From: James Hogan <james.hogan@imgtec.com>
Date: Mon, 25 Jan 2016 21:30:00 +0000
Subject: [PATCH] MIPS: c-r4k: Use IPI calls for CM indexed cache ops

The Coherence Manager (CM) can propagate address-based ("hit") cache
operations to other cores in the coherent system, alleviating software
of the need to use IPI calls, however indexed cache operations are not
propagated since doing so makes no sense for separate caches.

r4k_on_each_cpu() previously had a special case for CONFIG_MIPS_MT_SMP,
intended to avoid the IPIs when the only other CPUs in the system were
other VPEs in the same core, and hence sharing the same caches. This was
changed by commit cccf34e9411c ("MIPS: c-r4k: Fix cache flushing for MT
cores") to apparently handle multi-core multi-VPE systems, but it
focussed mainly on hit cache ops, so the IPI calls were still disabled
entirely for CM systems.

This doesn't normally cause problems, but tests can be written to hit
these corner cases by using multiple threads, or changing task
affinities to force the process to migrate cores. For example the
failure of mprotect RW->RX to globally sync icaches (via
flush_cache_range) can be detected by modifying and mprotecting a code
page on one core, and migrating to a different core to execute from it.

Most of the functions called by r4k_on_each_cpu() perform cache
operations exclusively with a single addressing-type (virtual address vs
indexed), so add a type argument and modify the callers to pass in
R4K_USER (user virtual addressing), R4K_KERN (global kernel virtual
addressing) or R4K_INDEX (index into cache).

local_r4k_flush_icache_range() is split up, to allow it to be called
from the rest of the kernel, or from r4k_flush_icache_range() where it
will choose either indexed or hit cache operations based on the size of
the range and the cache sizes.

local_r4k_flush_kernel_vmap_range() is split into two functions, each of
which uses cache operations with a single addressing-type, with
r4k_flush_kernel_vmap_range() making the decision whether to use indexed
cache ops or not.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paul Burton <paul.burton@imgtec.com>
Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com>
Cc: linux-mips@linux-mips.org
---

--- a/arch/mips/mm/c-r4k.c
+++ b/arch/mips/mm/c-r4k.c
@@ -40,6 +40,50 @@
 #include <asm/mips-cm.h>
 
 /*
+ * Bits describing what cache ops an IPI callback function may perform.
+ *
+ * R4K_USER   -	Virtual user address based cache operations.
+ *		Ineffective on other CPUs.
+ * R4K_KERN   -	Virtual kernel address based cache operations (including kmap).
+ *		Effective on other CPUs.
+ * R4K_INDEX -	Index based cache operations.
+ *		Effective on other CPUs.
+ */
+
+#define R4K_USER	BIT(0)
+#define R4K_KERN	BIT(1)
+#define R4K_INDEX	BIT(2)
+
+#ifdef CONFIG_SMP
+/* The Coherence manager propagates address-based cache ops to other cores */
+#define r4k_hit_globalized	mips_cm_present()
+#define r4k_index_globalized	0
+#else
+/* If there's only 1 CPU, then all cache ops are globalized to that 1 CPU */
+#define r4k_hit_globalized	1
+#define r4k_index_globalized	1
+#endif
+
+/**
+ * r4k_op_needs_ipi() - Decide if a cache op needs to be done on every core.
+ * @type:	Type of cache operations (R4K_USER, R4K_KERN or R4K_INDEX).
+ *
+ * Returns:	1 if the cache operation @type should be done on every core in
+ *		the system.
+ *		0 if the cache operation @type is globalized and only needs to
+ *		be performed on a simple CPU.
+ */
+static inline bool r4k_op_needs_ipi(unsigned int type)
+{
+	/*
+	 * If hardware doesn't globalize the required cache ops we must use IPIs
+	 * to do so.
+	 */
+	return (type & R4K_KERN  && !r4k_hit_globalized) ||
+	       (type & R4K_INDEX && !r4k_index_globalized);
+}
+
+/*
  * Special Variant of smp_call_function for use by cache functions:
  *
  *  o No return value
@@ -48,19 +92,11 @@
  *    primary cache.
  *  o doesn't disable interrupts on the local CPU
  */
-static inline void r4k_on_each_cpu(void (*func) (void *info), void *info)
+static inline void r4k_on_each_cpu(unsigned int type,
+				   void (*func) (void *info), void *info)
 {
 	preempt_disable();
-
-	/*
-	 * The Coherent Manager propagates address-based cache ops to other
-	 * cores but not index-based ops. However, r4k_on_each_cpu is used
-	 * in both cases so there is no easy way to tell what kind of op is
-	 * executed to the other cores. The best we can probably do is
-	 * to restrict that call when a CM is not present because both
-	 * CM-based SMP protocols (CMP & CPS) restrict index-based cache ops.
-	 */
-	if (!mips_cm_present())
+	if (r4k_op_needs_ipi(type))
 		smp_call_function_many(&cpu_foreign_map, func, info, 1);
 	func(info);
 	preempt_enable();
@@ -456,7 +492,7 @@ static inline void local_r4k___flush_cac
 
 static void r4k___flush_cache_all(void)
 {
-	r4k_on_each_cpu(local_r4k___flush_cache_all, NULL);
+	r4k_on_each_cpu(R4K_INDEX, local_r4k___flush_cache_all, NULL);
 }
 
 static inline int has_valid_asid(const struct mm_struct *mm)
@@ -503,7 +539,7 @@ static void r4k_flush_cache_range(struct
 	int exec = vma->vm_flags & VM_EXEC;
 
 	if (cpu_has_dc_aliases || (exec && !cpu_has_ic_fills_f_dc))
-		r4k_on_each_cpu(local_r4k_flush_cache_range, vma);
+		r4k_on_each_cpu(R4K_INDEX, local_r4k_flush_cache_range, vma);
 }
 
 static inline void local_r4k_flush_cache_mm(void * args)
@@ -535,7 +571,7 @@ static void r4k_flush_cache_mm(struct mm
 	if (!cpu_has_dc_aliases)
 		return;
 
-	r4k_on_each_cpu(local_r4k_flush_cache_mm, mm);
+	r4k_on_each_cpu(R4K_INDEX, local_r4k_flush_cache_mm, mm);
 }
 
 struct flush_cache_page_args {
@@ -629,7 +665,7 @@ static void r4k_flush_cache_page(struct
 	args.addr = addr;
 	args.pfn = pfn;
 
-	r4k_on_each_cpu(local_r4k_flush_cache_page, &args);
+	r4k_on_each_cpu(R4K_KERN, local_r4k_flush_cache_page, &args);
 }
 
 static inline void local_r4k_flush_data_cache_page(void * addr)
@@ -642,18 +678,23 @@ static void r4k_flush_data_cache_page(un
 	if (in_atomic())
 		local_r4k_flush_data_cache_page((void *)addr);
 	else
-		r4k_on_each_cpu(local_r4k_flush_data_cache_page, (void *) addr);
+		r4k_on_each_cpu(R4K_KERN, local_r4k_flush_data_cache_page,
+				(void *) addr);
 }
 
 struct flush_icache_range_args {
 	unsigned long start;
 	unsigned long end;
+	unsigned int type;
 };
 
-static inline void local_r4k_flush_icache_range(unsigned long start, unsigned long end)
+static inline void __local_r4k_flush_icache_range(unsigned long start,
+						  unsigned long end,
+						  unsigned int type)
 {
 	if (!cpu_has_ic_fills_f_dc) {
-		if (end - start >= dcache_size) {
+		if (type == R4K_INDEX ||
+		    (type & R4K_INDEX && end - start >= dcache_size)) {
 			r4k_blast_dcache();
 		} else {
 			R4600_HIT_CACHEOP_WAR_IMPL;
@@ -661,7 +702,8 @@ static inline void local_r4k_flush_icach
 		}
 	}
 
-	if (end - start > icache_size)
+	if (type == R4K_INDEX ||
+	    (type & R4K_INDEX && end - start > icache_size))
 		r4k_blast_icache();
 	else {
 		switch (boot_cpu_type()) {
@@ -687,23 +729,59 @@ static inline void local_r4k_flush_icach
 #endif
 }
 
+static inline void local_r4k_flush_icache_range(unsigned long start,
+						unsigned long end)
+{
+	__local_r4k_flush_icache_range(start, end, R4K_KERN | R4K_INDEX);
+}
+
 static inline void local_r4k_flush_icache_range_ipi(void *args)
 {
 	struct flush_icache_range_args *fir_args = args;
 	unsigned long start = fir_args->start;
 	unsigned long end = fir_args->end;
+	unsigned int type = fir_args->type;
 
-	local_r4k_flush_icache_range(start, end);
+	__local_r4k_flush_icache_range(start, end, type);
 }
 
 static void r4k_flush_icache_range(unsigned long start, unsigned long end)
 {
 	struct flush_icache_range_args args;
+	unsigned long size, cache_size;
 
 	args.start = start;
 	args.end = end;
+	args.type = R4K_KERN | R4K_INDEX;
 
-	r4k_on_each_cpu(local_r4k_flush_icache_range_ipi, &args);
+	if (in_atomic()) {
+		/*
+		 * We can't do blocking IPI calls from atomic context, so fall
+		 * back to pure address-based cache ops if they globalize.
+		 */
+		if (!r4k_index_globalized && r4k_hit_globalized) {
+			args.type &= ~R4K_INDEX;
+		} else {
+			/* Just do it locally instead. */
+			local_r4k_flush_icache_range(start, end);
+			instruction_hazard();
+			return;
+		}
+	} else if (!r4k_index_globalized && r4k_hit_globalized) {
+		/*
+		 * If address-based cache ops are globalized, then we may be
+		 * able to avoid the IPI for small flushes.
+		 */
+		size = start - end;
+		cache_size = icache_size;
+		if (!cpu_has_ic_fills_f_dc) {
+			size *= 2;
+			cache_size += dcache_size;
+		}
+		if (size <= cache_size)
+			args.type &= ~R4K_INDEX;
+	}
+	r4k_on_each_cpu(args.type, local_r4k_flush_icache_range_ipi, &args);
 	instruction_hazard();
 }
 
@@ -823,7 +901,12 @@ static void local_r4k_flush_cache_sigtra
 
 static void r4k_flush_cache_sigtramp(unsigned long addr)
 {
-	r4k_on_each_cpu(local_r4k_flush_cache_sigtramp, (void *) addr);
+	/*
+	 * FIXME this is a bit broken when !r4k_hit_globalized, since the user
+	 * code probably won't be mapped on other CPUs, so if the process is
+	 * migrated, it could end up hitting stale icache lines.
+	 */
+	r4k_on_each_cpu(R4K_USER, local_r4k_flush_cache_sigtramp, (void *)addr);
 }
 
 static void r4k_flush_icache_all(void)
@@ -837,6 +920,15 @@ struct flush_kernel_vmap_range_args {
 	int		size;
 };
 
+static inline void local_r4k_flush_kernel_vmap_range_index(void *args)
+{
+	/*
+	 * Aliases only affect the primary caches so don't bother with
+	 * S-caches or T-caches.
+	 */
+	r4k_blast_dcache();
+}
+
 static inline void local_r4k_flush_kernel_vmap_range(void *args)
 {
 	struct flush_kernel_vmap_range_args *vmra = args;
@@ -847,12 +939,8 @@ static inline void local_r4k_flush_kerne
 	 * Aliases only affect the primary caches so don't bother with
 	 * S-caches or T-caches.
 	 */
-	if (cpu_has_safe_index_cacheops && size >= dcache_size)
-		r4k_blast_dcache();
-	else {
-		R4600_HIT_CACHEOP_WAR_IMPL;
-		blast_dcache_range(vaddr, vaddr + size);
-	}
+	R4600_HIT_CACHEOP_WAR_IMPL;
+	blast_dcache_range(vaddr, vaddr + size);
 }
 
 static void r4k_flush_kernel_vmap_range(unsigned long vaddr, int size)
@@ -862,7 +950,12 @@ static void r4k_flush_kernel_vmap_range(
 	args.vaddr = (unsigned long) vaddr;
 	args.size = size;
 
-	r4k_on_each_cpu(local_r4k_flush_kernel_vmap_range, &args);
+	if (cpu_has_safe_index_cacheops && size >= dcache_size)
+		r4k_on_each_cpu(R4K_INDEX,
+				local_r4k_flush_kernel_vmap_range_index, NULL);
+	else
+		r4k_on_each_cpu(R4K_KERN, local_r4k_flush_kernel_vmap_range,
+				&args);
 }
 
 static inline void rm7k_erratum31(void)