================================= FR451 MMU LINUX MEMORY MANAGEMENT ================================= ============ MMU HARDWARE ============ FR451 MMU Linux puts the MMU into EDAT mode whilst running. This means that it uses both the SAT registers and the DAT TLB to perform address translation. There are 8 IAMLR/IAMPR register pairs and 16 DAMLR/DAMPR register pairs for SAT mode. In DAT mode, there is also a TLB organised in cache format as 64 lines x 2 ways. Each line spans a 16KB range of addresses, but can match a larger region. =========================== MEMORY MANAGEMENT REGISTERS =========================== Certain control registers are used by the kernel memory management routines: REGISTERS USAGE ====================== ================================================== IAMR0, DAMR0 Kernel image and data mappings IAMR1, DAMR1 First-chance TLB lookup mapping DAMR2 Page attachment for cache flush by page DAMR3 Current PGD mapping SCR0, DAMR4 Instruction TLB PGE/PTD cache SCR1, DAMR5 Data TLB PGE/PTD cache DAMR6-10 kmap_atomic() mappings DAMR11 I/O mapping CXNR mm_struct context ID TTBR Page directory (PGD) pointer (physical address) ===================== GENERAL MEMORY LAYOUT ===================== The physical memory layout is as follows: PHYSICAL ADDRESS CONTROLLER DEVICE =================== ============== ======================================= 00000000 - BFFFFFFF SDRAM SDRAM area E0000000 - EFFFFFFF L-BUS CS2# VDK SLBUS/PCI window F0000000 - F0FFFFFF L-BUS CS5# MB93493 CSC area (DAV daughter board) F1000000 - F1FFFFFF L-BUS CS7# (CB70 CPU-card PCMCIA port I/O space) FC000000 - FC0FFFFF L-BUS CS1# VDK MB86943 config space FC100000 - FC1FFFFF L-BUS CS6# DM9000 NIC I/O space FC200000 - FC2FFFFF L-BUS CS3# MB93493 CSR area (DAV daughter board) FD000000 - FDFFFFFF L-BUS CS4# (CB70 CPU-card extra flash space) FE000000 - FEFFFFFF Internal CPU peripherals FF000000 - FF1FFFFF L-BUS CS0# Flash 1 FF200000 - FF3FFFFF L-BUS CS0# Flash 2 FFC00000 - FFC0001F L-BUS CS0# FPGA The virtual memory layout is: VIRTUAL ADDRESS PHYSICAL TRANSLATOR FLAGS SIZE OCCUPATION ================= ======== ============== ======= ======= =================================== 00004000-BFFFFFFF various TLB,xAMR1 D-N-??V 3GB Userspace C0000000-CFFFFFFF 00000000 xAMPR0 -L-S--V 256MB Kernel image and data D0000000-D7FFFFFF various TLB,xAMR1 D-NS??V 128MB vmalloc area D8000000-DBFFFFFF various TLB,xAMR1 D-NS??V 64MB kmap() area DC000000-DCFFFFFF various TLB 1MB Secondary kmap_atomic() frame DD000000-DD27FFFF various DAMR 160KB Primary kmap_atomic() frame DD040000 DAMR2/IAMR2 -L-S--V page Page cache flush attachment point DD080000 DAMR3 -L-SC-V page Page Directory (PGD) DD0C0000 DAMR4 -L-SC-V page Cached insn TLB Page Table lookup DD100000 DAMR5 -L-SC-V page Cached data TLB Page Table lookup DD140000 DAMR6 -L-S--V page kmap_atomic(KM_BOUNCE_READ) DD180000 DAMR7 -L-S--V page kmap_atomic(KM_SKB_SUNRPC_DATA) DD1C0000 DAMR8 -L-S--V page kmap_atomic(KM_SKB_DATA_SOFTIRQ) DD200000 DAMR9 -L-S--V page kmap_atomic(KM_USER0) DD240000 DAMR10 -L-S--V page kmap_atomic(KM_USER1) E0000000-FFFFFFFF E0000000 DAMR11 -L-SC-V 512MB I/O region IAMPR1 and DAMPR1 are used as an extension to the TLB. ==================== KMAP AND KMAP_ATOMIC ==================== To access pages in the page cache (which may not be directly accessible if highmem is available), the kernel calls kmap(), does the access and then calls kunmap(); or it calls kmap_atomic(), does the access and then calls kunmap_atomic(). kmap() creates an attachment between an arbitrary inaccessible page and a range of virtual addresses by installing a PTE in a special page table. The kernel can then access this page as it wills. When it's finished, the kernel calls kunmap() to clear the PTE. kmap_atomic() does something slightly different. In the interests of speed, it chooses one of two strategies: (1) If possible, kmap_atomic() attaches the requested page to one of DAMPR5 through DAMPR10 register pairs; and the matching kunmap_atomic() clears the DAMPR. This makes high memory support really fast as there's no need to flush the TLB or modify the page tables. The DAMLR registers being used for this are preset during boot and don't change over the lifetime of the process. There's a direct mapping between the first few kmap_atomic() types, DAMR number and virtual address slot. However, there are more kmap_atomic() types defined than there are DAMR registers available, so we fall back to: (2) kmap_atomic() uses a slot in the secondary frame (determined by the type parameter), and then locks an entry in the TLB to translate that slot to the specified page. The number of slots is obviously limited, and their positions are controlled such that each slot is matched by a different line in the TLB. kunmap() ejects the entry from the TLB. Note that the first three kmap atomic types are really just declared as placeholders. The DAMPR registers involved are actually modified directly. Also note that kmap() itself may sleep, kmap_atomic() may never sleep and both always succeed; furthermore, a driver using kmap() may sleep before calling kunmap(), but may not sleep before calling kunmap_atomic() if it had previously called kmap_atomic(). =============================== USING MORE THAN 256MB OF MEMORY =============================== The kernel cannot access more than 256MB of memory directly. The physical layout, however, permits up to 3GB of SDRAM (possibly 3.25GB) to be made available. By using CONFIG_HIGHMEM, the kernel can allow userspace (by way of page tables) and itself (by way of kmap) to deal with the memory allocation. External devices can, of course, still DMA to and from all of the SDRAM, even if the kernel can't see it directly. The kernel translates page references into real addresses for communicating to the devices. =================== PAGE TABLE TOPOLOGY =================== The page tables are arranged in 2-layer format. There is a middle layer (PMD) that would be used in 3-layer format tables but that is folded into the top layer (PGD) and so consumes no extra memory or processing power. +------+ PGD PMD | TTBR |--->+-------------------+ +------+ | | : STE | | PGE0 | PME0 : STE | | | : STE | +-------------------+ Page Table | | : STE -------------->+--------+ +0x0000 | PGE1 | PME0 : STE -----------+ | PTE0 | | | : STE -------+ | +--------+ +-------------------+ | | | PTE63 | | | : STE | | +-->+--------+ +0x0100 | PGE2 | PME0 : STE | | | PTE64 | | | : STE | | +--------+ +-------------------+ | | PTE127 | | | : STE | +------>+--------+ +0x0200 | PGE3 | PME0 : STE | | PTE128 | | | : STE | +--------+ +-------------------+ | PTE191 | +--------+ +0x0300 Each Page Directory (PGD) is 16KB (page size) in size and is divided into 64 entries (PGEs). Each PGE contains one Page Mid Directory (PMD). Each PMD is 256 bytes in size and contains a single entry (PME). Each PME holds 64 FR451 MMU segment table entries of 4 bytes apiece. Each PME "points to" a page table. In practice, each STE points to a subset of the page table, the first to PT+0x0000, the second to PT+0x0100, the third to PT+0x200, and so on. Each PGE and PME covers 64MB of the total virtual address space. Each Page Table (PTD) is 16KB (page size) in size, and is divided into 4096 entries (PTEs). Each entry can point to one 16KB page. In practice, each Linux page table is subdivided into 64 FR451 MMU page tables. But they are all grouped together to make management easier, in particular rmap support is then trivial. Grouping page tables in this fashion makes PGE caching in SCR0/SCR1 more efficient because the coverage of the cached item is greater. Page tables for the vmalloc area are allocated at boot time and shared between all mm_structs. ================= USER SPACE LAYOUT ================= For MMU capable Linux, the regions userspace code are allowed to access are kept entirely separate from those dedicated to the kernel: VIRTUAL ADDRESS SIZE PURPOSE ================= ===== =================================== 00000000-00003fff 4KB NULL pointer access trap 00004000-01ffffff ~32MB lower mmap space (grows up) 02000000-021fffff 2MB Stack space (grows down from top) 02200000-nnnnnnnn Executable mapping nnnnnnnn- brk space (grows up) -bfffffff upper mmap space (grows down) This is so arranged so as to make best use of the 16KB page tables and the way in which PGEs/PMEs are cached by the TLB handler. The lower mmap space is filled first, and then the upper mmap space is filled. =============================== GDB-STUB MMU DEBUGGING SERVICES =============================== The gdb-stub included in this kernel provides a number of services to aid in the debugging of MMU related kernel services: (*) Every time the kernel stops, certain state information is dumped into __debug_mmu. This variable is defined in arch/frv/kernel/gdb-stub.c. Note that the gdbinit file in this directory has some useful macros for dealing with this. (*) __debug_mmu.tlb[] This receives the current TLB contents. This can be viewed with the _tlb GDB macro: (gdb) _tlb tlb[0x00]: 01000005 00718203 01000002 00718203 tlb[0x01]: 01004002 006d4201 01004005 006d4203 tlb[0x02]: 01008002 006d0201 01008006 00004200 tlb[0x03]: 0100c006 007f4202 0100c002 0064c202 tlb[0x04]: 01110005 00774201 01110002 00774201 tlb[0x05]: 01114005 00770201 01114002 00770201 tlb[0x06]: 01118002 0076c201 01118005 0076c201 ... tlb[0x3d]: 010f4002 00790200 001f4002 0054ca02 tlb[0x3e]: 010f8005 0078c201 010f8002 0078c201 tlb[0x3f]: 001fc002 0056ca01 001fc005 00538a01 (*) __debug_mmu.iamr[] (*) __debug_mmu.damr[] These receive the current IAMR and DAMR contents. These can be viewed with the _amr GDB macro: (gdb) _amr AMRx DAMR IAMR ==== ===================== ===================== amr0 : L:c0000000 P:00000cb9 : L:c0000000 P:000004b9 amr1 : L:01070005 P:006f9203 : L:0102c005 P:006a1201 amr2 : L:d8d00000 P:00000000 : L:d8d00000 P:00000000 amr3 : L:d8d04000 P:00534c0d : L:00000000 P:00000000 amr4 : L:d8d08000 P:00554c0d : L:00000000 P:00000000 amr5 : L:d8d0c000 P:00554c0d : L:00000000 P:00000000 amr6 : L:d8d10000 P:00000000 : L:00000000 P:00000000 amr7 : L:d8d14000 P:00000000 : L:00000000 P:00000000 amr8 : L:d8d18000 P:00000000 amr9 : L:d8d1c000 P:00000000 amr10: L:d8d20000 P:00000000 amr11: L:e0000000 P:e0000ccd (*) The current task's page directory is bound to DAMR3. This can be viewed with the _pgd GDB macro: (gdb) _pgd $3 = {{pge = {{ste = {0x554001, 0x554101, 0x554201, 0x554301, 0x554401, 0x554501, 0x554601, 0x554701, 0x554801, 0x554901, 0x554a01, 0x554b01, 0x554c01, 0x554d01, 0x554e01, 0x554f01, 0x555001, 0x555101, 0x555201, 0x555301, 0x555401, 0x555501, 0x555601, 0x555701, 0x555801, 0x555901, 0x555a01, 0x555b01, 0x555c01, 0x555d01, 0x555e01, 0x555f01, 0x556001, 0x556101, 0x556201, 0x556301, 0x556401, 0x556501, 0x556601, 0x556701, 0x556801, 0x556901, 0x556a01, 0x556b01, 0x556c01, 0x556d01, 0x556e01, 0x556f01, 0x557001, 0x557101, 0x557201, 0x557301, 0x557401, 0x557501, 0x557601, 0x557701, 0x557801, 0x557901, 0x557a01, 0x557b01, 0x557c01, 0x557d01, 0x557e01, 0x557f01}}}}, {pge = {{ ste = {0x0 }}}} , {pge = {{ste = { 0x248001, 0x248101, 0x248201, 0x248301, 0x248401, 0x248501, 0x248601, 0x248701, 0x248801, 0x248901, 0x248a01, 0x248b01, 0x248c01, 0x248d01, 0x248e01, 0x248f01, 0x249001, 0x249101, 0x249201, 0x249301, 0x249401, 0x249501, 0x249601, 0x249701, 0x249801, 0x249901, 0x249a01, 0x249b01, 0x249c01, 0x249d01, 0x249e01, 0x249f01, 0x24a001, 0x24a101, 0x24a201, 0x24a301, 0x24a401, 0x24a501, 0x24a601, 0x24a701, 0x24a801, 0x24a901, 0x24aa01, 0x24ab01, 0x24ac01, 0x24ad01, 0x24ae01, 0x24af01, 0x24b001, 0x24b101, 0x24b201, 0x24b301, 0x24b401, 0x24b501, 0x24b601, 0x24b701, 0x24b801, 0x24b901, 0x24ba01, 0x24bb01, 0x24bc01, 0x24bd01, 0x24be01, 0x24bf01}}}}, {pge = {{ste = { 0x0 }}}} } (*) The PTD last used by the instruction TLB miss handler is attached to DAMR4. (*) The PTD last used by the data TLB miss handler is attached to DAMR5. These can be viewed with the _ptd_i and _ptd_d GDB macros: (gdb) _ptd_d $5 = {{pte = 0x0} , {pte = 0x539b01}, { pte = 0x0} , {pte = 0x719303}, {pte = 0x6d5303}, { pte = 0x0}, {pte = 0x0}, {pte = 0x0}, {pte = 0x0}, {pte = 0x0}, { pte = 0x0}, {pte = 0x0}, {pte = 0x0}, {pte = 0x0}, {pte = 0x6a1303}, { pte = 0x0} , {pte = 0x709303}, {pte = 0x0}, {pte = 0x0}, {pte = 0x6fd303}, {pte = 0x6f9303}, {pte = 0x6f5303}, {pte = 0x0}, { pte = 0x6ed303}, {pte = 0x531b01}, {pte = 0x50db01}, { pte = 0x0} , {pte = 0x5303}, {pte = 0x7f5303}, { pte = 0x509b01}, {pte = 0x505b01}, {pte = 0x7c9303}, {pte = 0x7b9303}, { pte = 0x7b5303}, {pte = 0x7b1303}, {pte = 0x7ad303}, {pte = 0x0}, { pte = 0x0}, {pte = 0x7a1303}, {pte = 0x0}, {pte = 0x795303}, {pte = 0x0}, { pte = 0x78d303}, {pte = 0x0}, {pte = 0x0}, {pte = 0x0}, {pte = 0x0}, { pte = 0x0}, {pte = 0x775303}, {pte = 0x771303}, {pte = 0x76d303}, { pte = 0x0}, {pte = 0x765303}, {pte = 0x7c5303}, {pte = 0x501b01}, { pte = 0x4f1b01}, {pte = 0x4edb01}, {pte = 0x0}, {pte = 0x4f9b01}, { pte = 0x4fdb01}, {pte = 0x0} }