT address that caused the TLB miss 170 ;; // avoid RAW on p7 171(p7) tbit.nz.unc p10,p11=r19,32 // is it an instruction TLB miss? 172 dep r23=0,r20,0,PAGE_SHIFT // clear low bits to get page address 173 ;; 174 ITC_I_AND_D(p10, p11, r18, r24) // insert the instruction TLB entry and 175 // insert the data TLB entry 176(p6) br.cond.spnt.many page_fault // handle bad address/page not present (page fault) 177 MOV_TO_IFA(r22, r24) 178 179#ifdef CONFIG_HUGETLB_PAGE 180 MOV_TO_ITIR(p8, r25, r24) // change to default page-size for VHPT 181#endif 182 183 /* 184 * Now compute and insert the TLB entry for the virtual page table. We never 185 * execute in a page table page so there is no need to set the exception deferral 186 * bit. 187 */ 188 adds r24=__DIRTY_BITS_NO_ED|_PAGE_PL_0|_PAGE_AR_RW,r23 189 ;; 190 ITC_D(p7, r24, r25) 191 ;; 192#ifdef CONFIG_SMP 193 /* 194 * Tell the assemblers dependency-violation checker that the above "itc" instructions 195 * cannot possibly affect the following loads: 196 */ 197 dv_serialize_data 198 199 /* 200 * Re-check pagetable entry. If they changed, we may have received a ptc.g 201 * between reading the pagetable and the "itc". If so, flush the entry we 202 * inserted and retry. At this point, we have: 203 * 204 * r28 = equivalent of pud_offset(pgd, ifa) 205 * r17 = equivalent of pmd_offset(pud, ifa) 206 * r21 = equivalent of pte_offset(pmd, ifa) 207 * 208 * r29 = *pud 209 * r20 = *pmd 210 * r18 = *pte 211 */ 212 ld8 r25=[r21] // read *pte again 213 ld8 r26=[r17] // read *pmd again 214#ifdef CONFIG_PGTABLE_4 215 ld8 r19=[r28] // read *pud again 216#endif 217 cmp.ne p6,p7=r0,r0 218 ;; 219 cmp.ne.or.andcm p6,p7=r26,r20 // did *pmd change 220#ifdef CONFIG_PGTABLE_4 221 cmp.ne.or.andcm p6,p7=r19,r29 // did *pud change 222#endif 223 mov r27=PAGE_SHIFT<<2 224 ;; 225(p6) ptc.l r22,r27 // purge PTE page translation 226(p7) cmp.ne.or.andcm p6,p7=r25,r18 // did *pte change 227 ;; 228(p6) ptc.l r16,r27 // purge translation 229#endif 230 231 mov pr=r31,-1 // restore predicate registers 232 RFI 233END(vhpt_miss) 234 235 .org ia64_ivt+0x400 236///////////////////////////////////////////////////////////////////////////////////////// 237// 0x0400 Entry 1 (size 64 bundles) ITLB (21) 238ENTRY(itlb_miss) 239 DBG_FAULT(1) 240 /* 241 * The ITLB handler accesses the PTE via the virtually mapped linear 242 * page table. If a nested TLB miss occurs, we switch into physical 243 * mode, walk the page table, and then re-execute the PTE read and 244 * go on normally after that. 245 */ 246 MOV_FROM_IFA(r16) // get virtual address 247 mov r29=b0 // save b0 248 mov r31=pr // save predicates 249.itlb_fault: 250 MOV_FROM_IHA(r17) // get virtual address of PTE 251 movl r30=1f // load nested fault continuation point 252 ;; 2531: ld8 r18=[r17] // read *pte 254 ;; 255 mov b0=r29 256 tbit.z p6,p0=r18,_PAGE_P_BIT // page present bit cleared? 257(p6) br.cond.spnt page_fault 258 ;; 259 ITC_I(p0, r18, r19) 260 ;; 261#ifdef CONFIG_SMP 262 /* 263 * Tell the assemblers dependency-violation checker that the above "itc" instructions 264 * cannot possibly affect the following loads: 265 */ 266 dv_serialize_data 267 268 ld8 r19=[r17] // read *pte again and see if same 269 mov r20=PAGE_SHIFT<<2 // setup page size for purge 270 ;; 271 cmp.ne p7,p0=r18,r19 272 ;; 273(p7) ptc.l r16,r20 274#endif 275 mov pr=r31,-1 276 RFI 277END(itlb_miss) 278 279 .org ia64_ivt+0x0800 280///////////////////////////////////////////////////////////////////////////////////////// 281// 0x0800 Entry 2 (size 64 bundles) DTLB (9,48) 282ENTRY(dtlb_miss) 283 DBG_FAULT(2) 284 /* 285 * The DTLB handler accesses the PTE via the virtually mapped linear 286 * page table. If a nested TLB miss occurs, we switch into physical 287 * mode, walk the page table, and then re-execute the PTE read and 288 * go on normally after that. 289 */ 290 MOV_FROM_IFA(r16) // get virtual address 291 mov r29=b0 // save b0 292 mov r31=pr // save predicates 293dtlb_fault: 294 MOV_FROM_IHA(r17) // get virtual address of PTE 295 movl r30=1f // load nested fault continuation point 296 ;; 2971: ld8 r18=[r17] // read *pte 298 ;; 299 mov b0=r29 300 tbit.z p6,p0=r18,_PAGE_P_BIT // page present bit cleared? 301(p6) br.cond.spnt page_fault 302 ;; 303 ITC_D(p0, r18, r19) 304 ;; 305#ifdef CONFIG_SMP 306 /* 307 * Tell the assemblers dependency-violation checker that the above "itc" instructions 308 * cannot possibly affect the following loads: 309 */ 310 dv_serialize_data 311 312 ld8 r19=[r17] // read *pte again and see if same 313 mov r20=PAGE_SHIFT<<2 // setup page size for purge 314 ;; 315 cmp.ne p7,p0=r18,r19 316 ;; 317(p7) ptc.l r16,r20 318#endif 319 mov pr=r31,-1 320 RFI 321END(dtlb_miss) 322 323 .org ia64_ivt+0x0c00 324///////////////////////////////////////////////////////////////////////////////////////// 325// 0x0c00 Entry 3 (size 64 bundles) Alt ITLB (19) 326ENTRY(alt_itlb_miss) 327 DBG_FAULT(3) 328 MOV_FROM_IFA(r16) // get address that caused the TLB miss 329 movl r17=PAGE_KERNEL 330 MOV_FROM_IPSR(p0, r21) 331 movl r19=(((1 << IA64_MAX_PHYS_BITS) - 1) & ~0xfff) 332 mov r31=pr 333 ;; 334#ifdef CONFIG_DISABLE_VHPT 335 shr.u r22=r16,61 // get the region number into r21 336 ;; 337 cmp.gt p8,p0=6,r22 // user mode 338 ;; 339 THASH(p8, r17, r16, r23) 340 ;; 341 MOV_TO_IHA(p8, r17, r23) 342(p8) mov r29=b0 // save b0 343(p8) br.cond.dptk .itlb_fault 344#endif 345 extr.u r23=r21,IA64_PSR_CPL0_BIT,2 // extract psr.cpl 346 and r19=r19,r16 // clear ed, reserved bits, and PTE control bits 347 shr.u r18=r16,57 // move address bit 61 to bit 4 348 ;; 349 andcm r18=0x10,r18 // bit 4=~address-bit(61) 350 cmp.ne p8,p0=r0,r23 // psr.cpl != 0? 351 or r19=r17,r19 // insert PTE control bits into r19 352 ;; 353 or r19=r19,r18 // set bit 4 (uncached) if the access was to region 6 354(p8) br.cond.spnt page_fault 355 ;; 356 ITC_I(p0, r19, r18) // insert the TLB entry 357 mov pr=r31,-1 358 RFI 359END(alt_itlb_miss) 360 361 .org ia64_ivt+0x1000 362///////////////////////////////////////////////////////////////////////////////////////// 363// 0x1000 Entry 4 (size 64 bundles) Alt DTLB (7,46) 364ENTRY(alt_dtlb_miss) 365 DBG_FAULT(4) 366 MOV_FROM_IFA(r16) // get address that caused the TLB miss 367 movl r17=PAGE_KERNEL 368 MOV_FROM_ISR(r20) 369 movl r19=(((1 << IA64_MAX_PHYS_BITS) - 1) & ~0xfff) 370 MOV_FROM_IPSR(p0, r21) 371 mov r31=pr 372 mov r24=PERCPU_ADDR 373 ;; 374#ifdef CONFIG_DISABLE_VHPT 375 shr.u r22=r16,61 // get the region number into r21 376 ;; 377 cmp.gt p8,p0=6,r22 // access to region 0-5 378 ;; 379 THASH(p8, r17, r16, r25) 380 ;; 381 MOV_TO_IHA(p8, r17, r25) 382(p8) mov r29=b0 // save b0 383(p8) br.cond.dptk dtlb_fault 384#endif 385 cmp.ge p10,p11=r16,r24 // access to per_cpu_data? 386 tbit.z p12,p0=r16,61 // access to region 6? 387 mov r25=PERCPU_PAGE_SHIFT << 2 388 mov r26=PERCPU_PAGE_SIZE 389 nop.m 0 390 nop.b 0 391 ;; 392(p10) mov r19=IA64_KR(PER_CPU_DATA) 393(p11) and r19=r19,r16 // clear non-ppn fields 394 extr.u r23=r21,IA64_PSR_CPL0_BIT,2 // extract psr.cpl 395 and r22=IA64_ISR_CODE_MASK,r20 // get the isr.code field 396 tbit.nz p6,p7=r20,IA64_ISR_SP_BIT // is speculation bit on? 397 tbit.nz p9,p0=r20,IA64_ISR_NA_BIT // is non-access bit on? 398 ;; 399(p10) sub r19=r19,r26 400 MOV_TO_ITIR(p10, r25, r24) 401 cmp.ne p8,p0=r0,r23 402(p9) cmp.eq.or.andcm p6,p7=IA64_ISR_CODE_LFETCH,r22 // check isr.code field 403(p12) dep r17=-1,r17,4,1 // set ma=UC for region 6 addr 404(p8) br.cond.spnt page_fault 405 406 dep r21=-1,r21,IA64_PSR_ED_BIT,1 407 ;; 408 or r19=r19,r17 // insert PTE control bits into r19 409 MOV_TO_IPSR(p6, r21, r24) 410 ;; 411 ITC_D(p7, r19, r18) // insert the TLB entry 412 mov pr=r31,-1 413 RFI 414END(alt_dtlb_miss) 415 416 .org ia64_ivt+0x1400 417///////////////////////////////////////////////////////////////////////////////////////// 418// 0x1400 Entry 5 (size 64 bundles) Data nested TLB (6,45) 419ENTRY(nested_dtlb_miss) 420 /* 421 * In the absence of kernel bugs, we get here when the virtually mapped linear 422 * page table is accessed non-speculatively (e.g., in the Dirty-bit, Instruction 423 * Access-bit, or Data Access-bit faults). If the DTLB entry for the virtual page 424 * table is missing, a nested TLB miss fault is triggered and control is 425 * transferred to this point. When this happens, we lookup the pte for the 426 * faulting address by walking the page table in physical mode and return to the 427 * continuation point passed in register r30 (or call page_fault if the address is 428 * not mapped). 429 * 430 * Input: r16: faulting address 431 * r29: saved b0 432 * r30: continuation address 433 * r31: saved pr 434 * 435 * Output: r17: physical address of PTE of faulting address 436 * r29: saved b0 437 * r30: continuation address 438 * r31: saved pr 439 * 440 * Clobbered: b0, r18, r19, r21, r22, psr.dt (cleared) 441 */ 442 RSM_PSR_DT // switch to using physical data addressing 443 mov r19=IA64_KR(PT_BASE) // get the page table base address 444 shl r21=r16,3 // shift bit 60 into sign bit 445 MOV_FROM_ITIR(r18) 446 ;; 447 shr.u r17=r16,61 // get the region number into r17 448 extr.u r18=r18,2,6 // get the faulting page size 449 ;; 450 cmp.eq p6,p7=5,r17 // is faulting address in region 5? 451 add r22=-PAGE_SHIFT,r18 // adjustment for hugetlb address 452 add r18=PGDIR_SHIFT-PAGE_SHIFT,r18 453 ;; 454 shr.u r22=r16,r22 455 shr.u r18=r16,r18 456(p7) dep r17=r17,r19,(PAGE_SHIFT-3),3 // put region number bits in place 457 458 srlz.d 459 LOAD_PHYSICAL(p6, r19, swapper_pg_dir) // region 5 is rooted at swapper_pg_dir 460 461 .pred.rel "mutex", p6, p7 462(p6) shr.u r21=r21,PGDIR_SHIFT+PAGE_SHIFT 463(p7) shr.u r21=r21,PGDIR_SHIFT+PAGE_SHIFT-3 464 ;; 465(p6) dep r17=r18,r19,3,(PAGE_SHIFT-3) // r17=pgd_offset for region 5 466(p7) dep r17=r18,r17,3,(PAGE_SHIFT-6) // r17=pgd_offset for region[0-4] 467 cmp.eq p7,p6=0,r21 // unused address bits all zeroes? 468#ifdef CONFIG_PGTABLE_4 469 shr.u r18=r22,PUD_SHIFT // shift pud index into position 470#else 471 shr.u r18=r22,PMD_SHIFT // shift pmd index into position 472#endif 473 ;; 474 ld8 r17=[r17] // get *pgd (may be 0) 475 ;; 476(p7) cmp.eq p6,p7=r17,r0 // was pgd_present(*pgd) == NULL? 477 dep r17=r18,r17,3,(PAGE_SHIFT-3) // r17=p[u|m]d_offset(pgd,addr) 478 ;; 479#ifdef CONFIG_PGTABLE_4 480(p7) ld8 r17=[r17] // get *pud (may be 0) 481 shr.u r18=r22,PMD_SHIFT // shift pmd index into position 482 ;; 483(p7) cmp.eq.or.andcm p6,p7=r17,r0 // was pud_present(*pud) == NULL? 484 dep r17=r18,r17,3,(PAGE_SHIFT-3) // r17=pmd_offset(pud,addr) 485 ;; 486#endif 487(p7) ld8 r17=[r17] // get *pmd (may be 0) 488 shr.u r19=r22,PAGE_SHIFT // shift pte index into position 489 ;; 490(p7) cmp.eq.or.andcm p6,p7=r17,r0 // was pmd_present(*pmd) == NULL? 491 dep r17=r19,r17,3,(PAGE_SHIFT-3) // r17=pte_offset(pmd,addr); 492(p6) br.cond.spnt page_fault 493 mov b0=r30 494 br.sptk.many b0 // return to continuation point 495END(nested_dtlb_miss) 496 497 .org ia64_ivt+0x1800 498///////////////////////////////////////////////////////////////////////////////////////// 499// 0x1800 Entry 6 (size 64 bundles) Instruction Key Miss (24) 500ENTRY(ikey_miss) 501 DBG_FAULT(6) 502 FAULT(6) 503END(ikey_miss) 504 505 .org ia64_ivt+0x1c00 506///////////////////////////////////////////////////////////////////////////////////////// 507// 0x1c00 Entry 7 (size 64 bundles) Data Key Miss (12,51) 508ENTRY(dkey_miss) 509 DBG_FAULT(7) 510 FAULT(7) 511END(dkey_miss) 512 513 .org ia64_ivt+0x2000 514///////////////////////////////////////////////////////////////////////////////////////// 515// 0x2000 Entry 8 (size 64 bundles) Dirty-bit (54) 516ENTRY(dirty_bit) 517 DBG_FAULT(8) 518 /* 519 * What we do here is to simply turn on the dirty bit in the PTE. We need to 520 * update both the page-table and the TLB entry. To efficiently access the PTE, 521 * we address it through the virtual page table. Most likely, the TLB entry for 522 * the relevant virtual page table page is still present in the TLB so we can 523 * normally do this without additional TLB misses. In case the necessary virtual 524 * page table TLB entry isn't present, we take a nested TLB miss hit where we look 525 * up the physical address of the L3 PTE and then continue at label 1 below. 526 */ 527 MOV_FROM_IFA(r16) // get the address that caused the fault 528 movl r30=1f // load continuation point in case of nested fault 529 ;; 530 THASH(p0, r17, r16, r18) // compute virtual address of L3 PTE 531 mov r29=b0 // save b0 in case of nested fault 532 mov r31=pr // save pr 533#ifdef CONFIG_SMP 534 mov r28=ar.ccv // save ar.ccv 535 ;; 5361: ld8 r18=[r17] 537 ;; // avoid RAW on r18 538 mov ar.ccv=r18 // set compare value for cmpxchg 539 or r25=_PAGE_D|_PAGE_A,r18 // set the dirty and accessed bits 540 tbit.z p7,p6 = r18,_PAGE_P_BIT // Check present bit 541 ;; 542(p6) cmpxchg8.acq r26=[r17],r25,ar.ccv // Only update if page is present 543 mov r24=PAGE_SHIFT<<2 544 ;; 545(p6) cmp.eq p6,p7=r26,r18 // Only compare if page is present 546 ;; 547 ITC_D(p6, r25, r18) // install updated PTE 548 ;; 549 /* 550 * Tell the assemblers dependency-violation checker that the above "itc" instructions 551 * cannot possibly affect the following loads: 552 */ 553 dv_serialize_data 554 555 ld8 r18=[r17] // read PTE again 556 ;; 557 cmp.eq p6,p7=r18,r25 // is it same as the newly installed 558 ;; 559(p7) ptc.l r16,r24 560 mov b0=r29 // restore b0 561 mov ar.ccv=r28 562#else 563 ;; 5641: ld8 r18=[r17] 565 ;; // avoid RAW on r18 566 or r18=_PAGE_D|_PAGE_A,r18 // set the dirty and accessed bits 567 mov b0=r29 // restore b0 568 ;; 569 st8 [r17]=r18 // store back updated PTE 570 ITC_D(p0, r18, r16) // install updated PTE 571#endif 572 mov pr=r31,-1 // restore pr 573 RFI 574END(dirty_bit) 575 576 .org ia64_ivt+0x2400 577///////////////////////////////////////////////////////////////////////////////////////// 578// 0x2400 Entry 9 (size 64 bundles) Instruction Access-bit (27) 579ENTRY(iaccess_bit) 580 DBG_FAULT(9) 581 // Like Entry 8, except for instruction access 582 MOV_FROM_IFA(r16) // get the address that caused the fault 583 movl r30=1f // load continuation point in case of nested fault 584 mov r31=pr // save predicates 585#ifdef CONFIG_ITANIUM 586 /* 587 * Erratum 10 (IFA may contain incorrect address) has "NoFix" status. 588 */ 589 MOV_FROM_IPSR(p0, r17) 590 ;; 591 MOV_FROM_IIP(r18) 592 tbit.z p6,p0=r17,IA64_PSR_IS_BIT // IA64 instruction set? 593 ;; 594(p6) mov r16=r18 // if so, use cr.iip instead of cr.ifa 595#endif /* CONFIG_ITANIUM */ 596 ;; 597 THASH(p0, r17, r16, r18) // compute virtual address of L3 PTE 598 mov r29=b0 // save b0 in case of nested fault) 599#ifdef CONFIG_SMP 600 mov r28=ar.ccv // save ar.ccv 601 ;; 6021: ld8 r18=[r17] 603 ;; 604 mov ar.ccv=r18 // set compare value for cmpxchg 605 or r25=_PAGE_A,r18 // set the accessed bit 606 tbit.z p7,p6 = r18,_PAGE_P_BIT // Check present bit 607 ;; 608(p6) cmpxchg8.acq r26=[r17],r25,ar.ccv // Only if page present 609 mov r24=PAGE_SHIFT<<2 610 ;; 611(p6) cmp.eq p6,p7=r26,r18 // Only if page present 612 ;; 613 ITC_I(p6, r25, r26) // install updated PTE 614 ;; 615 /* 616 * Tell the assemblers dependency-violation checker that the above "itc" instructions 617 * cannot possibly affect the following loads: 618 */ 619 dv_serialize_data 620 621 ld8 r18=[r17] // read PTE again 622 ;; 623 cmp.eq p6,p7=r18,r25 // is it same as the newly installed 624 ;; 625(p7) ptc.l r16,r24 626 mov b0=r29 // restore b0 627 mov ar.ccv=r28 628#else /* !CONFIG_SMP */ 629 ;; 6301: ld8 r18=[r17] 631 ;; 632 or r18=_PAGE_A,r18 // set the accessed bit 633 mov b0=r29 // restore b0 634 ;; 635 st8 [r17]=r18 // store back updated PTE 636 ITC_I(p0, r18, r16) // install updated PTE 637#endif /* !CONFIG_SMP */ 638 mov pr=r31,-1 639 RFI 640END(iaccess_bit) 641 642 .org ia64_ivt+0x2800 643///////////////////////////////////////////////////////////////////////////////////////// 644// 0x2800 Entry 10 (size 64 bundles) Data Access-bit (15,55) 645ENTRY(daccess_bit) 646 DBG_FAULT(10) 647 // Like Entry 8, except for data access 648 MOV_FROM_IFA(r16) // get the address that caused the fault 649 movl r30=1f // load continuation point in case of nested fault 650 ;; 651 THASH(p0, r17, r16, r18) // compute virtual address of L3 PTE 652 mov r31=pr 653 mov r29=b0 // save b0 in case of nested fault) 654#ifdef CONFIG_SMP 655 mov r28=ar.ccv // save ar.ccv 656 ;; 6571: ld8 r18=[r17] 658 ;; // avoid RAW on r18 659 mov ar.ccv=r18 // set compare value for cmpxchg 660 or r25=_PAGE_A,r18 // set the dirty bit 661 tbit.z p7,p6 = r18,_PAGE_P_BIT // Check present bit 662 ;; 663(p6) cmpxchg8.acq r26=[r17],r25,ar.ccv // Only if page is present 664 mov r24=PAGE_SHIFT<<2 665 ;; 666(p6) cmp.eq p6,p7=r26,r18 // Only if page is present 667 ;; 668 ITC_D(p6, r25, r26) // install updated PTE 669 /* 670 * Tell the assemblers dependency-violation checker that the above "itc" instructions 671 * cannot possibly affect the following loads: 672 */ 673 dv_serialize_data 674 ;; 675 ld8 r18=[r17] // read PTE again 676 ;; 677 cmp.eq p6,p7=r18,r25 // is it same as the newly installed 678 ;; 679(p7) ptc.l r16,r24 680 mov ar.ccv=r28 681#else 682 ;; 6831: ld8 r18=[r17] 684 ;; // avoid RAW on r18 685 or r18=_PAGE_A,r18 // set the accessed bit 686 ;; 687 st8 [r17]=r18 // store back updated PTE 688 ITC_D(p0, r18, r16) // install updated PTE 689#endif 690 mov b0=r29 // restore b0 691 mov pr=r31,-1 692 RFI 693END(daccess_bit) 694 695 .org ia64_ivt+0x2c00 696///////////////////////////////////////////////////////////////////////////////////////// 697// 0x2c00 Entry 11 (size 64 bundles) Break instruction (33) 698ENTRY(break_fault) 699 /* 700 * The streamlined system call entry/exit paths only save/restore the initial part 701 * of pt_regs. This implies that the callers of system-calls must adhere to the 702 * normal procedure calling conventions. 703 * 704 * Registers to be saved & restored: 705 * CR registers: cr.ipsr, cr.iip, cr.ifs 706 * AR registers: ar.unat, ar.pfs, ar.rsc, ar.rnat, ar.bspstore, ar.fpsr 707 * others: pr, b0, b6, loadrs, r1, r11, r12, r13, r15 708 * Registers to be restored only: 709 * r8-r11: output value from the system call. 710 * 711 * During system call exit, scratch registers (including r15) are modified/cleared 712 * to prevent leaking bits from kernel to user level. 713 */ 714 DBG_FAULT(11) 715 mov.m r16=IA64_KR(CURRENT) // M2 r16 <- current task (12 cyc) 716 MOV_FROM_IPSR(p0, r29) // M2 (12 cyc) 717 mov r31=pr // I0 (2 cyc) 718 719 MOV_FROM_IIM(r17) // M2 (2 cyc) 720 mov.m r27=ar.rsc // M2 (12 cyc) 721 mov r18=__IA64_BREAK_SYSCALL // A 722 723 mov.m ar.rsc=0 // M2 724 mov.m r21=ar.fpsr // M2 (12 cyc) 725 mov r19=b6 // I0 (2 cyc) 726 ;; 727 mov.m r23=ar.bspstore // M2 (12 cyc) 728 mov.m r24=ar.rnat // M2 (5 cyc) 729 mov.i r26=ar.pfs // I0 (2 cyc) 730 731 invala // M0|1 732 nop.m 0 // M 733 mov r20=r1 // A save r1 734 735 nop.m 0 736 movl r30=sys_call_table // X 737 738 MOV_FROM_IIP(r28) // M2 (2 cyc) 739 cmp.eq p0,p7=r18,r17 // I0 is this a system call? 740(p7) br.cond.spnt non_syscall // B no -> 741 // 742 // From this point on, we are definitely on the syscall-path 743 // and we can use (non-banked) scratch registers. 744 // 745/////////////////////////////////////////////////////////////////////// 746 mov r1=r16 // A move task-pointer to "addl"-addressable reg 747 mov r2=r16 // A setup r2 for ia64_syscall_setup 748 add r9=TI_FLAGS+IA64_TASK_SIZE,r16 // A r9 = ¤t_thread_info()->flags 749 750 adds r16=IA64_TASK_THREAD_ON_USTACK_OFFSET,r16 751 adds r15=-1024,r15 // A subtract 1024 from syscall number 752 mov r3=NR_syscalls - 1 753 ;; 754 ld1.bias r17=[r16] // M0|1 r17 = current->thread.on_ustack flag 755 ld4 r9=[r9] // M0|1 r9 = current_thread_info()->flags 756 extr.u r8=r29,41,2 // I0 extract ei field from cr.ipsr 757 758 shladd r30=r15,3,r30 // A r30 = sys_call_table + 8*(syscall-1024) 759 addl r22=IA64_RBS_OFFSET,r1 // A compute base of RBS 760 cmp.leu p6,p7=r15,r3 // A syscall number in range? 761 ;; 762 763 lfetch.fault.excl.nt1 [r22] // M0|1 prefetch RBS 764(p6) ld8 r30=[r30] // M0|1 load address of syscall entry point 765 tnat.nz.or p7,p0=r15 // I0 is syscall nr a NaT? 766 767 mov.m ar.bspstore=r22 // M2 switch to kernel RBS 768 cmp.eq p8,p9=2,r8 // A isr.ei==2? 769 ;; 770 771(p8) mov r8=0 // A clear ei to 0 772(p7) movl r30=sys_ni_syscall // X 773 774(p8) adds r28=16,r28 // A switch cr.iip to next bundle 775(p9) adds r8=1,r8 // A increment ei to next slot 776#ifdef CONFIG_VIRT_CPU_ACCOUNTING 777 ;; 778 mov b6=r30 // I0 setup syscall handler branch reg early 779#else 780 nop.i 0 781 ;; 782#endif 783 784 mov.m r25=ar.unat // M2 (5 cyc) 785 dep r29=r8,r29,41,2 // I0 insert new ei into cr.ipsr 786 adds r15=1024,r15 // A restore original syscall number 787 // 788 // If any of the above loads miss in L1D, we'll stall here until 789 // the data arrives. 790 // 791/////////////////////////////////////////////////////////////////////// 792 st1 [r16]=r0 // M2|3 clear current->thread.on_ustack flag 793#ifdef CONFIG_VIRT_CPU_ACCOUNTING 794 MOV_FROM_ITC(p0, p14, r30, r18) // M get cycle for accounting 795#else 796 mov b6=r30 // I0 setup syscall handler branch reg early 797#endif 798 cmp.eq pKStk,pUStk=r0,r17 // A were we on kernel stacks already? 799 800 and r9=_TIF_SYSCALL_TRACEAUDIT,r9 // A mask trace or audit 801 mov r18=ar.bsp // M2 (12 cyc) 802(pKStk) br.cond.spnt .break_fixup // B we're already in kernel-mode -- fix up RBS 803 ;; 804.back_from_break_fixup: 805(pUStk) addl r1=IA64_STK_OFFSET-IA64_PT_REGS_SIZE,r1 // A compute base of memory stack 806 cmp.eq p14,p0=r9,r0 // A are syscalls being traced/audited? 807 br.call.sptk.many b7=ia64_syscall_setup // B 8081: 809#ifdef CONFIG_VIRT_CPU_ACCOUNTING 810 // mov.m r30=ar.itc is called in advance, and r13 is current 811 add r16=TI_AC_STAMP+IA64_TASK_SIZE,r13 // A 812 add r17=TI_AC_LEAVE+IA64_TASK_SIZE,r13 // A 813(pKStk) br.cond.spnt .skip_accounting // B unlikely skip 814 ;; 815 ld8 r18=[r16],TI_AC_STIME-TI_AC_STAMP // M get last stamp 816 ld8 r19=[r17],TI_AC_UTIME-TI_AC_LEAVE // M time at leave 817 ;; 818 ld8 r20=[r16],TI_AC_STAMP-TI_AC_STIME // M cumulated stime 819 ld8 r21=[r17] // M cumulated utime 820 sub r22=r19,r18 // A stime before leave 821 ;; 822 st8 [r16]=r30,TI_AC_STIME-TI_AC_STAMP // M update stamp 823 sub r18=r30,r19 // A elapsed time in user 824 ;; 825 add r20=r20,r22 // A sum stime 826 add r21=r21,r18 // A sum utime 827 ;; 828 st8 [r16]=r20 // M update stime 829 st8 [r17]=r21 // M update utime 830 ;; 831.skip_accounting: 832#endif 833 mov ar.rsc=0x3 // M2 set eager mode, pl 0, LE, loadrs=0 834 nop 0 835 BSW_1(r2, r14) // B (6 cyc) regs are saved, switch to bank 1 836 ;; 837 838 SSM_PSR_IC_AND_DEFAULT_BITS_AND_SRLZ_I(r3, r16) // M2 now it's safe to re-enable intr.-collection 839 // M0 ensure interruption collection is on 840 movl r3=ia64_ret_from_syscall // X 841 ;; 842 mov rp=r3 // I0 set the real return addr 843(p10) br.cond.spnt.many ia64_ret_from_syscall // B return if bad call-frame or r15 is a NaT 844 845 SSM_PSR_I(p15, p15, r16) // M2 restore psr.i 846(p14) br.call.sptk.many b6=b6 // B invoke syscall-handker (ignore return addr) 847 br.cond.spnt.many ia64_trace_syscall // B do syscall-tracing thingamagic 848 // NOT REACHED 849/////////////////////////////////////////////////////////////////////// 850 // On entry, we optimistically assumed that we're coming from user-space. 851 // For the rare cases where a system-call is done from within the kernel, 852 // we fix things up at this point: 853.break_fixup: 854 add r1=-IA64_PT_REGS_SIZE,sp // A allocate space for pt_regs structure 855 mov ar.rnat=r24 // M2 restore kernel's AR.RNAT 856 ;; 857 mov ar.bspstore=r23 // M2 restore kernel's AR.BSPSTORE 858 br.cond.sptk .back_from_break_fixup 859END(break_fault) 860 861 .org ia64_ivt+0x3000 862///////////////////////////////////////////////////////////////////////////////////////// 863// 0x3000 Entry 12 (size 64 bundles) External Interrupt (4) 864ENTRY(interrupt) 865 /* interrupt handler has become too big to fit this area. */ 866 br.sptk.many __interrupt 867END(interrupt) 868 869 .org ia64_ivt+0x3400 870///////////////////////////////////////////////////////////////////////////////////////// 871// 0x3400 Entry 13 (size 64 bundles) Reserved 872 DBG_FAULT(13) 873 FAULT(13) 874 875 .org ia64_ivt+0x3800 876///////////////////////////////////////////////////////////////////////////////////////// 877// 0x3800 Entry 14 (size 64 bundles) Reserved 878 DBG_FAULT(14) 879 FAULT(14) 880 881 /* 882 * There is no particular reason for this code to be here, other than that 883 * there happens to be space here that would go unused otherwise. If this 884 * fault ever gets "unreserved", simply moved the following code to a more 885 * suitable spot... 886 * 887 * ia64_syscall_setup() is a separate subroutine so that it can 888 * allocate stacked registers so it can safely demine any 889 * potential NaT values from the input registers. 890 * 891 * On entry: 892 * - executing on bank 0 or bank 1 register set (doesn't matter) 893 * - r1: stack pointer 894 * - r2: current task pointer 895 * - r3: preserved 896 * - r11: original contents (saved ar.pfs to be saved) 897 * - r12: original contents (sp to be saved) 898 * - r13: original contents (tp to be saved) 899 * - r15: original contents (syscall # to be saved) 900 * - r18: saved bsp (after switching to kernel stack) 901 * - r19: saved b6 902 * - r20: saved r1 (gp) 903 * - r21: saved ar.fpsr 904 * - r22: kernel's register backing store base (krbs_base) 905 * - r23: saved ar.bspstore 906 * - r24: saved ar.rnat 907 * - r25: saved ar.unat 908 * - r26: saved ar.pfs 909 * - r27: saved ar.rsc 910 * - r28: saved cr.iip 911 * - r29: saved cr.ipsr 912 * - r30: ar.itc for accounting (don't touch) 913 * - r31: saved pr 914 * - b0: original contents (to be saved) 915 * On exit: 916 * - p10: TRUE if syscall is invoked with more than 8 out 917 * registers or r15's Nat is true 918 * - r1: kernel's gp 919 * - r3: preserved (same as on entry) 920 * - r8: -EINVAL if p10 is true 921 * - r12: points to kernel stack 922 * - r13: points to current task 923 * - r14: preserved (same as on entry) 924 * - p13: preserved 925 * - p15: TRUE if interrupts need to be re-enabled 926 * - ar.fpsr: set to kernel settings 927 * - b6: preserved (same as on entry) 928 */ 929#ifdef __IA64_ASM_PARAVIRTUALIZED_NATIVE 930GLOBAL_ENTRY(ia64_syscall_setup) 931#if PT(B6) != 0 932# error This code assumes that b6 is the first field in pt_regs. 933#endif 934 st8 [r1]=r19 // save b6 935 add r16=PT(CR_IPSR),r1 // initialize first base pointer 936 add r17=PT(R11),r1 // initialize second base pointer 937 ;; 938 alloc r19=ar.pfs,8,0,0,0 // ensure in0-in7 are writable 939 st8 [r16]=r29,PT(AR_PFS)-PT(CR_IPSR) // save cr.ipsr 940 tnat.nz p8,p0=in0 941 942 st8.spill [r17]=r11,PT(CR_IIP)-PT(R11) // save r11 943 tnat.nz p9,p0=in1 944(pKStk) mov r18=r0 // make sure r18 isn't NaT 945 ;; 946 947 st8 [r16]=r26,PT(CR_IFS)-PT(AR_PFS) // save ar.pfs 948 st8 [r17]=r28,PT(AR_UNAT)-PT(CR_IIP) // save cr.iip 949 mov r28=b0 // save b0 (2 cyc) 950 ;; 951 952 st8 [r17]=r25,PT(AR_RSC)-PT(AR_UNAT) // save ar.unat 953 dep r19=0,r19,38,26 // clear all bits but 0..37 [I0] 954(p8) mov in0=-1 955 ;; 956 957 st8 [r16]=r19,PT(AR_RNAT)-PT(CR_IFS) // store ar.pfs.pfm in cr.ifs 958 extr.u r11=r19,7,7 // I0 // get sol of ar.pfs 959 and r8=0x7f,r19 // A // get sof of ar.pfs 960 961 st8 [r17]=r27,PT(AR_BSPSTORE)-PT(AR_RSC)// save ar.rsc 962 tbit.nz p15,p0=r29,IA64_PSR_I_BIT // I0 963(p9) mov in1=-1 964 ;; 965 966(pUStk) sub r18=r18,r22 // r18=RSE.ndirty*8 967 tnat.nz p10,p0=in2 968 add r11=8,r11 969 ;; 970(pKStk) adds r16=PT(PR)-PT(AR_RNAT),r16 // skip over ar_rnat field 971(pKStk) adds r17=PT(B0)-PT(AR_BSPSTORE),r17 // skip over ar_bspstore field 972 tnat.nz p11,p0=in3 973 ;; 974(p10) mov in2=-1 975 tnat.nz p12,p0=in4 // [I0] 976(p11) mov in3=-1 977 ;; 978(pUStk) st8 [r16]=r24,PT(PR)-PT(AR_RNAT) // save ar.rnat 979(pUStk) st8 [r17]=r23,PT(B0)-PT(AR_BSPSTORE) // save ar.bspstore 980 shl r18=r18,16 // compute ar.rsc to be used for "loadrs" 981 ;; 982 st8 [r16]=r31,PT(LOADRS)-PT(PR) // save predicates 983 st8 [r17]=r28,PT(R1)-PT(B0) // save b0 984 tnat.nz p13,p0=in5 // [I0] 985 ;; 986 st8 [r16]=r18,PT(R12)-PT(LOADRS) // save ar.rsc value for "loadrs" 987 st8.spill [r17]=r20,PT(R13)-PT(R1) // save original r1 988(p12) mov in4=-1 989 ;; 990 991.mem.offset 0,0; st8.spill [r16]=r12,PT(AR_FPSR)-PT(R12) // save r12 992.mem.offset 8,0; st8.spill [r17]=r13,PT(R15)-PT(R13) // save r13 993(p13) mov in5=-1 994 ;; 995 st8 [r16]=r21,PT(R8)-PT(AR_FPSR) // save ar.fpsr 996 tnat.nz p13,p0=in6 997 cmp.lt p10,p9=r11,r8 // frame size can't be more than local+8 998 ;; 999 mov r8=1 1000(p9) tnat.nz p10,p0=r15 1001 adds r12=-16,r1 // switch to kernel memory stack (with 16 bytes of scratch) 1002 1003 st8.spill [r17]=r15 // save r15 1004 tnat.nz p8,p0=in7 1005 nop.i 0 1006 1007 mov r13=r2 // establish `current' 1008 movl r1=__gp // establish kernel global pointer 1009 ;; 1010 st8 [r16]=r8 // ensure pt_regs.r8 != 0 (see handle_syscall_error) 1011(p13) mov in6=-1 1012(p8) mov in7=-1 1013 1014 cmp.eq pSys,pNonSys=r0,r0 // set pSys=1, pNonSys=0 1015 movl r17=FPSR_DEFAULT 1016 ;; 1017 mov.m ar.fpsr=r17 // set ar.fpsr to kernel default value 1018(p10) mov r8=-EINVAL 1019 br.ret.sptk.many b7 1020END(ia64_syscall_setup) 1021#endif /* __IA64_ASM_PARAVIRTUALIZED_NATIVE */ 1022 1023 .org ia64_ivt+0x3c00 1024///////////////////////////////////////////////////////////////////////////////////////// 1025// 0x3c00 Entry 15 (size 64 bundles) Reserved 1026 DBG_FAULT(15) 1027 FAULT(15) 1028 1029 .org ia64_ivt+0x4000 1030///////////////////////////////////////////////////////////////////////////////////////// 1031// 0x4000 Entry 16 (size 64 bundles) Reserved 1032 DBG_FAULT(16) 1033 FAULT(16) 1034 1035#if defined(CONFIG_VIRT_CPU_ACCOUNTING) && defined(__IA64_ASM_PARAVIRTUALIZED_NATIVE) 1036 /* 1037 * There is no particular reason for this code to be here, other than 1038 * that there happens to be space here that would go unused otherwise. 1039 * If this fault ever gets "unreserved", simply moved the following 1040 * code to a more suitable spot... 1041 * 1042 * account_sys_enter is called from SAVE_MIN* macros if accounting is 1043 * enabled and if the macro is entered from user mode. 1044 */ 1045GLOBAL_ENTRY(account_sys_enter) 1046 // mov.m r20=ar.itc is called in advance, and r13 is current 1047 add r16=TI_AC_STAMP+IA64_TASK_SIZE,r13 1048 add r17=TI_AC_LEAVE+IA64_TASK_SIZE,r13 1049 ;; 1050 ld8 r18=[r16],TI_AC_STIME-TI_AC_STAMP // time at last check in kernel 1051 ld8 r19=[r17],TI_AC_UTIME-TI_AC_LEAVE // time at left from kernel 1052 ;; 1053 ld8 r23=[r16],TI_AC_STAMP-TI_AC_STIME // cumulated stime 1054 ld8 r21=[r17] // cumulated utime 1055 sub r22=r19,r18 // stime before leave kernel 1056 ;; 1057 st8 [r16]=r20,TI_AC_STIME-TI_AC_STAMP // update stamp 1058 sub r18=r20,r19 // elapsed time in user mode 1059 ;; 1060 add r23=r23,r22 // sum stime 1061 add r21=r21,r18 // sum utime 1062 ;; 1063 st8 [r16]=r23 // update stime 1064 st8 [r17]=r21 // update utime 1065 ;; 1066 br.ret.sptk.many rp 1067END(account_sys_enter) 1068#endif 1069 1070 .org ia64_ivt+0x4400 1071///////////////////////////////////////////////////////////////////////////////////////// 1072// 0x4400 Entry 17 (size 64 bundles) Reserved 1073 DBG_FAULT(17) 1074 FAULT(17) 1075 1076 .org ia64_ivt+0x4800 1077///////////////////////////////////////////////////////////////////////////////////////// 1078// 0x4800 Entry 18 (size 64 bundles) Reserved 1079 DBG_FAULT(18) 1080 FAULT(18) 1081 1082 .org ia64_ivt+0x4c00 1083///////////////////////////////////////////////////////////////////////////////////////// 1084// 0x4c00 Entry 19 (size 64 bundles) Reserved 1085 DBG_FAULT(19) 1086 FAULT(19) 1087 1088// 1089// --- End of long entries, Beginning of short entries 1090// 1091 1092 .org ia64_ivt+0x5000 1093///////////////////////////////////////////////////////////////////////////////////////// 1094// 0x5000 Entry 20 (size 16 bundles) Page Not Present (10,22,49) 1095ENTRY(page_not_present) 1096 DBG_FAULT(20) 1097 MOV_FROM_IFA(r16) 1098 RSM_PSR_DT 1099 /* 1100 * The Linux page fault handler doesn't expect non-present pages to be in 1101 * the TLB. Flush the existing entry now, so we meet that expectation. 1102 */ 1103 mov r17=PAGE_SHIFT<<2 1104 ;; 1105 ptc.l r16,r17 1106 ;; 1107 mov r31=pr 1108 srlz.d 1109 br.sptk.many page_fault 1110END(page_not_present) 1111 1112 .org ia64_ivt+0x5100 1113///////////////////////////////////////////////////////////////////////////////////////// 1114// 0x5100 Entry 21 (size 16 bundles) Key Permission (13,25,52) 1115ENTRY(key_permission) 1116 DBG_FAULT(21) 1117 MOV_FROM_IFA(r16) 1118 RSM_PSR_DT 1119 mov r31=pr 1120 ;; 1121 srlz.d 1122 br.sptk.many page_fault 1123END(key_permission) 1124 1125 .org ia64_ivt+0x5200 1126///////////////////////////////////////////////////////////////////////////////////////// 1127// 0x5200 Entry 22 (size 16 bundles) Instruction Access Rights (26) 1128ENTRY(iaccess_rights) 1129 DBG_FAULT(22) 1130 MOV_FROM_IFA(r16) 1131 RSM_PSR_DT 1132 mov r31=pr 1133 ;; 1134 srlz.d 1135 br.sptk.many page_fault 1136END(iaccess_rights) 1137 1138 .org ia64_ivt+0x5300 1139///////////////////////////////////////////////////////////////////////////////////////// 1140// 0x5300 Entry 23 (size 16 bundles) Data Access Rights (14,53) 1141ENTRY(daccess_rights) 1142 DBG_FAULT(23) 1143 MOV_FROM_IFA(r16) 1144 RSM_PSR_DT 1145 mov r31=pr 1146 ;; 1147 srlz.d 1148 br.sptk.many page_fault 1149END(daccess_rights) 1150 1151 .org ia64_ivt+0x5400 1152///////////////////////////////////////////////////////////////////////////////////////// 1153// 0x5400 Entry 24 (size 16 bundles) General Exception (5,32,34,36,38,39) 1154ENTRY(general_exception) 1155 DBG_FAULT(24) 1156 MOV_FROM_ISR(r16) 1157 mov r31=pr 1158 ;; 1159 cmp4.eq p6,p0=0,r16 1160(p6) br.sptk.many dispatch_illegal_op_fault 1161 ;; 1162 mov r19=24 // fault number 1163 br.sptk.many dispatch_to_fault_handler 1164END(general_exception) 1165 1166 .org ia64_ivt+0x5500 1167///////////////////////////////////////////////////////////////////////////////////////// 1168// 0x5500 Entry 25 (size 16 bundles) Disabled FP-Register (35) 1169ENTRY(disabled_fp_reg) 1170 DBG_FAULT(25) 1171 rsm psr.dfh // ensure we can access fph 1172 ;; 1173 srlz.d 1174 mov r31=pr 1175 mov r19=25 1176 br.sptk.many dispatch_to_fault_handler 1177END(disabled_fp_reg) 1178 1179 .org ia64_ivt+0x5600 1180///////////////////////////////////////////////////////////////////////////////////////// 1181// 0x5600 Entry 26 (size 16 bundles) Nat Consumption (11,23,37,50) 1182ENTRY(nat_consumption) 1183 DBG_FAULT(26) 1184 1185 MOV_FROM_IPSR(p0, r16) 1186 MOV_FROM_ISR(r17) 1187 mov r31=pr // save PR 1188 ;; 1189 and r18=0xf,r17 // r18 = cr.ipsr.code{3:0} 1190 tbit.z p6,p0=r17,IA64_ISR_NA_BIT 1191 ;; 1192 cmp.ne.or p6,p0=IA64_ISR_CODE_LFETCH,r18 1193 dep r16=-1,r16,IA64_PSR_ED_BIT,1 1194(p6) br.cond.spnt 1f // branch if (cr.ispr.na == 0 || cr.ipsr.code{3:0} != LFETCH) 1195 ;; 1196 MOV_TO_IPSR(p0, r16, r18) 1197 mov pr=r31,-1 1198 ;; 1199 RFI 1200 12011: mov pr=r31,-1 1202 ;; 1203 FAULT(26) 1204END(nat_consumption) 1205 1206 .org ia64_ivt+0x5700 1207///////////////////////////////////////////////////////////////////////////////////////// 1208// 0x5700 Entry 27 (size 16 bundles) Speculation (40) 1209ENTRY(speculation_vector) 1210 DBG_FAULT(27) 1211 /* 1212 * A [f]chk.[as] instruction needs to take the branch to the recovery code but 1213 * this part of the architecture is not implemented in hardware on some CPUs, such 1214 * as Itanium. Thus, in general we need to emulate the behavior. IIM contains 1215 * the relative target (not yet sign extended). So after sign extending it we 1216 * simply add it to IIP. We also need to reset the EI field of the IPSR to zero, 1217 * i.e., the slot to restart into. 1218 * 1219 * cr.imm contains zero_ext(imm21) 1220 */ 1221 MOV_FROM_IIM(r18) 1222 ;; 1223 MOV_FROM_IIP(r17) 1224 shl r18=r18,43 // put sign bit in position (43=64-21) 1225 ;; 1226 1227 MOV_FROM_IPSR(p0, r16) 1228 shr r18=r18,39 // sign extend (39=43-4) 1229 ;; 1230 1231 add r17=r17,r18 // now add the offset 1232 ;; 1233 MOV_TO_IIP(r17, r19) 1234 dep r16=0,r16,41,2 // clear EI 1235 ;; 1236 1237 MOV_TO_IPSR(p0, r16, r19) 1238 ;; 1239 1240 RFI 1241END(speculation_vector) 1242 1243 .org ia64_ivt+0x5800 1244///////////////////////////////////////////////////////////////////////////////////////// 1245// 0x5800 Entry 28 (size 16 bundles) Reserved 1246 DBG_FAULT(28) 1247 FAULT(28) 1248 1249 .org ia64_ivt+0x5900 1250///////////////////////////////////////////////////////////////////////////////////////// 1251// 0x5900 Entry 29 (size 16 bundles) Debug (16,28,56) 1252ENTRY(debug_vector) 1253 DBG_FAULT(29) 1254 FAULT(29) 1255END(debug_vector) 1256 1257 .org ia64_ivt+0x5a00 1258///////////////////////////////////////////////////////////////////////////////////////// 1259// 0x5a00 Entry 30 (size 16 bundles) Unaligned Reference (57) 1260ENTRY(unaligned_access) 1261 DBG_FAULT(30) 1262 mov r31=pr // prepare to save predicates 1263 ;; 1264 br.sptk.many dispatch_unaligned_handler 1265END(unaligned_access) 1266 1267 .org ia64_ivt+0x5b00 1268///////////////////////////////////////////////////////////////////////////////////////// 1269// 0x5b00 Entry 31 (size 16 bundles) Unsupported Data Reference (57) 1270ENTRY(unsupported_data_reference) 1271 DBG_FAULT(31) 1272 FAULT(31) 1273END(unsupported_data_reference) 1274 1275 .org ia64_ivt+0x5c00 1276///////////////////////////////////////////////////////////////////////////////////////// 1277// 0x5c00 Entry 32 (size 16 bundles) Floating-Point Fault (64) 1278ENTRY(floating_point_fault) 1279 DBG_FAULT(32) 1280 FAULT(32) 1281END(floating_point_fault) 1282 1283 .org ia64_ivt+0x5d00 1284///////////////////////////////////////////////////////////////////////////////////////// 1285// 0x5d00 Entry 33 (size 16 bundles) Floating Point Trap (66) 1286ENTRY(floating_point_trap) 1287 DBG_FAULT(33) 1288 FAULT(33) 1289END(floating_point_trap) 1290 1291 .org ia64_ivt+0x5e00 1292///////////////////////////////////////////////////////////////////////////////////////// 1293// 0x5e00 Entry 34 (size 16 bundles) Lower Privilege Transfer Trap (66) 1294ENTRY(lower_privilege_trap) 1295 DBG_FAULT(34) 1296 FAULT(34) 1297END(lower_privilege_trap) 1298 1299 .org ia64_ivt+0x5f00 1300///////////////////////////////////////////////////////////////////////////////////////// 1301// 0x5f00 Entry 35 (size 16 bundles) Taken Branch Trap (68) 1302ENTRY(taken_branch_trap) 1303 DBG_FAULT(35) 1304 FAULT(35) 1305END(taken_branch_trap) 1306 1307 .org ia64_ivt+0x6000 1308///////////////////////////////////////////////////////////////////////////////////////// 1309// 0x6000 Entry 36 (size 16 bundles) Single Step Trap (69) 1310ENTRY(single_step_trap) 1311 DBG_FAULT(36) 1312 FAULT(36) 1313END(single_step_trap) 1314 1315 .org ia64_ivt+0x6100 1316///////////////////////////////////////////////////////////////////////////////////////// 1317// 0x6100 Entry 37 (size 16 bundles) Reserved 1318 DBG_FAULT(37) 1319 FAULT(37) 1320 1321 .org ia64_ivt+0x6200 1322///////////////////////////////////////////////////////////////////////////////////////// 1323// 0x6200 Entry 38 (size 16 bundles) Reserved 1324 DBG_FAULT(38) 1325 FAULT(38) 1326 1327 .org ia64_ivt+0x6300 1328///////////////////////////////////////////////////////////////////////////////////////// 1329// 0x6300 Entry 39 (size 16 bundles) Reserved 1330 DBG_FAULT(39) 1331 FAULT(39) 1332 1333 .org ia64_ivt+0x6400 1334///////////////////////////////////////////////////////////////////////////////////////// 1335// 0x6400 Entry 40 (size 16 bundles) Reserved 1336 DBG_FAULT(40) 1337 FAULT(40) 1338 1339 .org ia64_ivt+0x6500 1340///////////////////////////////////////////////////////////////////////////////////////// 1341// 0x6500 Entry 41 (size 16 bundles) Reserved 1342 DBG_FAULT(41) 1343 FAULT(41) 1344 1345 .org ia64_ivt+0x6600 1346///////////////////////////////////////////////////////////////////////////////////////// 1347// 0x6600 Entry 42 (size 16 bundles) Reserved 1348 DBG_FAULT(42) 1349 FAULT(42) 1350 1351 .org ia64_ivt+0x6700 1352///////////////////////////////////////////////////////////////////////////////////////// 1353// 0x6700 Entry 43 (size 16 bundles) Reserved 1354 DBG_FAULT(43) 1355 FAULT(43) 1356 1357 .org ia64_ivt+0x6800 1358///////////////////////////////////////////////////////////////////////////////////////// 1359// 0x6800 Entry 44 (size 16 bundles) Reserved 1360 DBG_FAULT(44) 1361 FAULT(44) 1362 1363 .org ia64_ivt+0x6900 1364///////////////////////////////////////////////////////////////////////////////////////// 1365// 0x6900 Entry 45 (size 16 bundles) IA-32 Exeception (17,18,29,41,42,43,44,58,60,61,62,72,73,75,76,77) 1366ENTRY(ia32_exception) 1367 DBG_FAULT(45) 1368 FAULT(45) 1369END(ia32_exception) 1370 1371 .org ia64_ivt+0x6a00 1372///////////////////////////////////////////////////////////////////////////////////////// 1373// 0x6a00 Entry 46 (size 16 bundles) IA-32 Intercept (30,31,59,70,71) 1374ENTRY(ia32_intercept) 1375 DBG_FAULT(46) 1376 FAULT(46) 1377END(ia32_intercept) 1378 1379 .org ia64_ivt+0x6b00 1380///////////////////////////////////////////////////////////////////////////////////////// 1381// 0x6b00 Entry 47 (size 16 bundles) IA-32 Interrupt (74) 1382ENTRY(ia32_interrupt) 1383 DBG_FAULT(47) 1384 FAULT(47) 1385END(ia32_interrupt) 1386 1387 .org ia64_ivt+0x6c00 1388///////////////////////////////////////////////////////////////////////////////////////// 1389// 0x6c00 Entry 48 (size 16 bundles) Reserved 1390 DBG_FAULT(48) 1391 FAULT(48) 1392 1393 .org ia64_ivt+0x6d00 1394///////////////////////////////////////////////////////////////////////////////////////// 1395// 0x6d00 Entry 49 (size 16 bundles) Reserved 1396 DBG_FAULT(49) 1397 FAULT(49) 1398 1399 .org ia64_ivt+0x6e00 1400///////////////////////////////////////////////////////////////////////////////////////// 1401// 0x6e00 Entry 50 (size 16 bundles) Reserved 1402 DBG_FAULT(50) 1403 FAULT(50) 1404 1405 .org ia64_ivt+0x6f00 1406///////////////////////////////////////////////////////////////////////////////////////// 1407// 0x6f00 Entry 51 (size 16 bundles) Reserved 1408 DBG_FAULT(51) 1409 FAULT(51) 1410 1411 .org ia64_ivt+0x7000 1412///////////////////////////////////////////////////////////////////////////////////////// 1413// 0x7000 Entry 52 (size 16 bundles) Reserved 1414 DBG_FAULT(52) 1415 FAULT(52) 1416 1417 .org ia64_ivt+0x7100 1418///////////////////////////////////////////////////////////////////////////////////////// 1419// 0x7100 Entry 53 (size 16 bundles) Reserved 1420 DBG_FAULT(53) 1421 FAULT(53) 1422 1423 .org ia64_ivt+0x7200 1424///////////////////////////////////////////////////////////////////////////////////////// 1425// 0x7200 Entry 54 (size 16 bundles) Reserved 1426 DBG_FAULT(54) 1427 FAULT(54) 1428 1429 .org ia64_ivt+0x7300 1430///////////////////////////////////////////////////////////////////////////////////////// 1431// 0x7300 Entry 55 (size 16 bundles) Reserved 1432 DBG_FAULT(55) 1433 FAULT(55) 1434 1435 .org ia64_ivt+0x7400 1436///////////////////////////////////////////////////////////////////////////////////////// 1437// 0x7400 Entry 56 (size 16 bundles) Reserved 1438 DBG_FAULT(56) 1439 FAULT(56) 1440 1441 .org ia64_ivt+0x7500 1442///////////////////////////////////////////////////////////////////////////////////////// 1443// 0x7500 Entry 57 (size 16 bundles) Reserved 1444 DBG_FAULT(57) 1445 FAULT(57) 1446 1447 .org ia64_ivt+0x7600 1448///////////////////////////////////////////////////////////////////////////////////////// 1449// 0x7600 Entry 58 (size 16 bundles) Reserved 1450 DBG_FAULT(58) 1451 FAULT(58) 1452 1453 .org ia64_ivt+0x7700 1454///////////////////////////////////////////////////////////////////////////////////////// 1455// 0x7700 Entry 59 (size 16 bundles) Reserved 1456 DBG_FAULT(59) 1457 FAULT(59) 1458 1459 .org ia64_ivt+0x7800 1460///////////////////////////////////////////////////////////////////////////////////////// 1461// 0x7800 Entry 60 (size 16 bundles) Reserved 1462 DBG_FAULT(60) 1463 FAULT(60) 1464 1465 .org ia64_ivt+0x7900 1466///////////////////////////////////////////////////////////////////////////////////////// 1467// 0x7900 Entry 61 (size 16 bundles) Reserved 1468 DBG_FAULT(61) 1469 FAULT(61) 1470 1471 .org ia64_ivt+0x7a00 1472///////////////////////////////////////////////////////////////////////////////////////// 1473// 0x7a00 Entry 62 (size 16 bundles) Reserved 1474 DBG_FAULT(62) 1475 FAULT(62) 1476 1477 .org ia64_ivt+0x7b00 1478///////////////////////////////////////////////////////////////////////////////////////// 1479// 0x7b00 Entry 63 (size 16 bundles) Reserved 1480 DBG_FAULT(63) 1481 FAULT(63) 1482 1483 .org ia64_ivt+0x7c00 1484///////////////////////////////////////////////////////////////////////////////////////// 1485// 0x7c00 Entry 64 (size 16 bundles) Reserved 1486 DBG_FAULT(64) 1487 FAULT(64) 1488 1489 .org ia64_ivt+0x7d00 1490///////////////////////////////////////////////////////////////////////////////////////// 1491// 0x7d00 Entry 65 (size 16 bundles) Reserved 1492 DBG_FAULT(65) 1493 FAULT(65) 1494 1495 .org ia64_ivt+0x7e00 1496///////////////////////////////////////////////////////////////////////////////////////// 1497// 0x7e00 Entry 66 (size 16 bundles) Reserved 1498 DBG_FAULT(66) 1499 FAULT(66) 1500 1501 .org ia64_ivt+0x7f00 1502///////////////////////////////////////////////////////////////////////////////////////// 1503// 0x7f00 Entry 67 (size 16 bundles) Reserved 1504 DBG_FAULT(67) 1505 FAULT(67) 1506 1507 //----------------------------------------------------------------------------------- 1508 // call do_page_fault (predicates are in r31, psr.dt may be off, r16 is faulting address) 1509ENTRY(page_fault) 1510 SSM_PSR_DT_AND_SRLZ_I 1511 ;; 1512 SAVE_MIN_WITH_COVER 1513 alloc r15=ar.pfs,0,0,3,0 1514 MOV_FROM_IFA(out0) 1515 MOV_FROM_ISR(out1) 1516 SSM_PSR_IC_AND_DEFAULT_BITS_AND_SRLZ_I(r14, r3) 1517 adds r3=8,r2 // set up second base pointer 1518 SSM_PSR_I(p15, p15, r14) // restore psr.i 1519 movl r14=ia64_leave_kernel 1520 ;; 1521 SAVE_REST 1522 mov rp=r14 1523 ;; 1524 adds out2=16,r12 // out2 = pointer to pt_regs 1525 br.call.sptk.many b6=ia64_do_page_fault // ignore return address 1526END(page_fault) 1527 1528ENTRY(non_syscall) 1529 mov ar.rsc=r27 // restore ar.rsc before SAVE_MIN_WITH_COVER 1530 ;; 1531 SAVE_MIN_WITH_COVER 1532 1533 // There is no particular reason for this code to be here, other than that 1534 // there happens to be space here that would go unused otherwise. If this 1535 // fault ever gets "unreserved", simply moved the following code to a more 1536 // suitable spot... 1537 1538 alloc r14=ar.pfs,0,0,2,0 1539 MOV_FROM_IIM(out0) 1540 add out1=16,sp 1541 adds r3=8,r2 // set up second base pointer for SAVE_REST 1542 1543 SSM_PSR_IC_AND_DEFAULT_BITS_AND_SRLZ_I(r15, r24) 1544 // guarantee that interruption collection is on 1545 SSM_PSR_I(p15, p15, r15) // restore psr.i 1546 movl r15=ia64_leave_kernel 1547 ;; 1548 SAVE_REST 1549 mov rp=r15 1550 ;; 1551 br.call.sptk.many b6=ia64_bad_break // avoid WAW on CFM and ignore return addr 1552END(non_syscall) 1553 1554ENTRY(__interrupt) 1555 DBG_FAULT(12) 1556 mov r31=pr // prepare to save predicates 1557 ;; 1558 SAVE_MIN_WITH_COVER // uses r31; defines r2 and r3 1559 SSM_PSR_IC_AND_DEFAULT_BITS_AND_SRLZ_I(r3, r14) 1560 // ensure everybody knows psr.ic is back on 1561 adds r3=8,r2 // set up second base pointer for SAVE_REST 1562 ;; 1563 SAVE_REST 1564 ;; 1565 MCA_RECOVER_RANGE(interrupt) 1566 alloc r14=ar.pfs,0,0,2,0 // must be first in an insn group 1567 MOV_FROM_IVR(out0, r8) // pass cr.ivr as first arg 1568 add out1=16,sp // pass pointer to pt_regs as second arg 1569 ;; 1570 srlz.d // make sure we see the effect of cr.ivr 1571 movl r14=ia64_leave_kernel 1572 ;; 1573 mov rp=r14 1574 br.call.sptk.many b6=ia64_handle_irq 1575END(__interrupt) 1576 1577 /* 1578 * There is no particular reason for this code to be here, other than that 1579 * there happens to be space here that would go unused otherwise. If this 1580 * fault ever gets "unreserved", simply moved the following code to a more 1581 * suitable spot... 1582 */ 1583 1584ENTRY(dispatch_unaligned_handler) 1585 SAVE_MIN_WITH_COVER 1586 ;; 1587 alloc r14=ar.pfs,0,0,2,0 // now it's safe (must be first in insn group!) 1588 MOV_FROM_IFA(out0) 1589 adds out1=16,sp 1590 1591 SSM_PSR_IC_AND_DEFAULT_BITS_AND_SRLZ_I(r3, r24) 1592 // guarantee that interruption collection is on 1593 SSM_PSR_I(p15, p15, r3) // restore psr.i 1594 adds r3=8,r2 // set up second base pointer 1595 ;; 1596 SAVE_REST 1597 movl r14=ia64_leave_kernel 1598 ;; 1599 mov rp=r14 1600 br.sptk.many ia64_prepare_handle_unaligned 1601END(dispatch_unaligned_handler) 1602 1603 /* 1604 * There is no particular reason for this code to be here, other than that 1605 * there happens to be space here that would go unused otherwise. If this 1606 * fault ever gets "unreserved", simply moved the following code to a more 1607 * suitable spot... 1608 */ 1609 1610ENTRY(dispatch_to_fault_handler) 1611 /* 1612 * Input: 1613 * psr.ic: off 1614 * r19: fault vector number (e.g., 24 for General Exception) 1615 * r31: contains saved predicates (pr) 1616 */ 1617 SAVE_MIN_WITH_COVER_R19 1618 alloc r14=ar.pfs,0,0,5,0 1619 MOV_FROM_ISR(out1) 1620 MOV_FROM_IFA(out2) 1621 MOV_FROM_IIM(out3) 1622 MOV_FROM_ITIR(out4) 1623 ;; 1624 SSM_PSR_IC_AND_DEFAULT_BITS_AND_SRLZ_I(r3, out0) 1625 // guarantee that interruption collection is on 1626 mov out0=r15 1627 ;; 1628 SSM_PSR_I(p15, p15, r3) // restore psr.i 1629 adds r3=8,r2 // set up second base pointer for SAVE_REST 1630 ;; 1631 SAVE_REST 1632 movl r14=ia64_leave_kernel 1633 ;; 1634 mov rp=r14 1635 br.call.sptk.many b6=ia64_fault 1636END(dispatch_to_fault_handler) 1637 1638 /* 1639 * Squatting in this space ... 1640 * 1641 * This special case dispatcher for illegal operation faults allows preserved 1642 * registers to be modified through a callback function (asm only) that is handed 1643 * back from the fault handler in r8. Up to three arguments can be passed to the 1644 * callback function by returning an aggregate with the callback as its first 1645 * element, followed by the arguments. 1646 */ 1647ENTRY(dispatch_illegal_op_fault) 1648 .prologue 1649 .body 1650 SAVE_MIN_WITH_COVER 1651 SSM_PSR_IC_AND_DEFAULT_BITS_AND_SRLZ_I(r3, r24) 1652 // guarantee that interruption collection is on 1653 ;; 1654 SSM_PSR_I(p15, p15, r3) // restore psr.i 1655 adds r3=8,r2 // set up second base pointer for SAVE_REST 1656 ;; 1657 alloc r14=ar.pfs,0,0,1,0 // must be first in insn group 1658 mov out0=ar.ec 1659 ;; 1660 SAVE_REST 1661 PT_REGS_UNWIND_INFO(0) 1662 ;; 1663 br.call.sptk.many rp=ia64_illegal_op_fault 1664.ret0: ;; 1665 alloc r14=ar.pfs,0,0,3,0 // must be first in insn group 1666 mov out0=r9 1667 mov out1=r10 1668 mov out2=r11 1669 movl r15=ia64_leave_kernel 1670 ;; 1671 mov rp=r15 1672 mov b6=r8 1673 ;; 1674 cmp.ne p6,p0=0,r8 1675(p6) br.call.dpnt.many b6=b6 // call returns to ia64_leave_kernel 1676 br.sptk.many ia64_leave_kernel 1677END(dispatch_illegal_op_fault) 1678