[PATCH 1/3] MIPS: add missing MSACSR and upper MSA initialization

[PATCH 1/3] MIPS: add missing MSACSR and upper MSA initialization

[Huang Pei]

own_fp_inatomic() does not restore/initialize MSACSR and upper MSA regs, so
MSACSR and MSA upper regs's value from previous task on current cpu can leak
into current task and cause unpredictable behavior when MSA context not
initialized.

Signed-off-by: Huang Pei <huangpei@loongson.cn>
---
 arch/mips/kernel/traps.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
index 38aa07ccdbcc..99a8f1b7b522 100644
--- a/arch/mips/kernel/traps.c
+++ b/arch/mips/kernel/traps.c
@@ -1287,6 +1287,8 @@ static int enable_restore_fp_context(int msa)
 		err = own_fpu_inatomic(1);
 		if (msa && !err) {
 			enable_msa();
+			write_msa_csr(current->thread.fpu.msacsr);
+			init_msa_upper();
 			set_thread_flag(TIF_USEDMSA);
 			set_thread_flag(TIF_MSA_CTX_LIVE);
 		}
-- 
2.17.1

[PATCH 2/3] MIPS: make userspace mapping young by default

[Huang Pei]

This patch adds support for non-rixi, based on [1].

MIPS page fault path take 1 tlb miss + 2 tlb invalid exceptions, the
second tlb invalid excpetion is just caused by __update_tlb from
do_page_fault writing tlb without _PAGE_VALID set. With this patch, it
only take 1 tlb miss + 1 tlb invalid exceptions

[1]: https://lkml.kernel.org/lkml/1591416169-26666-1-git-send-email-maobibo@loongson.cn/

Signed-off-by: Huang Pei <huangpei@loongson.cn>
---
 arch/mips/include/asm/pgtable.h | 32 +++++++++++++++-----------------
 arch/mips/mm/cache.c            | 25 +++++++++++++------------
 mm/memory.c                     |  3 ---
 3 files changed, 28 insertions(+), 32 deletions(-)

diff --git a/arch/mips/include/asm/pgtable.h b/arch/mips/include/asm/pgtable.h
index dd7a0f552cac..aaafe3d6a0a1 100644
--- a/arch/mips/include/asm/pgtable.h
+++ b/arch/mips/include/asm/pgtable.h
@@ -25,22 +25,22 @@
 struct mm_struct;
 struct vm_area_struct;
 
-#define PAGE_NONE	__pgprot(_PAGE_PRESENT | _PAGE_NO_READ | \
-				 _page_cachable_default)
-#define PAGE_SHARED	__pgprot(_PAGE_PRESENT | _PAGE_WRITE | \
-				 _page_cachable_default)
-#define PAGE_COPY	__pgprot(_PAGE_PRESENT | _PAGE_NO_EXEC | \
-				 _page_cachable_default)
-#define PAGE_READONLY	__pgprot(_PAGE_PRESENT | \
-				 _page_cachable_default)
-#define PAGE_KERNEL	__pgprot(_PAGE_PRESENT | __READABLE | __WRITEABLE | \
-				 _PAGE_GLOBAL | _page_cachable_default)
-#define PAGE_KERNEL_NC	__pgprot(_PAGE_PRESENT | __READABLE | __WRITEABLE | \
-				 _PAGE_GLOBAL | _CACHE_CACHABLE_NONCOHERENT)
-#define PAGE_USERIO	__pgprot(_PAGE_PRESENT | _PAGE_WRITE | \
-				 _page_cachable_default)
+#define PAGE_NONE      __pgprot(_PAGE_PRESENT | _PAGE_NO_READ | \
+                                _page_cachable_default)
+#define PAGE_SHARED    __pgprot(_PAGE_PRESENT | _PAGE_WRITE | \
+                                __READABLE | _page_cachable_default)
+#define PAGE_COPY      __pgprot(_PAGE_PRESENT | _PAGE_NO_EXEC | \
+                                __READABLE | _page_cachable_default)
+#define PAGE_READONLY  __pgprot(_PAGE_PRESENT |  __READABLE | \
+                                _page_cachable_default)
+#define PAGE_KERNEL    __pgprot(_PAGE_PRESENT | __READABLE | __WRITEABLE | \
+                                _PAGE_GLOBAL | _page_cachable_default)
+#define PAGE_KERNEL_NC __pgprot(_PAGE_PRESENT | __READABLE | __WRITEABLE | \
+                                _PAGE_GLOBAL | _CACHE_CACHABLE_NONCOHERENT)
+#define PAGE_USERIO    __pgprot(_PAGE_PRESENT | _PAGE_WRITE | \
+                                _page_cachable_default)
 #define PAGE_KERNEL_UNCACHED __pgprot(_PAGE_PRESENT | __READABLE | \
-			__WRITEABLE | _PAGE_GLOBAL | _CACHE_UNCACHED)
+                       __WRITEABLE | _PAGE_GLOBAL | _CACHE_UNCACHED)
 
 /*
  * If _PAGE_NO_EXEC is not defined, we can't do page protection for
@@ -414,8 +414,6 @@ static inline pte_t pte_mkyoung(pte_t pte)
 	return pte;
 }
 
-#define pte_sw_mkyoung	pte_mkyoung
-
 #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
 static inline int pte_huge(pte_t pte)	{ return pte_val(pte) & _PAGE_HUGE; }
 
diff --git a/arch/mips/mm/cache.c b/arch/mips/mm/cache.c
index 3e81ba000096..ed75f2871aad 100644
--- a/arch/mips/mm/cache.c
+++ b/arch/mips/mm/cache.c
@@ -159,22 +159,23 @@ static inline void setup_protection_map(void)
 {
 	if (cpu_has_rixi) {
 		protection_map[0]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
-		protection_map[1]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC);
+		protection_map[1]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC | __READABLE);
 		protection_map[2]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
-		protection_map[3]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC);
-		protection_map[4]  = __pgprot(_page_cachable_default | _PAGE_PRESENT);
-		protection_map[5]  = __pgprot(_page_cachable_default | _PAGE_PRESENT);
-		protection_map[6]  = __pgprot(_page_cachable_default | _PAGE_PRESENT);
-		protection_map[7]  = __pgprot(_page_cachable_default | _PAGE_PRESENT);
+		protection_map[3]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC | __READABLE);
+		protection_map[4]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | __READABLE);
+		protection_map[5]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | __READABLE);
+		protection_map[6]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | __READABLE);
+		protection_map[7]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | __READABLE);
 
 		protection_map[8]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_NO_READ);
-		protection_map[9]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC);
+		protection_map[9]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC | __READABLE);
 		protection_map[10] = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE | _PAGE_NO_READ);
-		protection_map[11] = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE);
-		protection_map[12] = __pgprot(_page_cachable_default | _PAGE_PRESENT);
-		protection_map[13] = __pgprot(_page_cachable_default | _PAGE_PRESENT);
-		protection_map[14] = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_WRITE);
-		protection_map[15] = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_WRITE);
+		protection_map[11] = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC | _PAGE_WRITE | __READABLE);
+		protection_map[12]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | __READABLE);
+		protection_map[13]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | __READABLE);
+		protection_map[14]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC | __READABLE);
+		protection_map[15]  = __pgprot(_page_cachable_default | _PAGE_PRESENT | _PAGE_NO_EXEC | __READABLE);
+
 
 	} else {
 		protection_map[0] = PAGE_NONE;
diff --git a/mm/memory.c b/mm/memory.c
index 3a7779d9891d..834424ea8a24 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -2705,7 +2705,6 @@ static vm_fault_t wp_page_copy(struct vm_fault *vmf)
 		}
 		flush_cache_page(vma, vmf->address, pte_pfn(vmf->orig_pte));
 		entry = mk_pte(new_page, vma->vm_page_prot);
-		entry = pte_sw_mkyoung(entry);
 		entry = maybe_mkwrite(pte_mkdirty(entry), vma);
 		/*
 		 * Clear the pte entry and flush it first, before updating the
@@ -3386,7 +3385,6 @@ static vm_fault_t do_anonymous_page(struct vm_fault *vmf)
 	__SetPageUptodate(page);
 
 	entry = mk_pte(page, vma->vm_page_prot);
-	entry = pte_sw_mkyoung(entry);
 	if (vma->vm_flags & VM_WRITE)
 		entry = pte_mkwrite(pte_mkdirty(entry));
 
@@ -3661,7 +3659,6 @@ vm_fault_t alloc_set_pte(struct vm_fault *vmf, struct page *page)
 
 	flush_icache_page(vma, page);
 	entry = mk_pte(page, vma->vm_page_prot);
-	entry = pte_sw_mkyoung(entry);
 	if (write)
 		entry = maybe_mkwrite(pte_mkdirty(entry), vma);
 	/* copy-on-write page */
-- 
2.17.1

[PATCH 3/3] Revert "MIPS: Flush wrong invalid FTLB entry for huge page"

[Huang Pei]

This reverts commit 0115f6cbf26663c86496bc56eeea293f85b77897.

The fix in 0115f6cbf26663c86496bc56eeea293f85b77897 is two late, since
__update_tlb hit the same problem first. So let __update_tlb fix it

Signed-off-by: Huang Pei <huangpei@loongson.cn>
---
 arch/mips/mm/tlb-r4k.c | 15 ++++++++++++++-
 arch/mips/mm/tlbex.c   | 25 ++++---------------------
 2 files changed, 18 insertions(+), 22 deletions(-)

diff --git a/arch/mips/mm/tlb-r4k.c b/arch/mips/mm/tlb-r4k.c
index 38e2894d5fa3..cb8afa326b2c 100644
--- a/arch/mips/mm/tlb-r4k.c
+++ b/arch/mips/mm/tlb-r4k.c
@@ -328,6 +328,7 @@ void __update_tlb(struct vm_area_struct * vma, unsigned long address, pte_t pte)
 	/* this could be a huge page  */
 	if (pmd_huge(*pmdp)) {
 		unsigned long lo;
+		unsigned long entryhi;
 		write_c0_pagemask(PM_HUGE_MASK);
 		ptep = (pte_t *)pmdp;
 		lo = pte_to_entrylo(pte_val(*ptep));
@@ -335,7 +336,19 @@ void __update_tlb(struct vm_area_struct * vma, unsigned long address, pte_t pte)
 		write_c0_entrylo1(lo + (HPAGE_SIZE >> 7));
 
 		mtc0_tlbw_hazard();
-		if (idx < 0)
+		if (idx >= current_cpu_data.tlbsizevtlb) {
+		/* hit in FTLB.
+		 * Invalid it then tlbwr, since FTLB hold only base page*/
+			entryhi = read_c0_entryhi();
+			write_c0_entryhi(MIPS_ENTRYHI_EHINV);
+			tlb_write_indexed();
+			tlbw_use_hazard();
+			write_c0_entryhi(entryhi);
+
+		}
+
+
+		if (idx < 0 || idx >= current_cpu_data.tlbsizevtlb)
 			tlb_write_random();
 		else
 			tlb_write_indexed();
diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c
index 14f8ba93367f..9c4cd08c00d3 100644
--- a/arch/mips/mm/tlbex.c
+++ b/arch/mips/mm/tlbex.c
@@ -762,8 +762,7 @@ static void build_huge_update_entries(u32 **p, unsigned int pte,
 static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r,
 				    struct uasm_label **l,
 				    unsigned int pte,
-				    unsigned int ptr,
-				    unsigned int flush)
+				    unsigned int ptr)
 {
 #ifdef CONFIG_SMP
 	UASM_i_SC(p, pte, 0, ptr);
@@ -772,22 +771,6 @@ static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r,
 #else
 	UASM_i_SW(p, pte, 0, ptr);
 #endif
-	if (cpu_has_ftlb && flush) {
-		BUG_ON(!cpu_has_tlbinv);
-
-		UASM_i_MFC0(p, ptr, C0_ENTRYHI);
-		uasm_i_ori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
-		UASM_i_MTC0(p, ptr, C0_ENTRYHI);
-		build_tlb_write_entry(p, l, r, tlb_indexed);
-
-		uasm_i_xori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
-		UASM_i_MTC0(p, ptr, C0_ENTRYHI);
-		build_huge_update_entries(p, pte, ptr);
-		build_huge_tlb_write_entry(p, l, r, pte, tlb_random, 0);
-
-		return;
-	}
-
 	build_huge_update_entries(p, pte, ptr);
 	build_huge_tlb_write_entry(p, l, r, pte, tlb_indexed, 0);
 }
@@ -2278,7 +2261,7 @@ static void build_r4000_tlb_load_handler(void)
 		uasm_l_tlbl_goaround2(&l, p);
 	}
 	uasm_i_ori(&p, wr.r1, wr.r1, (_PAGE_ACCESSED | _PAGE_VALID));
-	build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
+	build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
 #endif
 
 	uasm_l_nopage_tlbl(&l, p);
@@ -2334,7 +2317,7 @@ static void build_r4000_tlb_store_handler(void)
 	build_tlb_probe_entry(&p);
 	uasm_i_ori(&p, wr.r1, wr.r1,
 		   _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
-	build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
+	build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
 #endif
 
 	uasm_l_nopage_tlbs(&l, p);
@@ -2391,7 +2374,7 @@ static void build_r4000_tlb_modify_handler(void)
 	build_tlb_probe_entry(&p);
 	uasm_i_ori(&p, wr.r1, wr.r1,
 		   _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
-	build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 0);
+	build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
 #endif
 
 	uasm_l_nopage_tlbm(&l, p);
-- 
2.17.1

Re: [PATCH 3/3] Revert "MIPS: Flush wrong invalid FTLB entry for huge page"

[Huacai Chen]

Hi,

On Fri, Aug 21, 2020 at 3:24 PM Huang Pei <huangpei@loongson.cn> wrote:
>
> This reverts commit 0115f6cbf26663c86496bc56eeea293f85b77897.
>
> The fix in 0115f6cbf26663c86496bc56eeea293f85b77897 is two late, since
Do you means "too late"?

> __update_tlb hit the same problem first. So let __update_tlb fix it
>
> Signed-off-by: Huang Pei <huangpei@loongson.cn>
> ---
>  arch/mips/mm/tlb-r4k.c | 15 ++++++++++++++-
>  arch/mips/mm/tlbex.c   | 25 ++++---------------------
>  2 files changed, 18 insertions(+), 22 deletions(-)
>
> diff --git a/arch/mips/mm/tlb-r4k.c b/arch/mips/mm/tlb-r4k.c
> index 38e2894d5fa3..cb8afa326b2c 100644
> --- a/arch/mips/mm/tlb-r4k.c
> +++ b/arch/mips/mm/tlb-r4k.c
> @@ -328,6 +328,7 @@ void __update_tlb(struct vm_area_struct * vma, unsigned long address, pte_t pte)
>         /* this could be a huge page  */
>         if (pmd_huge(*pmdp)) {
>                 unsigned long lo;
> +               unsigned long entryhi;
>                 write_c0_pagemask(PM_HUGE_MASK);
>                 ptep = (pte_t *)pmdp;
>                 lo = pte_to_entrylo(pte_val(*ptep));
> @@ -335,7 +336,19 @@ void __update_tlb(struct vm_area_struct * vma, unsigned long address, pte_t pte)
>                 write_c0_entrylo1(lo + (HPAGE_SIZE >> 7));
>
>                 mtc0_tlbw_hazard();
> -               if (idx < 0)
> +               if (idx >= current_cpu_data.tlbsizevtlb) {
> +               /* hit in FTLB.
> +                * Invalid it then tlbwr, since FTLB hold only base page*/
> +                       entryhi = read_c0_entryhi();
> +                       write_c0_entryhi(MIPS_ENTRYHI_EHINV);
> +                       tlb_write_indexed();
> +                       tlbw_use_hazard();
> +                       write_c0_entryhi(entryhi);
> +
> +               }
> +
> +
> +               if (idx < 0 || idx >= current_cpu_data.tlbsizevtlb)
>                         tlb_write_random();
>                 else
>                         tlb_write_indexed();
> diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c
> index 14f8ba93367f..9c4cd08c00d3 100644
> --- a/arch/mips/mm/tlbex.c
> +++ b/arch/mips/mm/tlbex.c
> @@ -762,8 +762,7 @@ static void build_huge_update_entries(u32 **p, unsigned int pte,
>  static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r,
>                                     struct uasm_label **l,
>                                     unsigned int pte,
> -                                   unsigned int ptr,
> -                                   unsigned int flush)
> +                                   unsigned int ptr)
>  {
>  #ifdef CONFIG_SMP
>         UASM_i_SC(p, pte, 0, ptr);
> @@ -772,22 +771,6 @@ static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r,
>  #else
>         UASM_i_SW(p, pte, 0, ptr);
>  #endif
> -       if (cpu_has_ftlb && flush) {
> -               BUG_ON(!cpu_has_tlbinv);
> -
> -               UASM_i_MFC0(p, ptr, C0_ENTRYHI);
> -               uasm_i_ori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
> -               UASM_i_MTC0(p, ptr, C0_ENTRYHI);
> -               build_tlb_write_entry(p, l, r, tlb_indexed);
> -
> -               uasm_i_xori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
> -               UASM_i_MTC0(p, ptr, C0_ENTRYHI);
> -               build_huge_update_entries(p, pte, ptr);
> -               build_huge_tlb_write_entry(p, l, r, pte, tlb_random, 0);
> -
> -               return;
> -       }
> -
>         build_huge_update_entries(p, pte, ptr);
>         build_huge_tlb_write_entry(p, l, r, pte, tlb_indexed, 0);
>  }
> @@ -2278,7 +2261,7 @@ static void build_r4000_tlb_load_handler(void)
>                 uasm_l_tlbl_goaround2(&l, p);
>         }
>         uasm_i_ori(&p, wr.r1, wr.r1, (_PAGE_ACCESSED | _PAGE_VALID));
> -       build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
> +       build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
>  #endif
>
>         uasm_l_nopage_tlbl(&l, p);
> @@ -2334,7 +2317,7 @@ static void build_r4000_tlb_store_handler(void)
>         build_tlb_probe_entry(&p);
>         uasm_i_ori(&p, wr.r1, wr.r1,
>                    _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
> -       build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
> +       build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
>  #endif
>
>         uasm_l_nopage_tlbs(&l, p);
> @@ -2391,7 +2374,7 @@ static void build_r4000_tlb_modify_handler(void)
>         build_tlb_probe_entry(&p);
>         uasm_i_ori(&p, wr.r1, wr.r1,
>                    _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
> -       build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 0);
> +       build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
>  #endif
>
>         uasm_l_nopage_tlbm(&l, p);
> --
> 2.17.1
>

答复： [PATCH 3/3] Revert "MIPS: Flush wrong invalid FTLB entry for huge page"

[黄沛]

‎
  原始消息  
发件人： Huacai Chen
已发送： 2020年8月21日星期五 18:37
收件人： Huang Pei
抄送： Thomas Bogendoerfer; Paul Ambrose; Li Xuefeng; Yang Tiezhu; Gao Juxin; Fuxin Zhang; open list:MIPS
主题： Re: [PATCH 3/3] Revert "MIPS: Flush wrong invalid FTLB entry for huge page"

Got it, it is "too late", anything else?
 
I will re-send it next week


On Fri, Aug 21, 2020 at 3:24 PM Huang Pei <huangpei@loongson.cn> wrote:
>
> This reverts commit 0115f6cbf26663c86496bc56eeea293f85b77897.
>
> The fix in 0115f6cbf26663c86496bc56eeea293f85b77897 is two late, since
Do you means "too late"?

> __update_tlb hit the same problem first. So let __update_tlb fix it
>
> Signed-off-by: Huang Pei <huangpei@loongson.cn>
> ---
> arch/mips/mm/tlb-r4k.c | 15 ++++++++++++++-
> arch/mips/mm/tlbex.c | 25 ++++---------------------
> 2 files changed, 18 insertions(+), 22 deletions(-)
>
> diff --git a/arch/mips/mm/tlb-r4k.c b/arch/mips/mm/tlb-r4k.c
> index 38e2894d5fa3..cb8afa326b2c 100644
> --- a/arch/mips/mm/tlb-r4k.c
> +++ b/arch/mips/mm/tlb-r4k.c
> @@ -328,6 +328,7 @@ void __update_tlb(struct vm_area_struct * vma, unsigned long address, pte_t pte)
> /* this could be a huge page */
> if (pmd_huge(*pmdp)) {
> unsigned long lo;
> + unsigned long entryhi;
> write_c0_pagemask(PM_HUGE_MASK);
> ptep = (pte_t *)pmdp;
> lo = pte_to_entrylo(pte_val(*ptep));
> @@ -335,7 +336,19 @@ void __update_tlb(struct vm_area_struct * vma, unsigned long address, pte_t pte)
> write_c0_entrylo1(lo + (HPAGE_SIZE >> 7));
>
> mtc0_tlbw_hazard();
> - if (idx < 0)
> + if (idx >= current_cpu_data.tlbsizevtlb) {
> + /* hit in FTLB.
> + * Invalid it then tlbwr, since FTLB hold only base page*/
> + entryhi = read_c0_entryhi();
> + write_c0_entryhi(MIPS_ENTRYHI_EHINV);
> + tlb_write_indexed();
> + tlbw_use_hazard();
> + write_c0_entryhi(entryhi);
> +
> + }
> +
> +
> + if (idx < 0 || idx >= current_cpu_data.tlbsizevtlb)
> tlb_write_random();
> else
> tlb_write_indexed();
> diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c
> index 14f8ba93367f..9c4cd08c00d3 100644
> --- a/arch/mips/mm/tlbex.c
> +++ b/arch/mips/mm/tlbex.c
> @@ -762,8 +762,7 @@ static void build_huge_update_entries(u32 **p, unsigned int pte,
> static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r,
> struct uasm_label **l,
> unsigned int pte,
> - unsigned int ptr,
> - unsigned int flush)
> + unsigned int ptr)
> {
> #ifdef CONFIG_SMP
> UASM_i_SC(p, pte, 0, ptr);
> @@ -772,22 +771,6 @@ static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r,
> #else
> UASM_i_SW(p, pte, 0, ptr);
> #endif
> - if (cpu_has_ftlb && flush) {
> - BUG_ON(!cpu_has_tlbinv);
> -
> - UASM_i_MFC0(p, ptr, C0_ENTRYHI);
> - uasm_i_ori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
> - UASM_i_MTC0(p, ptr, C0_ENTRYHI);
> - build_tlb_write_entry(p, l, r, tlb_indexed);
> -
> - uasm_i_xori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
> - UASM_i_MTC0(p, ptr, C0_ENTRYHI);
> - build_huge_update_entries(p, pte, ptr);
> - build_huge_tlb_write_entry(p, l, r, pte, tlb_random, 0);
> -
> - return;
> - }
> -
> build_huge_update_entries(p, pte, ptr);
> build_huge_tlb_write_entry(p, l, r, pte, tlb_indexed, 0);
> }
> @@ -2278,7 +2261,7 @@ static void build_r4000_tlb_load_handler(void)
> uasm_l_tlbl_goaround2(&l, p);
> }
> uasm_i_ori(&p, wr.r1, wr.r1, (_PAGE_ACCESSED | _PAGE_VALID));
> - build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
> + build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
> #endif
>
> uasm_l_nopage_tlbl(&l, p);
> @@ -2334,7 +2317,7 @@ static void build_r4000_tlb_store_handler(void)
> build_tlb_probe_entry(&p);
> uasm_i_ori(&p, wr.r1, wr.r1,
> _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
> - build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
> + build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
> #endif
>
> uasm_l_nopage_tlbs(&l, p);
> @@ -2391,7 +2374,7 @@ static void build_r4000_tlb_modify_handler(void)
> build_tlb_probe_entry(&p);
> uasm_i_ori(&p, wr.r1, wr.r1,
> _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
> - build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 0);
> + build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
> #endif
>
> uasm_l_nopage_tlbm(&l, p);
> --
> 2.17.1
>

Re: [PATCH 3/3] Revert "MIPS: Flush wrong invalid FTLB entry for huge page"

[Huacai Chen]

Hi, Pei,

On Sat, Aug 22, 2020 at 12:27 PM 黄沛 <huangpei@loongson.cn> wrote:
>
>
> ‎
>   原始消息
> 发件人： Huacai Chen
> 已发送： 2020年8月21日星期五 18:37
> 收件人： Huang Pei
> 抄送： Thomas Bogendoerfer; Paul Ambrose; Li Xuefeng; Yang Tiezhu; Gao Juxin; Fuxin Zhang; open list:MIPS
> 主题： Re: [PATCH 3/3] Revert "MIPS: Flush wrong invalid FTLB entry for huge page"
>
> Got it, it is "too late", anything else?
>
> I will re-send it next week
How to fix it in __update_tlb? the previous patch?

Huacai
>
>
> On Fri, Aug 21, 2020 at 3:24 PM Huang Pei <huangpei@loongson.cn> wrote:
> >
> > This reverts commit 0115f6cbf26663c86496bc56eeea293f85b77897.
> >
> > The fix in 0115f6cbf26663c86496bc56eeea293f85b77897 is two late, since
> Do you means "too late"?
>
> > __update_tlb hit the same problem first. So let __update_tlb fix it
> >
> > Signed-off-by: Huang Pei <huangpei@loongson.cn>
> > ---
> > arch/mips/mm/tlb-r4k.c | 15 ++++++++++++++-
> > arch/mips/mm/tlbex.c | 25 ++++---------------------
> > 2 files changed, 18 insertions(+), 22 deletions(-)
> >
> > diff --git a/arch/mips/mm/tlb-r4k.c b/arch/mips/mm/tlb-r4k.c
> > index 38e2894d5fa3..cb8afa326b2c 100644
> > --- a/arch/mips/mm/tlb-r4k.c
> > +++ b/arch/mips/mm/tlb-r4k.c
> > @@ -328,6 +328,7 @@ void __update_tlb(struct vm_area_struct * vma, unsigned long address, pte_t pte)
> > /* this could be a huge page */
> > if (pmd_huge(*pmdp)) {
> > unsigned long lo;
> > + unsigned long entryhi;
> > write_c0_pagemask(PM_HUGE_MASK);
> > ptep = (pte_t *)pmdp;
> > lo = pte_to_entrylo(pte_val(*ptep));
> > @@ -335,7 +336,19 @@ void __update_tlb(struct vm_area_struct * vma, unsigned long address, pte_t pte)
> > write_c0_entrylo1(lo + (HPAGE_SIZE >> 7));
> >
> > mtc0_tlbw_hazard();
> > - if (idx < 0)
> > + if (idx >= current_cpu_data.tlbsizevtlb) {
> > + /* hit in FTLB.
> > + * Invalid it then tlbwr, since FTLB hold only base page*/
> > + entryhi = read_c0_entryhi();
> > + write_c0_entryhi(MIPS_ENTRYHI_EHINV);
> > + tlb_write_indexed();
> > + tlbw_use_hazard();
> > + write_c0_entryhi(entryhi);
> > +
> > + }
> > +
> > +
> > + if (idx < 0 || idx >= current_cpu_data.tlbsizevtlb)
> > tlb_write_random();
> > else
> > tlb_write_indexed();
> > diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c
> > index 14f8ba93367f..9c4cd08c00d3 100644
> > --- a/arch/mips/mm/tlbex.c
> > +++ b/arch/mips/mm/tlbex.c
> > @@ -762,8 +762,7 @@ static void build_huge_update_entries(u32 **p, unsigned int pte,
> > static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r,
> > struct uasm_label **l,
> > unsigned int pte,
> > - unsigned int ptr,
> > - unsigned int flush)
> > + unsigned int ptr)
> > {
> > #ifdef CONFIG_SMP
> > UASM_i_SC(p, pte, 0, ptr);
> > @@ -772,22 +771,6 @@ static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r,
> > #else
> > UASM_i_SW(p, pte, 0, ptr);
> > #endif
> > - if (cpu_has_ftlb && flush) {
> > - BUG_ON(!cpu_has_tlbinv);
> > -
> > - UASM_i_MFC0(p, ptr, C0_ENTRYHI);
> > - uasm_i_ori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
> > - UASM_i_MTC0(p, ptr, C0_ENTRYHI);
> > - build_tlb_write_entry(p, l, r, tlb_indexed);
> > -
> > - uasm_i_xori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
> > - UASM_i_MTC0(p, ptr, C0_ENTRYHI);
> > - build_huge_update_entries(p, pte, ptr);
> > - build_huge_tlb_write_entry(p, l, r, pte, tlb_random, 0);
> > -
> > - return;
> > - }
> > -
> > build_huge_update_entries(p, pte, ptr);
> > build_huge_tlb_write_entry(p, l, r, pte, tlb_indexed, 0);
> > }
> > @@ -2278,7 +2261,7 @@ static void build_r4000_tlb_load_handler(void)
> > uasm_l_tlbl_goaround2(&l, p);
> > }
> > uasm_i_ori(&p, wr.r1, wr.r1, (_PAGE_ACCESSED | _PAGE_VALID));
> > - build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
> > + build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
> > #endif
> >
> > uasm_l_nopage_tlbl(&l, p);
> > @@ -2334,7 +2317,7 @@ static void build_r4000_tlb_store_handler(void)
> > build_tlb_probe_entry(&p);
> > uasm_i_ori(&p, wr.r1, wr.r1,
> > _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
> > - build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
> > + build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
> > #endif
> >
> > uasm_l_nopage_tlbs(&l, p);
> > @@ -2391,7 +2374,7 @@ static void build_r4000_tlb_modify_handler(void)
> > build_tlb_probe_entry(&p);
> > uasm_i_ori(&p, wr.r1, wr.r1,
> > _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
> > - build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 0);
> > + build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
> > #endif
> >
> > uasm_l_nopage_tlbm(&l, p);
> > --
> > 2.17.1
> >

Re: [PATCH 1/3] MIPS: add missing MSACSR and upper MSA initialization

[Huacai Chen]

Hi, Pei,

On Fri, Aug 21, 2020 at 3:26 PM Huang Pei <huangpei@loongson.cn> wrote:
>
> own_fp_inatomic() does not restore/initialize MSACSR and upper MSA regs, so
> MSACSR and MSA upper regs's value from previous task on current cpu can leak
> into current task and cause unpredictable behavior when MSA context not
> initialized.
>
> Signed-off-by: Huang Pei <huangpei@loongson.cn>
> ---
>  arch/mips/kernel/traps.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
> index 38aa07ccdbcc..99a8f1b7b522 100644
> --- a/arch/mips/kernel/traps.c
> +++ b/arch/mips/kernel/traps.c
> @@ -1287,6 +1287,8 @@ static int enable_restore_fp_context(int msa)
>                 err = own_fpu_inatomic(1);
>                 if (msa && !err) {
>                         enable_msa();
> +                       write_msa_csr(current->thread.fpu.msacsr);
> +                       init_msa_upper();
I think write_msa_csr(current->thread.fpu.msacsr) is needed here, but
I don't know whether init_msa_upper() is also needed. Maybe you should
investegate cc97ab235f3fe32401ca198cebe6f42642e9 ("MIPS: Simplify FP
context initialization") which removes init_msa_upper().

Huacai
>                         set_thread_flag(TIF_USEDMSA);
>                         set_thread_flag(TIF_MSA_CTX_LIVE);
>                 }
> --
> 2.17.1
>

Re: [PATCH 3/3] Revert "MIPS: Flush wrong invalid FTLB entry for huge page"

[Huang Pei]

On Mon, Aug 24, 2020 at 03:13:20PM +0800, Huacai Chen wrote:

the fix in __update_tlb is same as [1], which is to check if the CP0
index returned by tlbp is in FTLB range, if so, then invalidate this
entry and rewrite it with Huge Page by tlbwr again, otherwise tlbwr 
when not hit or tlbwi when hit in VTLB range.

The previous patch, aka patch 2, just reveal the problem *explicitly*. Just 
with Patch 3 but without Patch 2, the __update_tlb would write a Huge Page
mapping into VTLB without _PAGE_VALID set successfully, which still need [1]
to cover it in the second TLb Invalid exception, and make Patch 3 looks
like DOES NOT WORK

Anyway，Patch 3 can not fix it perfectly, without Patch 2

> Hi, Pei,
> 
> On Sat, Aug 22, 2020 at 12:27 PM 黄沛 <huangpei@loongson.cn> wrote:
> >
> >
> > ‎
> >   原始消息
> > 发件人： Huacai Chen
> > 已发送： 2020年8月21日星期五 18:37
> > 收件人： Huang Pei
> > 抄送： Thomas Bogendoerfer; Paul Ambrose; Li Xuefeng; Yang Tiezhu; Gao Juxin; Fuxin Zhang; open list:MIPS
> > 主题： Re: [PATCH 3/3] Revert "MIPS: Flush wrong invalid FTLB entry for huge page"
> >
> > Got it, it is "too late", anything else?
> >
> > I will re-send it next week
> How to fix it in __update_tlb? the previous patch?
> 
> Huacai
> >
> >
> > On Fri, Aug 21, 2020 at 3:24 PM Huang Pei <huangpei@loongson.cn> wrote:
> > >
> > > This reverts commit 0115f6cbf26663c86496bc56eeea293f85b77897.
> > >
> > > The fix in 0115f6cbf26663c86496bc56eeea293f85b77897 is two late, since
> > Do you means "too late"?
> >
> > > __update_tlb hit the same problem first. So let __update_tlb fix it
> > >
> > > Signed-off-by: Huang Pei <huangpei@loongson.cn>
> > > ---
> > > arch/mips/mm/tlb-r4k.c | 15 ++++++++++++++-
> > > arch/mips/mm/tlbex.c | 25 ++++---------------------
> > > 2 files changed, 18 insertions(+), 22 deletions(-)
> > >
> > > diff --git a/arch/mips/mm/tlb-r4k.c b/arch/mips/mm/tlb-r4k.c
> > > index 38e2894d5fa3..cb8afa326b2c 100644
> > > --- a/arch/mips/mm/tlb-r4k.c
> > > +++ b/arch/mips/mm/tlb-r4k.c
> > > @@ -328,6 +328,7 @@ void __update_tlb(struct vm_area_struct * vma, unsigned long address, pte_t pte)
> > > /* this could be a huge page */
> > > if (pmd_huge(*pmdp)) {
> > > unsigned long lo;
> > > + unsigned long entryhi;
> > > write_c0_pagemask(PM_HUGE_MASK);
> > > ptep = (pte_t *)pmdp;
> > > lo = pte_to_entrylo(pte_val(*ptep));
> > > @@ -335,7 +336,19 @@ void __update_tlb(struct vm_area_struct * vma, unsigned long address, pte_t pte)
> > > write_c0_entrylo1(lo + (HPAGE_SIZE >> 7));
> > >
> > > mtc0_tlbw_hazard();
> > > - if (idx < 0)
> > > + if (idx >= current_cpu_data.tlbsizevtlb) {
> > > + /* hit in FTLB.
> > > + * Invalid it then tlbwr, since FTLB hold only base page*/
> > > + entryhi = read_c0_entryhi();
> > > + write_c0_entryhi(MIPS_ENTRYHI_EHINV);
> > > + tlb_write_indexed();
> > > + tlbw_use_hazard();
> > > + write_c0_entryhi(entryhi);
> > > +
> > > + }
> > > +
> > > +
> > > + if (idx < 0 || idx >= current_cpu_data.tlbsizevtlb)
> > > tlb_write_random();
> > > else
> > > tlb_write_indexed();
> > > diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c
> > > index 14f8ba93367f..9c4cd08c00d3 100644
> > > --- a/arch/mips/mm/tlbex.c
> > > +++ b/arch/mips/mm/tlbex.c
> > > @@ -762,8 +762,7 @@ static void build_huge_update_entries(u32 **p, unsigned int pte,
> > > static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r,
> > > struct uasm_label **l,
> > > unsigned int pte,
> > > - unsigned int ptr,
> > > - unsigned int flush)
> > > + unsigned int ptr)
> > > {
> > > #ifdef CONFIG_SMP
> > > UASM_i_SC(p, pte, 0, ptr);
> > > @@ -772,22 +771,6 @@ static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r,
> > > #else
> > > UASM_i_SW(p, pte, 0, ptr);
> > > #endif
> > > - if (cpu_has_ftlb && flush) {
> > > - BUG_ON(!cpu_has_tlbinv);
> > > -
> > > - UASM_i_MFC0(p, ptr, C0_ENTRYHI);
> > > - uasm_i_ori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
> > > - UASM_i_MTC0(p, ptr, C0_ENTRYHI);
> > > - build_tlb_write_entry(p, l, r, tlb_indexed);
> > > -
> > > - uasm_i_xori(p, ptr, ptr, MIPS_ENTRYHI_EHINV);
> > > - UASM_i_MTC0(p, ptr, C0_ENTRYHI);
> > > - build_huge_update_entries(p, pte, ptr);
> > > - build_huge_tlb_write_entry(p, l, r, pte, tlb_random, 0);
> > > -
> > > - return;
> > > - }
> > > -
> > > build_huge_update_entries(p, pte, ptr);
> > > build_huge_tlb_write_entry(p, l, r, pte, tlb_indexed, 0);
> > > }
> > > @@ -2278,7 +2261,7 @@ static void build_r4000_tlb_load_handler(void)
> > > uasm_l_tlbl_goaround2(&l, p);
> > > }
> > > uasm_i_ori(&p, wr.r1, wr.r1, (_PAGE_ACCESSED | _PAGE_VALID));
> > > - build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
> > > + build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
> > > #endif
> > >
> > > uasm_l_nopage_tlbl(&l, p);
> > > @@ -2334,7 +2317,7 @@ static void build_r4000_tlb_store_handler(void)
> > > build_tlb_probe_entry(&p);
> > > uasm_i_ori(&p, wr.r1, wr.r1,
> > > _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
> > > - build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1);
> > > + build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
> > > #endif
> > >
> > > uasm_l_nopage_tlbs(&l, p);
> > > @@ -2391,7 +2374,7 @@ static void build_r4000_tlb_modify_handler(void)
> > > build_tlb_probe_entry(&p);
> > > uasm_i_ori(&p, wr.r1, wr.r1,
> > > _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY);
> > > - build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 0);
> > > + build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2);
> > > #endif
> > >
> > > uasm_l_nopage_tlbm(&l, p);
> > > --
> > > 2.17.1
> > >

Re: [PATCH 1/3] MIPS: add missing MSACSR and upper MSA initialization

[Huacai Chen]

Hi, Paul Burton,

On Mon, Aug 24, 2020 at 3:19 PM Huacai Chen <chenhc@lemote.com> wrote:
>
> Hi, Pei,
>
> On Fri, Aug 21, 2020 at 3:26 PM Huang Pei <huangpei@loongson.cn> wrote:
> >
> > own_fp_inatomic() does not restore/initialize MSACSR and upper MSA regs, so
> > MSACSR and MSA upper regs's value from previous task on current cpu can leak
> > into current task and cause unpredictable behavior when MSA context not
> > initialized.
> >
> > Signed-off-by: Huang Pei <huangpei@loongson.cn>
> > ---
> >  arch/mips/kernel/traps.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
> > index 38aa07ccdbcc..99a8f1b7b522 100644
> > --- a/arch/mips/kernel/traps.c
> > +++ b/arch/mips/kernel/traps.c
> > @@ -1287,6 +1287,8 @@ static int enable_restore_fp_context(int msa)
> >                 err = own_fpu_inatomic(1);
> >                 if (msa && !err) {
> >                         enable_msa();
> > +                       write_msa_csr(current->thread.fpu.msacsr);
> > +                       init_msa_upper();
> I think write_msa_csr(current->thread.fpu.msacsr) is needed here, but
> I don't know whether init_msa_upper() is also needed. Maybe you should
> investegate cc97ab235f3fe32401ca198cebe6f42642e9 ("MIPS: Simplify FP
> context initialization") which removes init_msa_upper().
I think I need you to explain why removing init_msa_upper() here.

Huacai

>
> Huacai
> >                         set_thread_flag(TIF_USEDMSA);
> >                         set_thread_flag(TIF_MSA_CTX_LIVE);
> >                 }
> > --
> > 2.17.1
> >