2015-03-26 17:24:57 +01:00

307 lines
14 KiB
Plaintext

=================================
FR451 MMU LINUX MEMORY MANAGEMENT
=================================
============
MMU HARDWARE
============
FR451 MMU Linux puts the MMU into EDAT mode whilst running. This means that it uses both the SAT
registers and the DAT TLB to perform address translation.
There are 8 IAMLR/IAMPR register pairs and 16 DAMLR/DAMPR register pairs for SAT mode.
In DAT mode, there is also a TLB organised in cache format as 64 lines x 2 ways. Each line spans a
16KB range of addresses, but can match a larger region.
===========================
MEMORY MANAGEMENT REGISTERS
===========================
Certain control registers are used by the kernel memory management routines:
REGISTERS USAGE
====================== ==================================================
IAMR0, DAMR0 Kernel image and data mappings
IAMR1, DAMR1 First-chance TLB lookup mapping
DAMR2 Page attachment for cache flush by page
DAMR3 Current PGD mapping
SCR0, DAMR4 Instruction TLB PGE/PTD cache
SCR1, DAMR5 Data TLB PGE/PTD cache
DAMR6-10 kmap_atomic() mappings
DAMR11 I/O mapping
CXNR mm_struct context ID
TTBR Page directory (PGD) pointer (physical address)
=====================
GENERAL MEMORY LAYOUT
=====================
The physical memory layout is as follows:
PHYSICAL ADDRESS CONTROLLER DEVICE
=================== ============== =======================================
00000000 - BFFFFFFF SDRAM SDRAM area
E0000000 - EFFFFFFF L-BUS CS2# VDK SLBUS/PCI window
F0000000 - F0FFFFFF L-BUS CS5# MB93493 CSC area (DAV daughter board)
F1000000 - F1FFFFFF L-BUS CS7# (CB70 CPU-card PCMCIA port I/O space)
FC000000 - FC0FFFFF L-BUS CS1# VDK MB86943 config space
FC100000 - FC1FFFFF L-BUS CS6# DM9000 NIC I/O space
FC200000 - FC2FFFFF L-BUS CS3# MB93493 CSR area (DAV daughter board)
FD000000 - FDFFFFFF L-BUS CS4# (CB70 CPU-card extra flash space)
FE000000 - FEFFFFFF Internal CPU peripherals
FF000000 - FF1FFFFF L-BUS CS0# Flash 1
FF200000 - FF3FFFFF L-BUS CS0# Flash 2
FFC00000 - FFC0001F L-BUS CS0# FPGA
The virtual memory layout is:
VIRTUAL ADDRESS PHYSICAL TRANSLATOR FLAGS SIZE OCCUPATION
================= ======== ============== ======= ======= ===================================
00004000-BFFFFFFF various TLB,xAMR1 D-N-??V 3GB Userspace
C0000000-CFFFFFFF 00000000 xAMPR0 -L-S--V 256MB Kernel image and data
D0000000-D7FFFFFF various TLB,xAMR1 D-NS??V 128MB vmalloc area
D8000000-DBFFFFFF various TLB,xAMR1 D-NS??V 64MB kmap() area
DC000000-DCFFFFFF various TLB 1MB Secondary kmap_atomic() frame
DD000000-DD27FFFF various DAMR 160KB Primary kmap_atomic() frame
DD040000 DAMR2/IAMR2 -L-S--V page Page cache flush attachment point
DD080000 DAMR3 -L-SC-V page Page Directory (PGD)
DD0C0000 DAMR4 -L-SC-V page Cached insn TLB Page Table lookup
DD100000 DAMR5 -L-SC-V page Cached data TLB Page Table lookup
DD140000 DAMR6 -L-S--V page kmap_atomic(KM_BOUNCE_READ)
DD180000 DAMR7 -L-S--V page kmap_atomic(KM_SKB_SUNRPC_DATA)
DD1C0000 DAMR8 -L-S--V page kmap_atomic(KM_SKB_DATA_SOFTIRQ)
DD200000 DAMR9 -L-S--V page kmap_atomic(KM_USER0)
DD240000 DAMR10 -L-S--V page kmap_atomic(KM_USER1)
E0000000-FFFFFFFF E0000000 DAMR11 -L-SC-V 512MB I/O region
IAMPR1 and DAMPR1 are used as an extension to the TLB.
====================
KMAP AND KMAP_ATOMIC
====================
To access pages in the page cache (which may not be directly accessible if highmem is available),
the kernel calls kmap(), does the access and then calls kunmap(); or it calls kmap_atomic(), does
the access and then calls kunmap_atomic().
kmap() creates an attachment between an arbitrary inaccessible page and a range of virtual
addresses by installing a PTE in a special page table. The kernel can then access this page as it
wills. When it's finished, the kernel calls kunmap() to clear the PTE.
kmap_atomic() does something slightly different. In the interests of speed, it chooses one of two
strategies:
(1) If possible, kmap_atomic() attaches the requested page to one of DAMPR5 through DAMPR10
register pairs; and the matching kunmap_atomic() clears the DAMPR. This makes high memory
support really fast as there's no need to flush the TLB or modify the page tables. The DAMLR
registers being used for this are preset during boot and don't change over the lifetime of the
process. There's a direct mapping between the first few kmap_atomic() types, DAMR number and
virtual address slot.
However, there are more kmap_atomic() types defined than there are DAMR registers available,
so we fall back to:
(2) kmap_atomic() uses a slot in the secondary frame (determined by the type parameter), and then
locks an entry in the TLB to translate that slot to the specified page. The number of slots is
obviously limited, and their positions are controlled such that each slot is matched by a
different line in the TLB. kunmap() ejects the entry from the TLB.
Note that the first three kmap atomic types are really just declared as placeholders. The DAMPR
registers involved are actually modified directly.
Also note that kmap() itself may sleep, kmap_atomic() may never sleep and both always succeed;
furthermore, a driver using kmap() may sleep before calling kunmap(), but may not sleep before
calling kunmap_atomic() if it had previously called kmap_atomic().
===============================
USING MORE THAN 256MB OF MEMORY
===============================
The kernel cannot access more than 256MB of memory directly. The physical layout, however, permits
up to 3GB of SDRAM (possibly 3.25GB) to be made available. By using CONFIG_HIGHMEM, the kernel can
allow userspace (by way of page tables) and itself (by way of kmap) to deal with the memory
allocation.
External devices can, of course, still DMA to and from all of the SDRAM, even if the kernel can't
see it directly. The kernel translates page references into real addresses for communicating to the
devices.
===================
PAGE TABLE TOPOLOGY
===================
The page tables are arranged in 2-layer format. There is a middle layer (PMD) that would be used in
3-layer format tables but that is folded into the top layer (PGD) and so consumes no extra memory
or processing power.
+------+ PGD PMD
| TTBR |--->+-------------------+
+------+ | | : STE |
| PGE0 | PME0 : STE |
| | : STE |
+-------------------+ Page Table
| | : STE -------------->+--------+ +0x0000
| PGE1 | PME0 : STE -----------+ | PTE0 |
| | : STE -------+ | +--------+
+-------------------+ | | | PTE63 |
| | : STE | | +-->+--------+ +0x0100
| PGE2 | PME0 : STE | | | PTE64 |
| | : STE | | +--------+
+-------------------+ | | PTE127 |
| | : STE | +------>+--------+ +0x0200
| PGE3 | PME0 : STE | | PTE128 |
| | : STE | +--------+
+-------------------+ | PTE191 |
+--------+ +0x0300
Each Page Directory (PGD) is 16KB (page size) in size and is divided into 64 entries (PGEs). Each
PGE contains one Page Mid Directory (PMD).
Each PMD is 256 bytes in size and contains a single entry (PME). Each PME holds 64 FR451 MMU
segment table entries of 4 bytes apiece. Each PME "points to" a page table. In practice, each STE
points to a subset of the page table, the first to PT+0x0000, the second to PT+0x0100, the third to
PT+0x200, and so on.
Each PGE and PME covers 64MB of the total virtual address space.
Each Page Table (PTD) is 16KB (page size) in size, and is divided into 4096 entries (PTEs). Each
entry can point to one 16KB page. In practice, each Linux page table is subdivided into 64 FR451
MMU page tables. But they are all grouped together to make management easier, in particular rmap
support is then trivial.
Grouping page tables in this fashion makes PGE caching in SCR0/SCR1 more efficient because the
coverage of the cached item is greater.
Page tables for the vmalloc area are allocated at boot time and shared between all mm_structs.
=================
USER SPACE LAYOUT
=================
For MMU capable Linux, the regions userspace code are allowed to access are kept entirely separate
from those dedicated to the kernel:
VIRTUAL ADDRESS SIZE PURPOSE
================= ===== ===================================
00000000-00003fff 4KB NULL pointer access trap
00004000-01ffffff ~32MB lower mmap space (grows up)
02000000-021fffff 2MB Stack space (grows down from top)
02200000-nnnnnnnn Executable mapping
nnnnnnnn- brk space (grows up)
-bfffffff upper mmap space (grows down)
This is so arranged so as to make best use of the 16KB page tables and the way in which PGEs/PMEs
are cached by the TLB handler. The lower mmap space is filled first, and then the upper mmap space
is filled.
===============================
GDB-STUB MMU DEBUGGING SERVICES
===============================
The gdb-stub included in this kernel provides a number of services to aid in the debugging of MMU
related kernel services:
(*) Every time the kernel stops, certain state information is dumped into __debug_mmu. This
variable is defined in arch/frv/kernel/gdb-stub.c. Note that the gdbinit file in this
directory has some useful macros for dealing with this.
(*) __debug_mmu.tlb[]
This receives the current TLB contents. This can be viewed with the _tlb GDB macro:
(gdb) _tlb
tlb[0x00]: 01000005 00718203 01000002 00718203
tlb[0x01]: 01004002 006d4201 01004005 006d4203
tlb[0x02]: 01008002 006d0201 01008006 00004200
tlb[0x03]: 0100c006 007f4202 0100c002 0064c202
tlb[0x04]: 01110005 00774201 01110002 00774201
tlb[0x05]: 01114005 00770201 01114002 00770201
tlb[0x06]: 01118002 0076c201 01118005 0076c201
...
tlb[0x3d]: 010f4002 00790200 001f4002 0054ca02
tlb[0x3e]: 010f8005 0078c201 010f8002 0078c201
tlb[0x3f]: 001fc002 0056ca01 001fc005 00538a01
(*) __debug_mmu.iamr[]
(*) __debug_mmu.damr[]
These receive the current IAMR and DAMR contents. These can be viewed with the _amr
GDB macro:
(gdb) _amr
AMRx DAMR IAMR
==== ===================== =====================
amr0 : L:c0000000 P:00000cb9 : L:c0000000 P:000004b9
amr1 : L:01070005 P:006f9203 : L:0102c005 P:006a1201
amr2 : L:d8d00000 P:00000000 : L:d8d00000 P:00000000
amr3 : L:d8d04000 P:00534c0d : L:00000000 P:00000000
amr4 : L:d8d08000 P:00554c0d : L:00000000 P:00000000
amr5 : L:d8d0c000 P:00554c0d : L:00000000 P:00000000
amr6 : L:d8d10000 P:00000000 : L:00000000 P:00000000
amr7 : L:d8d14000 P:00000000 : L:00000000 P:00000000
amr8 : L:d8d18000 P:00000000
amr9 : L:d8d1c000 P:00000000
amr10: L:d8d20000 P:00000000
amr11: L:e0000000 P:e0000ccd
(*) The current task's page directory is bound to DAMR3.
This can be viewed with the _pgd GDB macro:
(gdb) _pgd
$3 = {{pge = {{ste = {0x554001, 0x554101, 0x554201, 0x554301, 0x554401,
0x554501, 0x554601, 0x554701, 0x554801, 0x554901, 0x554a01,
0x554b01, 0x554c01, 0x554d01, 0x554e01, 0x554f01, 0x555001,
0x555101, 0x555201, 0x555301, 0x555401, 0x555501, 0x555601,
0x555701, 0x555801, 0x555901, 0x555a01, 0x555b01, 0x555c01,
0x555d01, 0x555e01, 0x555f01, 0x556001, 0x556101, 0x556201,
0x556301, 0x556401, 0x556501, 0x556601, 0x556701, 0x556801,
0x556901, 0x556a01, 0x556b01, 0x556c01, 0x556d01, 0x556e01,
0x556f01, 0x557001, 0x557101, 0x557201, 0x557301, 0x557401,
0x557501, 0x557601, 0x557701, 0x557801, 0x557901, 0x557a01,
0x557b01, 0x557c01, 0x557d01, 0x557e01, 0x557f01}}}}, {pge = {{
ste = {0x0 <repeats 64 times>}}}} <repeats 51 times>, {pge = {{ste = {
0x248001, 0x248101, 0x248201, 0x248301, 0x248401, 0x248501,
0x248601, 0x248701, 0x248801, 0x248901, 0x248a01, 0x248b01,
0x248c01, 0x248d01, 0x248e01, 0x248f01, 0x249001, 0x249101,
0x249201, 0x249301, 0x249401, 0x249501, 0x249601, 0x249701,
0x249801, 0x249901, 0x249a01, 0x249b01, 0x249c01, 0x249d01,
0x249e01, 0x249f01, 0x24a001, 0x24a101, 0x24a201, 0x24a301,
0x24a401, 0x24a501, 0x24a601, 0x24a701, 0x24a801, 0x24a901,
0x24aa01, 0x24ab01, 0x24ac01, 0x24ad01, 0x24ae01, 0x24af01,
0x24b001, 0x24b101, 0x24b201, 0x24b301, 0x24b401, 0x24b501,
0x24b601, 0x24b701, 0x24b801, 0x24b901, 0x24ba01, 0x24bb01,
0x24bc01, 0x24bd01, 0x24be01, 0x24bf01}}}}, {pge = {{ste = {
0x0 <repeats 64 times>}}}} <repeats 11 times>}
(*) The PTD last used by the instruction TLB miss handler is attached to DAMR4.
(*) The PTD last used by the data TLB miss handler is attached to DAMR5.
These can be viewed with the _ptd_i and _ptd_d GDB macros:
(gdb) _ptd_d
$5 = {{pte = 0x0} <repeats 127 times>, {pte = 0x539b01}, {
pte = 0x0} <repeats 896 times>, {pte = 0x719303}, {pte = 0x6d5303}, {
pte = 0x0}, {pte = 0x0}, {pte = 0x0}, {pte = 0x0}, {pte = 0x0}, {
pte = 0x0}, {pte = 0x0}, {pte = 0x0}, {pte = 0x0}, {pte = 0x6a1303}, {
pte = 0x0} <repeats 12 times>, {pte = 0x709303}, {pte = 0x0}, {pte = 0x0},
{pte = 0x6fd303}, {pte = 0x6f9303}, {pte = 0x6f5303}, {pte = 0x0}, {
pte = 0x6ed303}, {pte = 0x531b01}, {pte = 0x50db01}, {
pte = 0x0} <repeats 13 times>, {pte = 0x5303}, {pte = 0x7f5303}, {
pte = 0x509b01}, {pte = 0x505b01}, {pte = 0x7c9303}, {pte = 0x7b9303}, {
pte = 0x7b5303}, {pte = 0x7b1303}, {pte = 0x7ad303}, {pte = 0x0}, {
pte = 0x0}, {pte = 0x7a1303}, {pte = 0x0}, {pte = 0x795303}, {pte = 0x0}, {
pte = 0x78d303}, {pte = 0x0}, {pte = 0x0}, {pte = 0x0}, {pte = 0x0}, {
pte = 0x0}, {pte = 0x775303}, {pte = 0x771303}, {pte = 0x76d303}, {
pte = 0x0}, {pte = 0x765303}, {pte = 0x7c5303}, {pte = 0x501b01}, {
pte = 0x4f1b01}, {pte = 0x4edb01}, {pte = 0x0}, {pte = 0x4f9b01}, {
pte = 0x4fdb01}, {pte = 0x0} <repeats 2992 times>}