• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /asuswrt-rt-n18u-9.0.0.4.380.2695/release/src-rt-6.x.4708/linux/linux-2.6.36/arch/powerpc/kernel/
1/*
2 *  PowerPC version
3 *    Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
4 *
5 *  Rewritten by Cort Dougan (cort@cs.nmt.edu) for PReP
6 *    Copyright (C) 1996 Cort Dougan <cort@cs.nmt.edu>
7 *  Adapted for Power Macintosh by Paul Mackerras.
8 *  Low-level exception handlers and MMU support
9 *  rewritten by Paul Mackerras.
10 *    Copyright (C) 1996 Paul Mackerras.
11 *  MPC8xx modifications Copyright (C) 1997 Dan Malek (dmalek@jlc.net).
12 *
13 *  This file contains the low-level support and setup for the
14 *  PowerPC platform, including trap and interrupt dispatch.
15 *  (The PPC 8xx embedded CPUs use head_8xx.S instead.)
16 *
17 *  This program is free software; you can redistribute it and/or
18 *  modify it under the terms of the GNU General Public License
19 *  as published by the Free Software Foundation; either version
20 *  2 of the License, or (at your option) any later version.
21 *
22 */
23
24#include <linux/init.h>
25#include <asm/reg.h>
26#include <asm/page.h>
27#include <asm/mmu.h>
28#include <asm/pgtable.h>
29#include <asm/cputable.h>
30#include <asm/cache.h>
31#include <asm/thread_info.h>
32#include <asm/ppc_asm.h>
33#include <asm/asm-offsets.h>
34#include <asm/ptrace.h>
35#include <asm/bug.h>
36#include <asm/kvm_book3s_asm.h>
37
38/* 601 only have IBAT; cr0.eq is set on 601 when using this macro */
39#define LOAD_BAT(n, reg, RA, RB)	\
40	/* see the comment for clear_bats() -- Cort */ \
41	li	RA,0;			\
42	mtspr	SPRN_IBAT##n##U,RA;	\
43	mtspr	SPRN_DBAT##n##U,RA;	\
44	lwz	RA,(n*16)+0(reg);	\
45	lwz	RB,(n*16)+4(reg);	\
46	mtspr	SPRN_IBAT##n##U,RA;	\
47	mtspr	SPRN_IBAT##n##L,RB;	\
48	beq	1f;			\
49	lwz	RA,(n*16)+8(reg);	\
50	lwz	RB,(n*16)+12(reg);	\
51	mtspr	SPRN_DBAT##n##U,RA;	\
52	mtspr	SPRN_DBAT##n##L,RB;	\
531:
54
55	__HEAD
56	.stabs	"arch/powerpc/kernel/",N_SO,0,0,0f
57	.stabs	"head_32.S",N_SO,0,0,0f
580:
59_ENTRY(_stext);
60
61/*
62 * _start is defined this way because the XCOFF loader in the OpenFirmware
63 * on the powermac expects the entry point to be a procedure descriptor.
64 */
65_ENTRY(_start);
66	/*
67	 * These are here for legacy reasons, the kernel used to
68	 * need to look like a coff function entry for the pmac
69	 * but we're always started by some kind of bootloader now.
70	 *  -- Cort
71	 */
72	nop	/* used by __secondary_hold on prep (mtx) and chrp smp */
73	nop	/* used by __secondary_hold on prep (mtx) and chrp smp */
74	nop
75
76/* PMAC
77 * Enter here with the kernel text, data and bss loaded starting at
78 * 0, running with virtual == physical mapping.
79 * r5 points to the prom entry point (the client interface handler
80 * address).  Address translation is turned on, with the prom
81 * managing the hash table.  Interrupts are disabled.  The stack
82 * pointer (r1) points to just below the end of the half-meg region
83 * from 0x380000 - 0x400000, which is mapped in already.
84 *
85 * If we are booted from MacOS via BootX, we enter with the kernel
86 * image loaded somewhere, and the following values in registers:
87 *  r3: 'BooX' (0x426f6f58)
88 *  r4: virtual address of boot_infos_t
89 *  r5: 0
90 *
91 * PREP
92 * This is jumped to on prep systems right after the kernel is relocated
93 * to its proper place in memory by the boot loader.  The expected layout
94 * of the regs is:
95 *   r3: ptr to residual data
96 *   r4: initrd_start or if no initrd then 0
97 *   r5: initrd_end - unused if r4 is 0
98 *   r6: Start of command line string
99 *   r7: End of command line string
100 *
101 * This just gets a minimal mmu environment setup so we can call
102 * start_here() to do the real work.
103 * -- Cort
104 */
105
106	.globl	__start
107__start:
108/*
109 * We have to do any OF calls before we map ourselves to KERNELBASE,
110 * because OF may have I/O devices mapped into that area
111 * (particularly on CHRP).
112 */
113	cmpwi	0,r5,0
114	beq	1f
115
116#ifdef CONFIG_PPC_OF_BOOT_TRAMPOLINE
117	/* find out where we are now */
118	bcl	20,31,$+4
1190:	mflr	r8			/* r8 = runtime addr here */
120	addis	r8,r8,(_stext - 0b)@ha
121	addi	r8,r8,(_stext - 0b)@l	/* current runtime base addr */
122	bl	prom_init
123#endif /* CONFIG_PPC_OF_BOOT_TRAMPOLINE */
124
125	/* We never return. We also hit that trap if trying to boot
126	 * from OF while CONFIG_PPC_OF_BOOT_TRAMPOLINE isn't selected */
127	trap
128
129/*
130 * Check for BootX signature when supporting PowerMac and branch to
131 * appropriate trampoline if it's present
132 */
133#ifdef CONFIG_PPC_PMAC
1341:	lis	r31,0x426f
135	ori	r31,r31,0x6f58
136	cmpw	0,r3,r31
137	bne	1f
138	bl	bootx_init
139	trap
140#endif /* CONFIG_PPC_PMAC */
141
1421:	mr	r31,r3			/* save parameters */
143	mr	r30,r4
144	li	r24,0			/* cpu # */
145
146/*
147 * early_init() does the early machine identification and does
148 * the necessary low-level setup and clears the BSS
149 *  -- Cort <cort@fsmlabs.com>
150 */
151	bl	early_init
152
153/* Switch MMU off, clear BATs and flush TLB. At this point, r3 contains
154 * the physical address we are running at, returned by early_init()
155 */
156 	bl	mmu_off
157__after_mmu_off:
158	bl	clear_bats
159	bl	flush_tlbs
160
161	bl	initial_bats
162#if defined(CONFIG_BOOTX_TEXT)
163	bl	setup_disp_bat
164#endif
165#ifdef CONFIG_PPC_EARLY_DEBUG_CPM
166	bl	setup_cpm_bat
167#endif
168#ifdef CONFIG_PPC_EARLY_DEBUG_USBGECKO
169	bl	setup_usbgecko_bat
170#endif
171
172/*
173 * Call setup_cpu for CPU 0 and initialize 6xx Idle
174 */
175	bl	reloc_offset
176	li	r24,0			/* cpu# */
177	bl	call_setup_cpu		/* Call setup_cpu for this CPU */
178#ifdef CONFIG_6xx
179	bl	reloc_offset
180	bl	init_idle_6xx
181#endif /* CONFIG_6xx */
182
183
184/*
185 * We need to run with _start at physical address 0.
186 * On CHRP, we are loaded at 0x10000 since OF on CHRP uses
187 * the exception vectors at 0 (and therefore this copy
188 * overwrites OF's exception vectors with our own).
189 * The MMU is off at this point.
190 */
191	bl	reloc_offset
192	mr	r26,r3
193	addis	r4,r3,KERNELBASE@h	/* current address of _start */
194	lis	r5,PHYSICAL_START@h
195	cmplw	0,r4,r5			/* already running at PHYSICAL_START? */
196	bne	relocate_kernel
197/*
198 * we now have the 1st 16M of ram mapped with the bats.
199 * prep needs the mmu to be turned on here, but pmac already has it on.
200 * this shouldn't bother the pmac since it just gets turned on again
201 * as we jump to our code at KERNELBASE. -- Cort
202 * Actually no, pmac doesn't have it on any more. BootX enters with MMU
203 * off, and in other cases, we now turn it off before changing BATs above.
204 */
205turn_on_mmu:
206	mfmsr	r0
207	ori	r0,r0,MSR_DR|MSR_IR
208	mtspr	SPRN_SRR1,r0
209	lis	r0,start_here@h
210	ori	r0,r0,start_here@l
211	mtspr	SPRN_SRR0,r0
212	SYNC
213	RFI				/* enables MMU */
214
215/*
216 * We need __secondary_hold as a place to hold the other cpus on
217 * an SMP machine, even when we are running a UP kernel.
218 */
219	. = 0xc0			/* for prep bootloader */
220	li	r3,1			/* MTX only has 1 cpu */
221	.globl	__secondary_hold
222__secondary_hold:
223	/* tell the master we're here */
224	stw	r3,__secondary_hold_acknowledge@l(0)
225#ifdef CONFIG_SMP
226100:	lwz	r4,0(0)
227	/* wait until we're told to start */
228	cmpw	0,r4,r3
229	bne	100b
230	/* our cpu # was at addr 0 - go */
231	mr	r24,r3			/* cpu # */
232	b	__secondary_start
233#else
234	b	.
235#endif /* CONFIG_SMP */
236
237	.globl	__secondary_hold_spinloop
238__secondary_hold_spinloop:
239	.long	0
240	.globl	__secondary_hold_acknowledge
241__secondary_hold_acknowledge:
242	.long	-1
243
244/*
245 * Exception entry code.  This code runs with address translation
246 * turned off, i.e. using physical addresses.
247 * We assume sprg3 has the physical address of the current
248 * task's thread_struct.
249 */
250#define EXCEPTION_PROLOG	\
251	mtspr	SPRN_SPRG_SCRATCH0,r10;	\
252	mtspr	SPRN_SPRG_SCRATCH1,r11;	\
253	mfcr	r10;		\
254	EXCEPTION_PROLOG_1;	\
255	EXCEPTION_PROLOG_2
256
257#define EXCEPTION_PROLOG_1	\
258	mfspr	r11,SPRN_SRR1;		/* check whether user or kernel */ \
259	andi.	r11,r11,MSR_PR;	\
260	tophys(r11,r1);			/* use tophys(r1) if kernel */ \
261	beq	1f;		\
262	mfspr	r11,SPRN_SPRG_THREAD;	\
263	lwz	r11,THREAD_INFO-THREAD(r11);	\
264	addi	r11,r11,THREAD_SIZE;	\
265	tophys(r11,r11);	\
2661:	subi	r11,r11,INT_FRAME_SIZE	/* alloc exc. frame */
267
268
269#define EXCEPTION_PROLOG_2	\
270	CLR_TOP32(r11);		\
271	stw	r10,_CCR(r11);		/* save registers */ \
272	stw	r12,GPR12(r11);	\
273	stw	r9,GPR9(r11);	\
274	mfspr	r10,SPRN_SPRG_SCRATCH0;	\
275	stw	r10,GPR10(r11);	\
276	mfspr	r12,SPRN_SPRG_SCRATCH1;	\
277	stw	r12,GPR11(r11);	\
278	mflr	r10;		\
279	stw	r10,_LINK(r11);	\
280	mfspr	r12,SPRN_SRR0;	\
281	mfspr	r9,SPRN_SRR1;	\
282	stw	r1,GPR1(r11);	\
283	stw	r1,0(r11);	\
284	tovirt(r1,r11);			/* set new kernel sp */	\
285	li	r10,MSR_KERNEL & ~(MSR_IR|MSR_DR); /* can take exceptions */ \
286	MTMSRD(r10);			/* (except for mach check in rtas) */ \
287	stw	r0,GPR0(r11);	\
288	lis	r10,STACK_FRAME_REGS_MARKER@ha; /* exception frame marker */ \
289	addi	r10,r10,STACK_FRAME_REGS_MARKER@l; \
290	stw	r10,8(r11);	\
291	SAVE_4GPRS(3, r11);	\
292	SAVE_2GPRS(7, r11)
293
294/*
295 * Note: code which follows this uses cr0.eq (set if from kernel),
296 * r11, r12 (SRR0), and r9 (SRR1).
297 *
298 * Note2: once we have set r1 we are in a position to take exceptions
299 * again, and we could thus set MSR:RI at that point.
300 */
301
302/*
303 * Exception vectors.
304 */
305#define EXCEPTION(n, label, hdlr, xfer)		\
306	. = n;					\
307	DO_KVM n;				\
308label:						\
309	EXCEPTION_PROLOG;			\
310	addi	r3,r1,STACK_FRAME_OVERHEAD;	\
311	xfer(n, hdlr)
312
313#define EXC_XFER_TEMPLATE(n, hdlr, trap, copyee, tfer, ret)	\
314	li	r10,trap;					\
315	stw	r10,_TRAP(r11);					\
316	li	r10,MSR_KERNEL;					\
317	copyee(r10, r9);					\
318	bl	tfer;						\
319i##n:								\
320	.long	hdlr;						\
321	.long	ret
322
323#define COPY_EE(d, s)		rlwimi d,s,0,16,16
324#define NOCOPY(d, s)
325
326#define EXC_XFER_STD(n, hdlr)		\
327	EXC_XFER_TEMPLATE(n, hdlr, n, NOCOPY, transfer_to_handler_full,	\
328			  ret_from_except_full)
329
330#define EXC_XFER_LITE(n, hdlr)		\
331	EXC_XFER_TEMPLATE(n, hdlr, n+1, NOCOPY, transfer_to_handler, \
332			  ret_from_except)
333
334#define EXC_XFER_EE(n, hdlr)		\
335	EXC_XFER_TEMPLATE(n, hdlr, n, COPY_EE, transfer_to_handler_full, \
336			  ret_from_except_full)
337
338#define EXC_XFER_EE_LITE(n, hdlr)	\
339	EXC_XFER_TEMPLATE(n, hdlr, n+1, COPY_EE, transfer_to_handler, \
340			  ret_from_except)
341
342/* System reset */
343/* core99 pmac starts the seconary here by changing the vector, and
344   putting it back to what it was (unknown_exception) when done.  */
345	EXCEPTION(0x100, Reset, unknown_exception, EXC_XFER_STD)
346
347/* Machine check */
348/*
349 * On CHRP, this is complicated by the fact that we could get a
350 * machine check inside RTAS, and we have no guarantee that certain
351 * critical registers will have the values we expect.  The set of
352 * registers that might have bad values includes all the GPRs
353 * and all the BATs.  We indicate that we are in RTAS by putting
354 * a non-zero value, the address of the exception frame to use,
355 * in SPRG2.  The machine check handler checks SPRG2 and uses its
356 * value if it is non-zero.  If we ever needed to free up SPRG2,
357 * we could use a field in the thread_info or thread_struct instead.
358 * (Other exception handlers assume that r1 is a valid kernel stack
359 * pointer when we take an exception from supervisor mode.)
360 *	-- paulus.
361 */
362	. = 0x200
363	DO_KVM  0x200
364	mtspr	SPRN_SPRG_SCRATCH0,r10
365	mtspr	SPRN_SPRG_SCRATCH1,r11
366	mfcr	r10
367#ifdef CONFIG_PPC_CHRP
368	mfspr	r11,SPRN_SPRG_RTAS
369	cmpwi	0,r11,0
370	bne	7f
371#endif /* CONFIG_PPC_CHRP */
372	EXCEPTION_PROLOG_1
3737:	EXCEPTION_PROLOG_2
374	addi	r3,r1,STACK_FRAME_OVERHEAD
375#ifdef CONFIG_PPC_CHRP
376	mfspr	r4,SPRN_SPRG_RTAS
377	cmpwi	cr1,r4,0
378	bne	cr1,1f
379#endif
380	EXC_XFER_STD(0x200, machine_check_exception)
381#ifdef CONFIG_PPC_CHRP
3821:	b	machine_check_in_rtas
383#endif
384
385/* Data access exception. */
386	. = 0x300
387	DO_KVM  0x300
388DataAccess:
389	EXCEPTION_PROLOG
390	mfspr	r10,SPRN_DSISR
391	stw	r10,_DSISR(r11)
392	andis.	r0,r10,0xa470		/* weird error? */
393	bne	1f			/* if not, try to put a PTE */
394	mfspr	r4,SPRN_DAR		/* into the hash table */
395	rlwinm	r3,r10,32-15,21,21	/* DSISR_STORE -> _PAGE_RW */
396	bl	hash_page
3971:	lwz	r5,_DSISR(r11)		/* get DSISR value */
398	mfspr	r4,SPRN_DAR
399	EXC_XFER_EE_LITE(0x300, handle_page_fault)
400
401
402/* Instruction access exception. */
403	. = 0x400
404	DO_KVM  0x400
405InstructionAccess:
406	EXCEPTION_PROLOG
407	andis.	r0,r9,0x4000		/* no pte found? */
408	beq	1f			/* if so, try to put a PTE */
409	li	r3,0			/* into the hash table */
410	mr	r4,r12			/* SRR0 is fault address */
411	bl	hash_page
4121:	mr	r4,r12
413	mr	r5,r9
414	EXC_XFER_EE_LITE(0x400, handle_page_fault)
415
416/* External interrupt */
417	EXCEPTION(0x500, HardwareInterrupt, do_IRQ, EXC_XFER_LITE)
418
419/* Alignment exception */
420	. = 0x600
421	DO_KVM  0x600
422Alignment:
423	EXCEPTION_PROLOG
424	mfspr	r4,SPRN_DAR
425	stw	r4,_DAR(r11)
426	mfspr	r5,SPRN_DSISR
427	stw	r5,_DSISR(r11)
428	addi	r3,r1,STACK_FRAME_OVERHEAD
429	EXC_XFER_EE(0x600, alignment_exception)
430
431/* Program check exception */
432	EXCEPTION(0x700, ProgramCheck, program_check_exception, EXC_XFER_STD)
433
434/* Floating-point unavailable */
435	. = 0x800
436	DO_KVM  0x800
437FPUnavailable:
438BEGIN_FTR_SECTION
439/*
440 * Certain Freescale cores don't have a FPU and treat fp instructions
441 * as a FP Unavailable exception.  Redirect to illegal/emulation handling.
442 */
443	b 	ProgramCheck
444END_FTR_SECTION_IFSET(CPU_FTR_FPU_UNAVAILABLE)
445	EXCEPTION_PROLOG
446	beq	1f
447	bl	load_up_fpu		/* if from user, just load it up */
448	b	fast_exception_return
4491:	addi	r3,r1,STACK_FRAME_OVERHEAD
450	EXC_XFER_EE_LITE(0x800, kernel_fp_unavailable_exception)
451
452/* Decrementer */
453	EXCEPTION(0x900, Decrementer, timer_interrupt, EXC_XFER_LITE)
454
455	EXCEPTION(0xa00, Trap_0a, unknown_exception, EXC_XFER_EE)
456	EXCEPTION(0xb00, Trap_0b, unknown_exception, EXC_XFER_EE)
457
458/* System call */
459	. = 0xc00
460	DO_KVM  0xc00
461SystemCall:
462	EXCEPTION_PROLOG
463	EXC_XFER_EE_LITE(0xc00, DoSyscall)
464
465/* Single step - not used on 601 */
466	EXCEPTION(0xd00, SingleStep, single_step_exception, EXC_XFER_STD)
467	EXCEPTION(0xe00, Trap_0e, unknown_exception, EXC_XFER_EE)
468
469/*
470 * The Altivec unavailable trap is at 0x0f20.  Foo.
471 * We effectively remap it to 0x3000.
472 * We include an altivec unavailable exception vector even if
473 * not configured for Altivec, so that you can't panic a
474 * non-altivec kernel running on a machine with altivec just
475 * by executing an altivec instruction.
476 */
477	. = 0xf00
478	DO_KVM  0xf00
479	b	PerformanceMonitor
480
481	. = 0xf20
482	DO_KVM  0xf20
483	b	AltiVecUnavailable
484
485/*
486 * Handle TLB miss for instruction on 603/603e.
487 * Note: we get an alternate set of r0 - r3 to use automatically.
488 */
489	. = 0x1000
490InstructionTLBMiss:
491/*
492 * r0:	scratch
493 * r1:	linux style pte ( later becomes ppc hardware pte )
494 * r2:	ptr to linux-style pte
495 * r3:	scratch
496 */
497	/* Get PTE (linux-style) and check access */
498	mfspr	r3,SPRN_IMISS
499	lis	r1,PAGE_OFFSET@h		/* check if kernel address */
500	cmplw	0,r1,r3
501	mfspr	r2,SPRN_SPRG_THREAD
502	li	r1,_PAGE_USER|_PAGE_PRESENT /* low addresses tested as user */
503	lwz	r2,PGDIR(r2)
504	bge-	112f
505	mfspr	r2,SPRN_SRR1		/* and MSR_PR bit from SRR1 */
506	rlwimi	r1,r2,32-12,29,29	/* shift MSR_PR to _PAGE_USER posn */
507	lis	r2,swapper_pg_dir@ha	/* if kernel address, use */
508	addi	r2,r2,swapper_pg_dir@l	/* kernel page table */
509112:	tophys(r2,r2)
510	rlwimi	r2,r3,12,20,29		/* insert top 10 bits of address */
511	lwz	r2,0(r2)		/* get pmd entry */
512	rlwinm.	r2,r2,0,0,19		/* extract address of pte page */
513	beq-	InstructionAddressInvalid	/* return if no mapping */
514	rlwimi	r2,r3,22,20,29		/* insert next 10 bits of address */
515	lwz	r0,0(r2)		/* get linux-style pte */
516	andc.	r1,r1,r0		/* check access & ~permission */
517	bne-	InstructionAddressInvalid /* return if access not permitted */
518	ori	r0,r0,_PAGE_ACCESSED	/* set _PAGE_ACCESSED in pte */
519	/*
520	 * NOTE! We are assuming this is not an SMP system, otherwise
521	 * we would need to update the pte atomically with lwarx/stwcx.
522	 */
523	stw	r0,0(r2)		/* update PTE (accessed bit) */
524	/* Convert linux-style PTE to low word of PPC-style PTE */
525	rlwinm	r1,r0,32-10,31,31	/* _PAGE_RW -> PP lsb */
526	rlwinm	r2,r0,32-7,31,31	/* _PAGE_DIRTY -> PP lsb */
527	and	r1,r1,r2		/* writable if _RW and _DIRTY */
528	rlwimi	r0,r0,32-1,30,30	/* _PAGE_USER -> PP msb */
529	rlwimi	r0,r0,32-1,31,31	/* _PAGE_USER -> PP lsb */
530	ori	r1,r1,0xe04		/* clear out reserved bits */
531	andc	r1,r0,r1		/* PP = user? (rw&dirty? 2: 3): 0 */
532BEGIN_FTR_SECTION
533	rlwinm	r1,r1,0,~_PAGE_COHERENT	/* clear M (coherence not required) */
534END_FTR_SECTION_IFCLR(CPU_FTR_NEED_COHERENT)
535	mtspr	SPRN_RPA,r1
536	tlbli	r3
537	mfspr	r3,SPRN_SRR1		/* Need to restore CR0 */
538	mtcrf	0x80,r3
539	rfi
540InstructionAddressInvalid:
541	mfspr	r3,SPRN_SRR1
542	rlwinm	r1,r3,9,6,6	/* Get load/store bit */
543
544	addis	r1,r1,0x2000
545	mtspr	SPRN_DSISR,r1	/* (shouldn't be needed) */
546	andi.	r2,r3,0xFFFF	/* Clear upper bits of SRR1 */
547	or	r2,r2,r1
548	mtspr	SPRN_SRR1,r2
549	mfspr	r1,SPRN_IMISS	/* Get failing address */
550	rlwinm.	r2,r2,0,31,31	/* Check for little endian access */
551	rlwimi	r2,r2,1,30,30	/* change 1 -> 3 */
552	xor	r1,r1,r2
553	mtspr	SPRN_DAR,r1	/* Set fault address */
554	mfmsr	r0		/* Restore "normal" registers */
555	xoris	r0,r0,MSR_TGPR>>16
556	mtcrf	0x80,r3		/* Restore CR0 */
557	mtmsr	r0
558	b	InstructionAccess
559
560/*
561 * Handle TLB miss for DATA Load operation on 603/603e
562 */
563	. = 0x1100
564DataLoadTLBMiss:
565/*
566 * r0:	scratch
567 * r1:	linux style pte ( later becomes ppc hardware pte )
568 * r2:	ptr to linux-style pte
569 * r3:	scratch
570 */
571	/* Get PTE (linux-style) and check access */
572	mfspr	r3,SPRN_DMISS
573	lis	r1,PAGE_OFFSET@h		/* check if kernel address */
574	cmplw	0,r1,r3
575	mfspr	r2,SPRN_SPRG_THREAD
576	li	r1,_PAGE_USER|_PAGE_PRESENT /* low addresses tested as user */
577	lwz	r2,PGDIR(r2)
578	bge-	112f
579	mfspr	r2,SPRN_SRR1		/* and MSR_PR bit from SRR1 */
580	rlwimi	r1,r2,32-12,29,29	/* shift MSR_PR to _PAGE_USER posn */
581	lis	r2,swapper_pg_dir@ha	/* if kernel address, use */
582	addi	r2,r2,swapper_pg_dir@l	/* kernel page table */
583112:	tophys(r2,r2)
584	rlwimi	r2,r3,12,20,29		/* insert top 10 bits of address */
585	lwz	r2,0(r2)		/* get pmd entry */
586	rlwinm.	r2,r2,0,0,19		/* extract address of pte page */
587	beq-	DataAddressInvalid	/* return if no mapping */
588	rlwimi	r2,r3,22,20,29		/* insert next 10 bits of address */
589	lwz	r0,0(r2)		/* get linux-style pte */
590	andc.	r1,r1,r0		/* check access & ~permission */
591	bne-	DataAddressInvalid	/* return if access not permitted */
592	ori	r0,r0,_PAGE_ACCESSED	/* set _PAGE_ACCESSED in pte */
593	/*
594	 * NOTE! We are assuming this is not an SMP system, otherwise
595	 * we would need to update the pte atomically with lwarx/stwcx.
596	 */
597	stw	r0,0(r2)		/* update PTE (accessed bit) */
598	/* Convert linux-style PTE to low word of PPC-style PTE */
599	rlwinm	r1,r0,32-10,31,31	/* _PAGE_RW -> PP lsb */
600	rlwinm	r2,r0,32-7,31,31	/* _PAGE_DIRTY -> PP lsb */
601	and	r1,r1,r2		/* writable if _RW and _DIRTY */
602	rlwimi	r0,r0,32-1,30,30	/* _PAGE_USER -> PP msb */
603	rlwimi	r0,r0,32-1,31,31	/* _PAGE_USER -> PP lsb */
604	ori	r1,r1,0xe04		/* clear out reserved bits */
605	andc	r1,r0,r1		/* PP = user? (rw&dirty? 2: 3): 0 */
606BEGIN_FTR_SECTION
607	rlwinm	r1,r1,0,~_PAGE_COHERENT	/* clear M (coherence not required) */
608END_FTR_SECTION_IFCLR(CPU_FTR_NEED_COHERENT)
609	mtspr	SPRN_RPA,r1
610	mfspr	r2,SPRN_SRR1		/* Need to restore CR0 */
611	mtcrf	0x80,r2
612BEGIN_MMU_FTR_SECTION
613	li	r0,1
614	mfspr	r1,SPRN_SPRG_603_LRU
615	rlwinm	r2,r3,20,27,31		/* Get Address bits 15:19 */
616	slw	r0,r0,r2
617	xor	r1,r0,r1
618	srw	r0,r1,r2
619	mtspr   SPRN_SPRG_603_LRU,r1
620	mfspr	r2,SPRN_SRR1
621	rlwimi	r2,r0,31-14,14,14
622	mtspr   SPRN_SRR1,r2
623END_MMU_FTR_SECTION_IFSET(MMU_FTR_NEED_DTLB_SW_LRU)
624	tlbld	r3
625	rfi
626DataAddressInvalid:
627	mfspr	r3,SPRN_SRR1
628	rlwinm	r1,r3,9,6,6	/* Get load/store bit */
629	addis	r1,r1,0x2000
630	mtspr	SPRN_DSISR,r1
631	andi.	r2,r3,0xFFFF	/* Clear upper bits of SRR1 */
632	mtspr	SPRN_SRR1,r2
633	mfspr	r1,SPRN_DMISS	/* Get failing address */
634	rlwinm.	r2,r2,0,31,31	/* Check for little endian access */
635	beq	20f		/* Jump if big endian */
636	xori	r1,r1,3
63720:	mtspr	SPRN_DAR,r1	/* Set fault address */
638	mfmsr	r0		/* Restore "normal" registers */
639	xoris	r0,r0,MSR_TGPR>>16
640	mtcrf	0x80,r3		/* Restore CR0 */
641	mtmsr	r0
642	b	DataAccess
643
644/*
645 * Handle TLB miss for DATA Store on 603/603e
646 */
647	. = 0x1200
648DataStoreTLBMiss:
649/*
650 * r0:	scratch
651 * r1:	linux style pte ( later becomes ppc hardware pte )
652 * r2:	ptr to linux-style pte
653 * r3:	scratch
654 */
655	/* Get PTE (linux-style) and check access */
656	mfspr	r3,SPRN_DMISS
657	lis	r1,PAGE_OFFSET@h		/* check if kernel address */
658	cmplw	0,r1,r3
659	mfspr	r2,SPRN_SPRG_THREAD
660	li	r1,_PAGE_RW|_PAGE_USER|_PAGE_PRESENT /* access flags */
661	lwz	r2,PGDIR(r2)
662	bge-	112f
663	mfspr	r2,SPRN_SRR1		/* and MSR_PR bit from SRR1 */
664	rlwimi	r1,r2,32-12,29,29	/* shift MSR_PR to _PAGE_USER posn */
665	lis	r2,swapper_pg_dir@ha	/* if kernel address, use */
666	addi	r2,r2,swapper_pg_dir@l	/* kernel page table */
667112:	tophys(r2,r2)
668	rlwimi	r2,r3,12,20,29		/* insert top 10 bits of address */
669	lwz	r2,0(r2)		/* get pmd entry */
670	rlwinm.	r2,r2,0,0,19		/* extract address of pte page */
671	beq-	DataAddressInvalid	/* return if no mapping */
672	rlwimi	r2,r3,22,20,29		/* insert next 10 bits of address */
673	lwz	r0,0(r2)		/* get linux-style pte */
674	andc.	r1,r1,r0		/* check access & ~permission */
675	bne-	DataAddressInvalid	/* return if access not permitted */
676	ori	r0,r0,_PAGE_ACCESSED|_PAGE_DIRTY
677	/*
678	 * NOTE! We are assuming this is not an SMP system, otherwise
679	 * we would need to update the pte atomically with lwarx/stwcx.
680	 */
681	stw	r0,0(r2)		/* update PTE (accessed/dirty bits) */
682	/* Convert linux-style PTE to low word of PPC-style PTE */
683	rlwimi	r0,r0,32-1,30,30	/* _PAGE_USER -> PP msb */
684	li	r1,0xe05		/* clear out reserved bits & PP lsb */
685	andc	r1,r0,r1		/* PP = user? 2: 0 */
686BEGIN_FTR_SECTION
687	rlwinm	r1,r1,0,~_PAGE_COHERENT	/* clear M (coherence not required) */
688END_FTR_SECTION_IFCLR(CPU_FTR_NEED_COHERENT)
689	mtspr	SPRN_RPA,r1
690	mfspr	r2,SPRN_SRR1		/* Need to restore CR0 */
691	mtcrf	0x80,r2
692BEGIN_MMU_FTR_SECTION
693	li	r0,1
694	mfspr	r1,SPRN_SPRG_603_LRU
695	rlwinm	r2,r3,20,27,31		/* Get Address bits 15:19 */
696	slw	r0,r0,r2
697	xor	r1,r0,r1
698	srw	r0,r1,r2
699	mtspr   SPRN_SPRG_603_LRU,r1
700	mfspr	r2,SPRN_SRR1
701	rlwimi	r2,r0,31-14,14,14
702	mtspr   SPRN_SRR1,r2
703END_MMU_FTR_SECTION_IFSET(MMU_FTR_NEED_DTLB_SW_LRU)
704	tlbld	r3
705	rfi
706
707#ifndef CONFIG_ALTIVEC
708#define altivec_assist_exception	unknown_exception
709#endif
710
711	EXCEPTION(0x1300, Trap_13, instruction_breakpoint_exception, EXC_XFER_EE)
712	EXCEPTION(0x1400, SMI, SMIException, EXC_XFER_EE)
713	EXCEPTION(0x1500, Trap_15, unknown_exception, EXC_XFER_EE)
714	EXCEPTION(0x1600, Trap_16, altivec_assist_exception, EXC_XFER_EE)
715	EXCEPTION(0x1700, Trap_17, TAUException, EXC_XFER_STD)
716	EXCEPTION(0x1800, Trap_18, unknown_exception, EXC_XFER_EE)
717	EXCEPTION(0x1900, Trap_19, unknown_exception, EXC_XFER_EE)
718	EXCEPTION(0x1a00, Trap_1a, unknown_exception, EXC_XFER_EE)
719	EXCEPTION(0x1b00, Trap_1b, unknown_exception, EXC_XFER_EE)
720	EXCEPTION(0x1c00, Trap_1c, unknown_exception, EXC_XFER_EE)
721	EXCEPTION(0x1d00, Trap_1d, unknown_exception, EXC_XFER_EE)
722	EXCEPTION(0x1e00, Trap_1e, unknown_exception, EXC_XFER_EE)
723	EXCEPTION(0x1f00, Trap_1f, unknown_exception, EXC_XFER_EE)
724	EXCEPTION(0x2000, RunMode, RunModeException, EXC_XFER_EE)
725	EXCEPTION(0x2100, Trap_21, unknown_exception, EXC_XFER_EE)
726	EXCEPTION(0x2200, Trap_22, unknown_exception, EXC_XFER_EE)
727	EXCEPTION(0x2300, Trap_23, unknown_exception, EXC_XFER_EE)
728	EXCEPTION(0x2400, Trap_24, unknown_exception, EXC_XFER_EE)
729	EXCEPTION(0x2500, Trap_25, unknown_exception, EXC_XFER_EE)
730	EXCEPTION(0x2600, Trap_26, unknown_exception, EXC_XFER_EE)
731	EXCEPTION(0x2700, Trap_27, unknown_exception, EXC_XFER_EE)
732	EXCEPTION(0x2800, Trap_28, unknown_exception, EXC_XFER_EE)
733	EXCEPTION(0x2900, Trap_29, unknown_exception, EXC_XFER_EE)
734	EXCEPTION(0x2a00, Trap_2a, unknown_exception, EXC_XFER_EE)
735	EXCEPTION(0x2b00, Trap_2b, unknown_exception, EXC_XFER_EE)
736	EXCEPTION(0x2c00, Trap_2c, unknown_exception, EXC_XFER_EE)
737	EXCEPTION(0x2d00, Trap_2d, unknown_exception, EXC_XFER_EE)
738	EXCEPTION(0x2e00, Trap_2e, unknown_exception, EXC_XFER_EE)
739	EXCEPTION(0x2f00, MOLTrampoline, unknown_exception, EXC_XFER_EE_LITE)
740
741	.globl mol_trampoline
742	.set mol_trampoline, i0x2f00
743
744	. = 0x3000
745
746AltiVecUnavailable:
747	EXCEPTION_PROLOG
748#ifdef CONFIG_ALTIVEC
749	beq	1f
750	bl	load_up_altivec		/* if from user, just load it up */
751	b	fast_exception_return
752#endif /* CONFIG_ALTIVEC */
7531:	addi	r3,r1,STACK_FRAME_OVERHEAD
754	EXC_XFER_EE_LITE(0xf20, altivec_unavailable_exception)
755
756PerformanceMonitor:
757	EXCEPTION_PROLOG
758	addi	r3,r1,STACK_FRAME_OVERHEAD
759	EXC_XFER_STD(0xf00, performance_monitor_exception)
760
761
762/*
763 * This code is jumped to from the startup code to copy
764 * the kernel image to physical address PHYSICAL_START.
765 */
766relocate_kernel:
767	addis	r9,r26,klimit@ha	/* fetch klimit */
768	lwz	r25,klimit@l(r9)
769	addis	r25,r25,-KERNELBASE@h
770	lis	r3,PHYSICAL_START@h	/* Destination base address */
771	li	r6,0			/* Destination offset */
772	li	r5,0x4000		/* # bytes of memory to copy */
773	bl	copy_and_flush		/* copy the first 0x4000 bytes */
774	addi	r0,r3,4f@l		/* jump to the address of 4f */
775	mtctr	r0			/* in copy and do the rest. */
776	bctr				/* jump to the copy */
7774:	mr	r5,r25
778	bl	copy_and_flush		/* copy the rest */
779	b	turn_on_mmu
780
781/*
782 * Copy routine used to copy the kernel to start at physical address 0
783 * and flush and invalidate the caches as needed.
784 * r3 = dest addr, r4 = source addr, r5 = copy limit, r6 = start offset
785 * on exit, r3, r4, r5 are unchanged, r6 is updated to be >= r5.
786 */
787_ENTRY(copy_and_flush)
788	addi	r5,r5,-4
789	addi	r6,r6,-4
7904:	li	r0,L1_CACHE_BYTES/4
791	mtctr	r0
7923:	addi	r6,r6,4			/* copy a cache line */
793	lwzx	r0,r6,r4
794	stwx	r0,r6,r3
795	bdnz	3b
796	dcbst	r6,r3			/* write it to memory */
797	sync
798	icbi	r6,r3			/* flush the icache line */
799	cmplw	0,r6,r5
800	blt	4b
801	sync				/* additional sync needed on g4 */
802	isync
803	addi	r5,r5,4
804	addi	r6,r6,4
805	blr
806
807#ifdef CONFIG_SMP
808#ifdef CONFIG_GEMINI
809	.globl	__secondary_start_gemini
810__secondary_start_gemini:
811        mfspr   r4,SPRN_HID0
812        ori     r4,r4,HID0_ICFI
813        li      r3,0
814        ori     r3,r3,HID0_ICE
815        andc    r4,r4,r3
816        mtspr   SPRN_HID0,r4
817        sync
818        b       __secondary_start
819#endif /* CONFIG_GEMINI */
820
821	.globl __secondary_start_mpc86xx
822__secondary_start_mpc86xx:
823	mfspr	r3, SPRN_PIR
824	stw	r3, __secondary_hold_acknowledge@l(0)
825	mr	r24, r3			/* cpu # */
826	b	__secondary_start
827
828	.globl	__secondary_start_pmac_0
829__secondary_start_pmac_0:
830	/* NB the entries for cpus 0, 1, 2 must each occupy 8 bytes. */
831	li	r24,0
832	b	1f
833	li	r24,1
834	b	1f
835	li	r24,2
836	b	1f
837	li	r24,3
8381:
839	/* on powersurge, we come in here with IR=0 and DR=1, and DBAT 0
840	   set to map the 0xf0000000 - 0xffffffff region */
841	mfmsr	r0
842	rlwinm	r0,r0,0,28,26		/* clear DR (0x10) */
843	SYNC
844	mtmsr	r0
845	isync
846
847	.globl	__secondary_start
848__secondary_start:
849	/* Copy some CPU settings from CPU 0 */
850	bl	__restore_cpu_setup
851
852	lis	r3,-KERNELBASE@h
853	mr	r4,r24
854	bl	call_setup_cpu		/* Call setup_cpu for this CPU */
855#ifdef CONFIG_6xx
856	lis	r3,-KERNELBASE@h
857	bl	init_idle_6xx
858#endif /* CONFIG_6xx */
859
860	/* get current_thread_info and current */
861	lis	r1,secondary_ti@ha
862	tophys(r1,r1)
863	lwz	r1,secondary_ti@l(r1)
864	tophys(r2,r1)
865	lwz	r2,TI_TASK(r2)
866
867	/* stack */
868	addi	r1,r1,THREAD_SIZE-STACK_FRAME_OVERHEAD
869	li	r0,0
870	tophys(r3,r1)
871	stw	r0,0(r3)
872
873	/* load up the MMU */
874	bl	load_up_mmu
875
876	/* ptr to phys current thread */
877	tophys(r4,r2)
878	addi	r4,r4,THREAD	/* phys address of our thread_struct */
879	CLR_TOP32(r4)
880	mtspr	SPRN_SPRG_THREAD,r4
881	li	r3,0
882	mtspr	SPRN_SPRG_RTAS,r3	/* 0 => not in RTAS */
883
884	/* enable MMU and jump to start_secondary */
885	li	r4,MSR_KERNEL
886	FIX_SRR1(r4,r5)
887	lis	r3,start_secondary@h
888	ori	r3,r3,start_secondary@l
889	mtspr	SPRN_SRR0,r3
890	mtspr	SPRN_SRR1,r4
891	SYNC
892	RFI
893#endif /* CONFIG_SMP */
894
895#ifdef CONFIG_KVM_BOOK3S_HANDLER
896#include "../kvm/book3s_rmhandlers.S"
897#endif
898
899/*
900 * Those generic dummy functions are kept for CPUs not
901 * included in CONFIG_6xx
902 */
903#if !defined(CONFIG_6xx)
904_ENTRY(__save_cpu_setup)
905	blr
906_ENTRY(__restore_cpu_setup)
907	blr
908#endif /* !defined(CONFIG_6xx) */
909
910
911/*
912 * Load stuff into the MMU.  Intended to be called with
913 * IR=0 and DR=0.
914 */
915load_up_mmu:
916	sync			/* Force all PTE updates to finish */
917	isync
918	tlbia			/* Clear all TLB entries */
919	sync			/* wait for tlbia/tlbie to finish */
920	TLBSYNC			/* ... on all CPUs */
921	/* Load the SDR1 register (hash table base & size) */
922	lis	r6,_SDR1@ha
923	tophys(r6,r6)
924	lwz	r6,_SDR1@l(r6)
925	mtspr	SPRN_SDR1,r6
926	li	r0,16		/* load up segment register values */
927	mtctr	r0		/* for context 0 */
928	lis	r3,0x2000	/* Ku = 1, VSID = 0 */
929	li	r4,0
9303:	mtsrin	r3,r4
931	addi	r3,r3,0x111	/* increment VSID */
932	addis	r4,r4,0x1000	/* address of next segment */
933	bdnz	3b
934
935/* Load the BAT registers with the values set up by MMU_init.
936   MMU_init takes care of whether we're on a 601 or not. */
937	mfpvr	r3
938	srwi	r3,r3,16
939	cmpwi	r3,1
940	lis	r3,BATS@ha
941	addi	r3,r3,BATS@l
942	tophys(r3,r3)
943	LOAD_BAT(0,r3,r4,r5)
944	LOAD_BAT(1,r3,r4,r5)
945	LOAD_BAT(2,r3,r4,r5)
946	LOAD_BAT(3,r3,r4,r5)
947BEGIN_MMU_FTR_SECTION
948	LOAD_BAT(4,r3,r4,r5)
949	LOAD_BAT(5,r3,r4,r5)
950	LOAD_BAT(6,r3,r4,r5)
951	LOAD_BAT(7,r3,r4,r5)
952END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_HIGH_BATS)
953	blr
954
955/*
956 * This is where the main kernel code starts.
957 */
958start_here:
959	/* ptr to current */
960	lis	r2,init_task@h
961	ori	r2,r2,init_task@l
962	/* Set up for using our exception vectors */
963	/* ptr to phys current thread */
964	tophys(r4,r2)
965	addi	r4,r4,THREAD	/* init task's THREAD */
966	CLR_TOP32(r4)
967	mtspr	SPRN_SPRG_THREAD,r4
968	li	r3,0
969	mtspr	SPRN_SPRG_RTAS,r3	/* 0 => not in RTAS */
970
971	/* stack */
972	lis	r1,init_thread_union@ha
973	addi	r1,r1,init_thread_union@l
974	li	r0,0
975	stwu	r0,THREAD_SIZE-STACK_FRAME_OVERHEAD(r1)
976/*
977 * Do early platform-specific initialization,
978 * and set up the MMU.
979 */
980	mr	r3,r31
981	mr	r4,r30
982	bl	machine_init
983	bl	__save_cpu_setup
984	bl	MMU_init
985
986/*
987 * Go back to running unmapped so we can load up new values
988 * for SDR1 (hash table pointer) and the segment registers
989 * and change to using our exception vectors.
990 */
991	lis	r4,2f@h
992	ori	r4,r4,2f@l
993	tophys(r4,r4)
994	li	r3,MSR_KERNEL & ~(MSR_IR|MSR_DR)
995	FIX_SRR1(r3,r5)
996	mtspr	SPRN_SRR0,r4
997	mtspr	SPRN_SRR1,r3
998	SYNC
999	RFI
1000/* Load up the kernel context */
10012:	bl	load_up_mmu
1002
1003#ifdef CONFIG_BDI_SWITCH
1004	/* Add helper information for the Abatron bdiGDB debugger.
1005	 * We do this here because we know the mmu is disabled, and
1006	 * will be enabled for real in just a few instructions.
1007	 */
1008	lis	r5, abatron_pteptrs@h
1009	ori	r5, r5, abatron_pteptrs@l
1010	stw	r5, 0xf0(r0)	/* This much match your Abatron config */
1011	lis	r6, swapper_pg_dir@h
1012	ori	r6, r6, swapper_pg_dir@l
1013	tophys(r5, r5)
1014	stw	r6, 0(r5)
1015#endif /* CONFIG_BDI_SWITCH */
1016
1017/* Now turn on the MMU for real! */
1018	li	r4,MSR_KERNEL
1019	FIX_SRR1(r4,r5)
1020	lis	r3,start_kernel@h
1021	ori	r3,r3,start_kernel@l
1022	mtspr	SPRN_SRR0,r3
1023	mtspr	SPRN_SRR1,r4
1024	SYNC
1025	RFI
1026
1027/*
1028 * void switch_mmu_context(struct mm_struct *prev, struct mm_struct *next);
1029 *
1030 * Set up the segment registers for a new context.
1031 */
1032_ENTRY(switch_mmu_context)
1033	lwz	r3,MMCONTEXTID(r4)
1034	cmpwi	cr0,r3,0
1035	blt-	4f
1036	mulli	r3,r3,897	/* multiply context by skew factor */
1037	rlwinm	r3,r3,4,8,27	/* VSID = (context & 0xfffff) << 4 */
1038	addis	r3,r3,0x6000	/* Set Ks, Ku bits */
1039	li	r0,NUM_USER_SEGMENTS
1040	mtctr	r0
1041
1042#ifdef CONFIG_BDI_SWITCH
1043	/* Context switch the PTE pointer for the Abatron BDI2000.
1044	 * The PGDIR is passed as second argument.
1045	 */
1046	lwz	r4,MM_PGD(r4)
1047	lis	r5, KERNELBASE@h
1048	lwz	r5, 0xf0(r5)
1049	stw	r4, 0x4(r5)
1050#endif
1051	li	r4,0
1052	isync
10533:
1054	mtsrin	r3,r4
1055	addi	r3,r3,0x111	/* next VSID */
1056	rlwinm	r3,r3,0,8,3	/* clear out any overflow from VSID field */
1057	addis	r4,r4,0x1000	/* address of next segment */
1058	bdnz	3b
1059	sync
1060	isync
1061	blr
10624:	trap
1063	EMIT_BUG_ENTRY 4b,__FILE__,__LINE__,0
1064	blr
1065
1066/*
1067 * An undocumented "feature" of 604e requires that the v bit
1068 * be cleared before changing BAT values.
1069 *
1070 * Also, newer IBM firmware does not clear bat3 and 4 so
1071 * this makes sure it's done.
1072 *  -- Cort
1073 */
1074clear_bats:
1075	li	r10,0
1076	mfspr	r9,SPRN_PVR
1077	rlwinm	r9,r9,16,16,31		/* r9 = 1 for 601, 4 for 604 */
1078	cmpwi	r9, 1
1079	beq	1f
1080
1081	mtspr	SPRN_DBAT0U,r10
1082	mtspr	SPRN_DBAT0L,r10
1083	mtspr	SPRN_DBAT1U,r10
1084	mtspr	SPRN_DBAT1L,r10
1085	mtspr	SPRN_DBAT2U,r10
1086	mtspr	SPRN_DBAT2L,r10
1087	mtspr	SPRN_DBAT3U,r10
1088	mtspr	SPRN_DBAT3L,r10
10891:
1090	mtspr	SPRN_IBAT0U,r10
1091	mtspr	SPRN_IBAT0L,r10
1092	mtspr	SPRN_IBAT1U,r10
1093	mtspr	SPRN_IBAT1L,r10
1094	mtspr	SPRN_IBAT2U,r10
1095	mtspr	SPRN_IBAT2L,r10
1096	mtspr	SPRN_IBAT3U,r10
1097	mtspr	SPRN_IBAT3L,r10
1098BEGIN_MMU_FTR_SECTION
1099	/* Here's a tweak: at this point, CPU setup have
1100	 * not been called yet, so HIGH_BAT_EN may not be
1101	 * set in HID0 for the 745x processors. However, it
1102	 * seems that doesn't affect our ability to actually
1103	 * write to these SPRs.
1104	 */
1105	mtspr	SPRN_DBAT4U,r10
1106	mtspr	SPRN_DBAT4L,r10
1107	mtspr	SPRN_DBAT5U,r10
1108	mtspr	SPRN_DBAT5L,r10
1109	mtspr	SPRN_DBAT6U,r10
1110	mtspr	SPRN_DBAT6L,r10
1111	mtspr	SPRN_DBAT7U,r10
1112	mtspr	SPRN_DBAT7L,r10
1113	mtspr	SPRN_IBAT4U,r10
1114	mtspr	SPRN_IBAT4L,r10
1115	mtspr	SPRN_IBAT5U,r10
1116	mtspr	SPRN_IBAT5L,r10
1117	mtspr	SPRN_IBAT6U,r10
1118	mtspr	SPRN_IBAT6L,r10
1119	mtspr	SPRN_IBAT7U,r10
1120	mtspr	SPRN_IBAT7L,r10
1121END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_HIGH_BATS)
1122	blr
1123
1124flush_tlbs:
1125	lis	r10, 0x40
11261:	addic.	r10, r10, -0x1000
1127	tlbie	r10
1128	bgt	1b
1129	sync
1130	blr
1131
1132mmu_off:
1133 	addi	r4, r3, __after_mmu_off - _start
1134	mfmsr	r3
1135	andi.	r0,r3,MSR_DR|MSR_IR		/* MMU enabled? */
1136	beqlr
1137	andc	r3,r3,r0
1138	mtspr	SPRN_SRR0,r4
1139	mtspr	SPRN_SRR1,r3
1140	sync
1141	RFI
1142
1143/*
1144 * On 601, we use 3 BATs to map up to 24M of RAM at _PAGE_OFFSET
1145 * (we keep one for debugging) and on others, we use one 256M BAT.
1146 */
1147initial_bats:
1148	lis	r11,PAGE_OFFSET@h
1149	mfspr	r9,SPRN_PVR
1150	rlwinm	r9,r9,16,16,31		/* r9 = 1 for 601, 4 for 604 */
1151	cmpwi	0,r9,1
1152	bne	4f
1153	ori	r11,r11,4		/* set up BAT registers for 601 */
1154	li	r8,0x7f			/* valid, block length = 8MB */
1155	mtspr	SPRN_IBAT0U,r11		/* N.B. 601 has valid bit in */
1156	mtspr	SPRN_IBAT0L,r8		/* lower BAT register */
1157	addis	r11,r11,0x800000@h
1158	addis	r8,r8,0x800000@h
1159	mtspr	SPRN_IBAT1U,r11
1160	mtspr	SPRN_IBAT1L,r8
1161	addis	r11,r11,0x800000@h
1162	addis	r8,r8,0x800000@h
1163	mtspr	SPRN_IBAT2U,r11
1164	mtspr	SPRN_IBAT2L,r8
1165	isync
1166	blr
1167
11684:	tophys(r8,r11)
1169#ifdef CONFIG_SMP
1170	ori	r8,r8,0x12		/* R/W access, M=1 */
1171#else
1172	ori	r8,r8,2			/* R/W access */
1173#endif /* CONFIG_SMP */
1174	ori	r11,r11,BL_256M<<2|0x2	/* set up BAT registers for 604 */
1175
1176	mtspr	SPRN_DBAT0L,r8		/* N.B. 6xx (not 601) have valid */
1177	mtspr	SPRN_DBAT0U,r11		/* bit in upper BAT register */
1178	mtspr	SPRN_IBAT0L,r8
1179	mtspr	SPRN_IBAT0U,r11
1180	isync
1181	blr
1182
1183
1184#ifdef CONFIG_BOOTX_TEXT
1185setup_disp_bat:
1186	/*
1187	 * setup the display bat prepared for us in prom.c
1188	 */
1189	mflr	r8
1190	bl	reloc_offset
1191	mtlr	r8
1192	addis	r8,r3,disp_BAT@ha
1193	addi	r8,r8,disp_BAT@l
1194	cmpwi	cr0,r8,0
1195	beqlr
1196	lwz	r11,0(r8)
1197	lwz	r8,4(r8)
1198	mfspr	r9,SPRN_PVR
1199	rlwinm	r9,r9,16,16,31		/* r9 = 1 for 601, 4 for 604 */
1200	cmpwi	0,r9,1
1201	beq	1f
1202	mtspr	SPRN_DBAT3L,r8
1203	mtspr	SPRN_DBAT3U,r11
1204	blr
12051:	mtspr	SPRN_IBAT3L,r8
1206	mtspr	SPRN_IBAT3U,r11
1207	blr
1208#endif /* CONFIG_BOOTX_TEXT */
1209
1210#ifdef CONFIG_PPC_EARLY_DEBUG_CPM
1211setup_cpm_bat:
1212	lis	r8, 0xf000
1213	ori	r8, r8,	0x002a
1214	mtspr	SPRN_DBAT1L, r8
1215
1216	lis	r11, 0xf000
1217	ori	r11, r11, (BL_1M << 2) | 2
1218	mtspr	SPRN_DBAT1U, r11
1219
1220	blr
1221#endif
1222
1223#ifdef CONFIG_PPC_EARLY_DEBUG_USBGECKO
1224setup_usbgecko_bat:
1225	/* prepare a BAT for early io */
1226#if defined(CONFIG_GAMECUBE)
1227	lis	r8, 0x0c00
1228#elif defined(CONFIG_WII)
1229	lis	r8, 0x0d00
1230#else
1231#error Invalid platform for USB Gecko based early debugging.
1232#endif
1233	/*
1234	 * The virtual address used must match the virtual address
1235	 * associated to the fixmap entry FIX_EARLY_DEBUG_BASE.
1236	 */
1237	lis	r11, 0xfffe	/* top 128K */
1238	ori	r8, r8, 0x002a	/* uncached, guarded ,rw */
1239	ori	r11, r11, 0x2	/* 128K, Vs=1, Vp=0 */
1240	mtspr	SPRN_DBAT1L, r8
1241	mtspr	SPRN_DBAT1U, r11
1242	blr
1243#endif
1244
1245#ifdef CONFIG_8260
1246/* Jump into the system reset for the rom.
1247 * We first disable the MMU, and then jump to the ROM reset address.
1248 *
1249 * r3 is the board info structure, r4 is the location for starting.
1250 * I use this for building a small kernel that can load other kernels,
1251 * rather than trying to write or rely on a rom monitor that can tftp load.
1252 */
1253       .globl  m8260_gorom
1254m8260_gorom:
1255	mfmsr	r0
1256	rlwinm	r0,r0,0,17,15	/* clear MSR_EE in r0 */
1257	sync
1258	mtmsr	r0
1259	sync
1260	mfspr	r11, SPRN_HID0
1261	lis	r10, 0
1262	ori	r10,r10,HID0_ICE|HID0_DCE
1263	andc	r11, r11, r10
1264	mtspr	SPRN_HID0, r11
1265	isync
1266	li	r5, MSR_ME|MSR_RI
1267	lis	r6,2f@h
1268	addis	r6,r6,-KERNELBASE@h
1269	ori	r6,r6,2f@l
1270	mtspr	SPRN_SRR0,r6
1271	mtspr	SPRN_SRR1,r5
1272	isync
1273	sync
1274	rfi
12752:
1276	mtlr	r4
1277	blr
1278#endif
1279
1280
1281/*
1282 * We put a few things here that have to be page-aligned.
1283 * This stuff goes at the beginning of the data segment,
1284 * which is page-aligned.
1285 */
1286	.data
1287	.globl	sdata
1288sdata:
1289	.globl	empty_zero_page
1290empty_zero_page:
1291	.space	4096
1292
1293	.globl	swapper_pg_dir
1294swapper_pg_dir:
1295	.space	PGD_TABLE_SIZE
1296
1297	.globl intercept_table
1298intercept_table:
1299	.long 0, 0, i0x200, i0x300, i0x400, 0, i0x600, i0x700
1300	.long i0x800, 0, 0, 0, 0, i0xd00, 0, 0
1301	.long 0, 0, 0, i0x1300, 0, 0, 0, 0
1302	.long 0, 0, 0, 0, 0, 0, 0, 0
1303	.long 0, 0, 0, 0, 0, 0, 0, 0
1304	.long 0, 0, 0, 0, 0, 0, 0, 0
1305
1306/* Room for two PTE pointers, usually the kernel and current user pointers
1307 * to their respective root page table.
1308 */
1309abatron_pteptrs:
1310	.space	8
1311