1/* 2 * PowerPC version 3 * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org) 4 * 5 * Rewritten by Cort Dougan (cort@cs.nmt.edu) for PReP 6 * Copyright (C) 1996 Cort Dougan <cort@cs.nmt.edu> 7 * Adapted for Power Macintosh by Paul Mackerras. 8 * Low-level exception handlers and MMU support 9 * rewritten by Paul Mackerras. 10 * Copyright (C) 1996 Paul Mackerras. 11 * MPC8xx modifications Copyright (C) 1997 Dan Malek (dmalek@jlc.net). 12 * Amiga/APUS changes by Jesper Skov (jskov@cygnus.co.uk). 13 * 14 * This file contains the low-level support and setup for the 15 * PowerPC platform, including trap and interrupt dispatch. 16 * (The PPC 8xx embedded CPUs use head_8xx.S instead.) 17 * 18 * This program is free software; you can redistribute it and/or 19 * modify it under the terms of the GNU General Public License 20 * as published by the Free Software Foundation; either version 21 * 2 of the License, or (at your option) any later version. 22 * 23 */ 24 25#include <asm/reg.h> 26#include <asm/page.h> 27#include <asm/mmu.h> 28#include <asm/pgtable.h> 29#include <asm/cputable.h> 30#include <asm/cache.h> 31#include <asm/thread_info.h> 32#include <asm/ppc_asm.h> 33#include <asm/asm-offsets.h> 34 35#ifdef CONFIG_APUS 36#include <asm/amigappc.h> 37#endif 38 39/* 601 only have IBAT; cr0.eq is set on 601 when using this macro */ 40#define LOAD_BAT(n, reg, RA, RB) \ 41 /* see the comment for clear_bats() -- Cort */ \ 42 li RA,0; \ 43 mtspr SPRN_IBAT##n##U,RA; \ 44 mtspr SPRN_DBAT##n##U,RA; \ 45 lwz RA,(n*16)+0(reg); \ 46 lwz RB,(n*16)+4(reg); \ 47 mtspr SPRN_IBAT##n##U,RA; \ 48 mtspr SPRN_IBAT##n##L,RB; \ 49 beq 1f; \ 50 lwz RA,(n*16)+8(reg); \ 51 lwz RB,(n*16)+12(reg); \ 52 mtspr SPRN_DBAT##n##U,RA; \ 53 mtspr SPRN_DBAT##n##L,RB; \ 541: 55 56 .text 57 .stabs "arch/powerpc/kernel/",N_SO,0,0,0f 58 .stabs "head_32.S",N_SO,0,0,0f 590: 60 .globl _stext 61_stext: 62 63/* 64 * _start is defined this way because the XCOFF loader in the OpenFirmware 65 * on the powermac expects the entry point to be a procedure descriptor. 66 */ 67 .text 68 .globl _start 69_start: 70 /* 71 * These are here for legacy reasons, the kernel used to 72 * need to look like a coff function entry for the pmac 73 * but we're always started by some kind of bootloader now. 74 * -- Cort 75 */ 76 nop /* used by __secondary_hold on prep (mtx) and chrp smp */ 77 nop /* used by __secondary_hold on prep (mtx) and chrp smp */ 78 nop 79 80/* PMAC 81 * Enter here with the kernel text, data and bss loaded starting at 82 * 0, running with virtual == physical mapping. 83 * r5 points to the prom entry point (the client interface handler 84 * address). Address translation is turned on, with the prom 85 * managing the hash table. Interrupts are disabled. The stack 86 * pointer (r1) points to just below the end of the half-meg region 87 * from 0x380000 - 0x400000, which is mapped in already. 88 * 89 * If we are booted from MacOS via BootX, we enter with the kernel 90 * image loaded somewhere, and the following values in registers: 91 * r3: 'BooX' (0x426f6f58) 92 * r4: virtual address of boot_infos_t 93 * r5: 0 94 * 95 * APUS 96 * r3: 'APUS' 97 * r4: physical address of memory base 98 * Linux/m68k style BootInfo structure at &_end. 99 * 100 * PREP 101 * This is jumped to on prep systems right after the kernel is relocated 102 * to its proper place in memory by the boot loader. The expected layout 103 * of the regs is: 104 * r3: ptr to residual data 105 * r4: initrd_start or if no initrd then 0 106 * r5: initrd_end - unused if r4 is 0 107 * r6: Start of command line string 108 * r7: End of command line string 109 * 110 * This just gets a minimal mmu environment setup so we can call 111 * start_here() to do the real work. 112 * -- Cort 113 */ 114 115 .globl __start 116__start: 117/* 118 * We have to do any OF calls before we map ourselves to KERNELBASE, 119 * because OF may have I/O devices mapped into that area 120 * (particularly on CHRP). 121 */ 122#ifdef CONFIG_PPC_MULTIPLATFORM 123 cmpwi 0,r5,0 124 beq 1f 125 bl prom_init 126 trap 127#endif 128 129/* 130 * Check for BootX signature when supporting PowerMac and branch to 131 * appropriate trampoline if it's present 132 */ 133#ifdef CONFIG_PPC_PMAC 1341: lis r31,0x426f 135 ori r31,r31,0x6f58 136 cmpw 0,r3,r31 137 bne 1f 138 bl bootx_init 139 trap 140#endif /* CONFIG_PPC_PMAC */ 141 1421: mr r31,r3 /* save parameters */ 143 mr r30,r4 144 li r24,0 /* cpu # */ 145 146/* 147 * early_init() does the early machine identification and does 148 * the necessary low-level setup and clears the BSS 149 * -- Cort <cort@fsmlabs.com> 150 */ 151 bl early_init 152 153#ifdef CONFIG_APUS 154/* On APUS the __va/__pa constants need to be set to the correct 155 * values before continuing. 156 */ 157 mr r4,r30 158 bl fix_mem_constants 159#endif /* CONFIG_APUS */ 160 161/* Switch MMU off, clear BATs and flush TLB. At this point, r3 contains 162 * the physical address we are running at, returned by early_init() 163 */ 164 bl mmu_off 165__after_mmu_off: 166 bl clear_bats 167 bl flush_tlbs 168 169 bl initial_bats 170#if !defined(CONFIG_APUS) && defined(CONFIG_BOOTX_TEXT) 171 bl setup_disp_bat 172#endif 173 174/* 175 * Call setup_cpu for CPU 0 and initialize 6xx Idle 176 */ 177 bl reloc_offset 178 li r24,0 /* cpu# */ 179 bl call_setup_cpu /* Call setup_cpu for this CPU */ 180#ifdef CONFIG_6xx 181 bl reloc_offset 182 bl init_idle_6xx 183#endif /* CONFIG_6xx */ 184 185 186#ifndef CONFIG_APUS 187/* 188 * We need to run with _start at physical address 0. 189 * On CHRP, we are loaded at 0x10000 since OF on CHRP uses 190 * the exception vectors at 0 (and therefore this copy 191 * overwrites OF's exception vectors with our own). 192 * The MMU is off at this point. 193 */ 194 bl reloc_offset 195 mr r26,r3 196 addis r4,r3,KERNELBASE@h /* current address of _start */ 197 cmpwi 0,r4,0 /* are we already running at 0? */ 198 bne relocate_kernel 199#endif /* CONFIG_APUS */ 200/* 201 * we now have the 1st 16M of ram mapped with the bats. 202 * prep needs the mmu to be turned on here, but pmac already has it on. 203 * this shouldn't bother the pmac since it just gets turned on again 204 * as we jump to our code at KERNELBASE. -- Cort 205 * Actually no, pmac doesn't have it on any more. BootX enters with MMU 206 * off, and in other cases, we now turn it off before changing BATs above. 207 */ 208turn_on_mmu: 209 mfmsr r0 210 ori r0,r0,MSR_DR|MSR_IR 211 mtspr SPRN_SRR1,r0 212 lis r0,start_here@h 213 ori r0,r0,start_here@l 214 mtspr SPRN_SRR0,r0 215 SYNC 216 RFI /* enables MMU */ 217 218/* 219 * We need __secondary_hold as a place to hold the other cpus on 220 * an SMP machine, even when we are running a UP kernel. 221 */ 222 . = 0xc0 /* for prep bootloader */ 223 li r3,1 /* MTX only has 1 cpu */ 224 .globl __secondary_hold 225__secondary_hold: 226 /* tell the master we're here */ 227 stw r3,__secondary_hold_acknowledge@l(0) 228#ifdef CONFIG_SMP 229100: lwz r4,0(0) 230 /* wait until we're told to start */ 231 cmpw 0,r4,r3 232 bne 100b 233 /* our cpu # was at addr 0 - go */ 234 mr r24,r3 /* cpu # */ 235 b __secondary_start 236#else 237 b . 238#endif /* CONFIG_SMP */ 239 240 .globl __secondary_hold_spinloop 241__secondary_hold_spinloop: 242 .long 0 243 .globl __secondary_hold_acknowledge 244__secondary_hold_acknowledge: 245 .long -1 246 247/* 248 * Exception entry code. This code runs with address translation 249 * turned off, i.e. using physical addresses. 250 * We assume sprg3 has the physical address of the current 251 * task's thread_struct. 252 */ 253#define EXCEPTION_PROLOG \ 254 mtspr SPRN_SPRG0,r10; \ 255 mtspr SPRN_SPRG1,r11; \ 256 mfcr r10; \ 257 EXCEPTION_PROLOG_1; \ 258 EXCEPTION_PROLOG_2 259 260#define EXCEPTION_PROLOG_1 \ 261 mfspr r11,SPRN_SRR1; /* check whether user or kernel */ \ 262 andi. r11,r11,MSR_PR; \ 263 tophys(r11,r1); /* use tophys(r1) if kernel */ \ 264 beq 1f; \ 265 mfspr r11,SPRN_SPRG3; \ 266 lwz r11,THREAD_INFO-THREAD(r11); \ 267 addi r11,r11,THREAD_SIZE; \ 268 tophys(r11,r11); \ 2691: subi r11,r11,INT_FRAME_SIZE /* alloc exc. frame */ 270 271 272#define EXCEPTION_PROLOG_2 \ 273 CLR_TOP32(r11); \ 274 stw r10,_CCR(r11); /* save registers */ \ 275 stw r12,GPR12(r11); \ 276 stw r9,GPR9(r11); \ 277 mfspr r10,SPRN_SPRG0; \ 278 stw r10,GPR10(r11); \ 279 mfspr r12,SPRN_SPRG1; \ 280 stw r12,GPR11(r11); \ 281 mflr r10; \ 282 stw r10,_LINK(r11); \ 283 mfspr r12,SPRN_SRR0; \ 284 mfspr r9,SPRN_SRR1; \ 285 stw r1,GPR1(r11); \ 286 stw r1,0(r11); \ 287 tovirt(r1,r11); /* set new kernel sp */ \ 288 li r10,MSR_KERNEL & ~(MSR_IR|MSR_DR); /* can take exceptions */ \ 289 MTMSRD(r10); /* (except for mach check in rtas) */ \ 290 stw r0,GPR0(r11); \ 291 lis r10,0x7265; /* put exception frame marker */ \ 292 addi r10,r10,0x6773; \ 293 stw r10,8(r11); \ 294 SAVE_4GPRS(3, r11); \ 295 SAVE_2GPRS(7, r11) 296 297/* 298 * Note: code which follows this uses cr0.eq (set if from kernel), 299 * r11, r12 (SRR0), and r9 (SRR1). 300 * 301 * Note2: once we have set r1 we are in a position to take exceptions 302 * again, and we could thus set MSR:RI at that point. 303 */ 304 305/* 306 * Exception vectors. 307 */ 308#define EXCEPTION(n, label, hdlr, xfer) \ 309 . = n; \ 310label: \ 311 EXCEPTION_PROLOG; \ 312 addi r3,r1,STACK_FRAME_OVERHEAD; \ 313 xfer(n, hdlr) 314 315#define EXC_XFER_TEMPLATE(n, hdlr, trap, copyee, tfer, ret) \ 316 li r10,trap; \ 317 stw r10,_TRAP(r11); \ 318 li r10,MSR_KERNEL; \ 319 copyee(r10, r9); \ 320 bl tfer; \ 321i##n: \ 322 .long hdlr; \ 323 .long ret 324 325#define COPY_EE(d, s) rlwimi d,s,0,16,16 326#define NOCOPY(d, s) 327 328#define EXC_XFER_STD(n, hdlr) \ 329 EXC_XFER_TEMPLATE(n, hdlr, n, NOCOPY, transfer_to_handler_full, \ 330 ret_from_except_full) 331 332#define EXC_XFER_LITE(n, hdlr) \ 333 EXC_XFER_TEMPLATE(n, hdlr, n+1, NOCOPY, transfer_to_handler, \ 334 ret_from_except) 335 336#define EXC_XFER_EE(n, hdlr) \ 337 EXC_XFER_TEMPLATE(n, hdlr, n, COPY_EE, transfer_to_handler_full, \ 338 ret_from_except_full) 339 340#define EXC_XFER_EE_LITE(n, hdlr) \ 341 EXC_XFER_TEMPLATE(n, hdlr, n+1, COPY_EE, transfer_to_handler, \ 342 ret_from_except) 343 344/* System reset */ 345/* core99 pmac starts the seconary here by changing the vector, and 346 putting it back to what it was (unknown_exception) when done. */ 347 EXCEPTION(0x100, Reset, unknown_exception, EXC_XFER_STD) 348 349/* Machine check */ 350/* 351 * On CHRP, this is complicated by the fact that we could get a 352 * machine check inside RTAS, and we have no guarantee that certain 353 * critical registers will have the values we expect. The set of 354 * registers that might have bad values includes all the GPRs 355 * and all the BATs. We indicate that we are in RTAS by putting 356 * a non-zero value, the address of the exception frame to use, 357 * in SPRG2. The machine check handler checks SPRG2 and uses its 358 * value if it is non-zero. If we ever needed to free up SPRG2, 359 * we could use a field in the thread_info or thread_struct instead. 360 * (Other exception handlers assume that r1 is a valid kernel stack 361 * pointer when we take an exception from supervisor mode.) 362 * -- paulus. 363 */ 364 . = 0x200 365 mtspr SPRN_SPRG0,r10 366 mtspr SPRN_SPRG1,r11 367 mfcr r10 368#ifdef CONFIG_PPC_CHRP 369 mfspr r11,SPRN_SPRG2 370 cmpwi 0,r11,0 371 bne 7f 372#endif /* CONFIG_PPC_CHRP */ 373 EXCEPTION_PROLOG_1 3747: EXCEPTION_PROLOG_2 375 addi r3,r1,STACK_FRAME_OVERHEAD 376#ifdef CONFIG_PPC_CHRP 377 mfspr r4,SPRN_SPRG2 378 cmpwi cr1,r4,0 379 bne cr1,1f 380#endif 381 EXC_XFER_STD(0x200, machine_check_exception) 382#ifdef CONFIG_PPC_CHRP 3831: b machine_check_in_rtas 384#endif 385 386/* Data access exception. */ 387 . = 0x300 388DataAccess: 389 EXCEPTION_PROLOG 390 mfspr r10,SPRN_DSISR 391 andis. r0,r10,0xa470 /* weird error? */ 392 bne 1f /* if not, try to put a PTE */ 393 mfspr r4,SPRN_DAR /* into the hash table */ 394 rlwinm r3,r10,32-15,21,21 /* DSISR_STORE -> _PAGE_RW */ 395 bl hash_page 3961: stw r10,_DSISR(r11) 397 mr r5,r10 398 mfspr r4,SPRN_DAR 399 EXC_XFER_EE_LITE(0x300, handle_page_fault) 400 401 402/* Instruction access exception. */ 403 . = 0x400 404InstructionAccess: 405 EXCEPTION_PROLOG 406 andis. r0,r9,0x4000 /* no pte found? */ 407 beq 1f /* if so, try to put a PTE */ 408 li r3,0 /* into the hash table */ 409 mr r4,r12 /* SRR0 is fault address */ 410 bl hash_page 4111: mr r4,r12 412 mr r5,r9 413 EXC_XFER_EE_LITE(0x400, handle_page_fault) 414 415/* External interrupt */ 416 EXCEPTION(0x500, HardwareInterrupt, do_IRQ, EXC_XFER_LITE) 417 418/* Alignment exception */ 419 . = 0x600 420Alignment: 421 EXCEPTION_PROLOG 422 mfspr r4,SPRN_DAR 423 stw r4,_DAR(r11) 424 mfspr r5,SPRN_DSISR 425 stw r5,_DSISR(r11) 426 addi r3,r1,STACK_FRAME_OVERHEAD 427 EXC_XFER_EE(0x600, alignment_exception) 428 429/* Program check exception */ 430 EXCEPTION(0x700, ProgramCheck, program_check_exception, EXC_XFER_STD) 431 432/* Floating-point unavailable */ 433 . = 0x800 434FPUnavailable: 435BEGIN_FTR_SECTION 436/* 437 * Certain Freescale cores don't have a FPU and treat fp instructions 438 * as a FP Unavailable exception. Redirect to illegal/emulation handling. 439 */ 440 b ProgramCheck 441END_FTR_SECTION_IFSET(CPU_FTR_FPU_UNAVAILABLE) 442 EXCEPTION_PROLOG 443 bne load_up_fpu /* if from user, just load it up */ 444 addi r3,r1,STACK_FRAME_OVERHEAD 445 EXC_XFER_EE_LITE(0x800, kernel_fp_unavailable_exception) 446 447/* Decrementer */ 448 EXCEPTION(0x900, Decrementer, timer_interrupt, EXC_XFER_LITE) 449 450 EXCEPTION(0xa00, Trap_0a, unknown_exception, EXC_XFER_EE) 451 EXCEPTION(0xb00, Trap_0b, unknown_exception, EXC_XFER_EE) 452 453/* System call */ 454 . = 0xc00 455SystemCall: 456 EXCEPTION_PROLOG 457 EXC_XFER_EE_LITE(0xc00, DoSyscall) 458 459/* Single step - not used on 601 */ 460 EXCEPTION(0xd00, SingleStep, single_step_exception, EXC_XFER_STD) 461 EXCEPTION(0xe00, Trap_0e, unknown_exception, EXC_XFER_EE) 462 463/* 464 * The Altivec unavailable trap is at 0x0f20. Foo. 465 * We effectively remap it to 0x3000. 466 * We include an altivec unavailable exception vector even if 467 * not configured for Altivec, so that you can't panic a 468 * non-altivec kernel running on a machine with altivec just 469 * by executing an altivec instruction. 470 */ 471 . = 0xf00 472 b PerformanceMonitor 473 474 . = 0xf20 475 b AltiVecUnavailable 476 477/* 478 * Handle TLB miss for instruction on 603/603e. 479 * Note: we get an alternate set of r0 - r3 to use automatically. 480 */ 481 . = 0x1000 482InstructionTLBMiss: 483/* 484 * r0: stored ctr 485 * r1: linux style pte ( later becomes ppc hardware pte ) 486 * r2: ptr to linux-style pte 487 * r3: scratch 488 */ 489 mfctr r0 490 /* Get PTE (linux-style) and check access */ 491 mfspr r3,SPRN_IMISS 492 lis r1,KERNELBASE@h /* check if kernel address */ 493 cmplw 0,r3,r1 494 mfspr r2,SPRN_SPRG3 495 li r1,_PAGE_USER|_PAGE_PRESENT /* low addresses tested as user */ 496 lwz r2,PGDIR(r2) 497 blt+ 112f 498 lis r2,swapper_pg_dir@ha /* if kernel address, use */ 499 addi r2,r2,swapper_pg_dir@l /* kernel page table */ 500 mfspr r1,SPRN_SRR1 /* and MSR_PR bit from SRR1 */ 501 rlwinm r1,r1,32-12,29,29 /* shift MSR_PR to _PAGE_USER posn */ 502112: tophys(r2,r2) 503 rlwimi r2,r3,12,20,29 /* insert top 10 bits of address */ 504 lwz r2,0(r2) /* get pmd entry */ 505 rlwinm. r2,r2,0,0,19 /* extract address of pte page */ 506 beq- InstructionAddressInvalid /* return if no mapping */ 507 rlwimi r2,r3,22,20,29 /* insert next 10 bits of address */ 508 lwz r3,0(r2) /* get linux-style pte */ 509 andc. r1,r1,r3 /* check access & ~permission */ 510 bne- InstructionAddressInvalid /* return if access not permitted */ 511 ori r3,r3,_PAGE_ACCESSED /* set _PAGE_ACCESSED in pte */ 512 /* 513 * NOTE! We are assuming this is not an SMP system, otherwise 514 * we would need to update the pte atomically with lwarx/stwcx. 515 */ 516 stw r3,0(r2) /* update PTE (accessed bit) */ 517 /* Convert linux-style PTE to low word of PPC-style PTE */ 518 rlwinm r1,r3,32-10,31,31 /* _PAGE_RW -> PP lsb */ 519 rlwinm r2,r3,32-7,31,31 /* _PAGE_DIRTY -> PP lsb */ 520 and r1,r1,r2 /* writable if _RW and _DIRTY */ 521 rlwimi r3,r3,32-1,30,30 /* _PAGE_USER -> PP msb */ 522 rlwimi r3,r3,32-1,31,31 /* _PAGE_USER -> PP lsb */ 523 ori r1,r1,0xe14 /* clear out reserved bits and M */ 524 andc r1,r3,r1 /* PP = user? (rw&dirty? 2: 3): 0 */ 525 mtspr SPRN_RPA,r1 526 mfspr r3,SPRN_IMISS 527 tlbli r3 528 mfspr r3,SPRN_SRR1 /* Need to restore CR0 */ 529 mtcrf 0x80,r3 530 rfi 531InstructionAddressInvalid: 532 mfspr r3,SPRN_SRR1 533 rlwinm r1,r3,9,6,6 /* Get load/store bit */ 534 535 addis r1,r1,0x2000 536 mtspr SPRN_DSISR,r1 /* (shouldn't be needed) */ 537 mtctr r0 /* Restore CTR */ 538 andi. r2,r3,0xFFFF /* Clear upper bits of SRR1 */ 539 or r2,r2,r1 540 mtspr SPRN_SRR1,r2 541 mfspr r1,SPRN_IMISS /* Get failing address */ 542 rlwinm. r2,r2,0,31,31 /* Check for little endian access */ 543 rlwimi r2,r2,1,30,30 /* change 1 -> 3 */ 544 xor r1,r1,r2 545 mtspr SPRN_DAR,r1 /* Set fault address */ 546 mfmsr r0 /* Restore "normal" registers */ 547 xoris r0,r0,MSR_TGPR>>16 548 mtcrf 0x80,r3 /* Restore CR0 */ 549 mtmsr r0 550 b InstructionAccess 551 552/* 553 * Handle TLB miss for DATA Load operation on 603/603e 554 */ 555 . = 0x1100 556DataLoadTLBMiss: 557/* 558 * r0: stored ctr 559 * r1: linux style pte ( later becomes ppc hardware pte ) 560 * r2: ptr to linux-style pte 561 * r3: scratch 562 */ 563 mfctr r0 564 /* Get PTE (linux-style) and check access */ 565 mfspr r3,SPRN_DMISS 566 lis r1,KERNELBASE@h /* check if kernel address */ 567 cmplw 0,r3,r1 568 mfspr r2,SPRN_SPRG3 569 li r1,_PAGE_USER|_PAGE_PRESENT /* low addresses tested as user */ 570 lwz r2,PGDIR(r2) 571 blt+ 112f 572 lis r2,swapper_pg_dir@ha /* if kernel address, use */ 573 addi r2,r2,swapper_pg_dir@l /* kernel page table */ 574 mfspr r1,SPRN_SRR1 /* and MSR_PR bit from SRR1 */ 575 rlwinm r1,r1,32-12,29,29 /* shift MSR_PR to _PAGE_USER posn */ 576112: tophys(r2,r2) 577 rlwimi r2,r3,12,20,29 /* insert top 10 bits of address */ 578 lwz r2,0(r2) /* get pmd entry */ 579 rlwinm. r2,r2,0,0,19 /* extract address of pte page */ 580 beq- DataAddressInvalid /* return if no mapping */ 581 rlwimi r2,r3,22,20,29 /* insert next 10 bits of address */ 582 lwz r3,0(r2) /* get linux-style pte */ 583 andc. r1,r1,r3 /* check access & ~permission */ 584 bne- DataAddressInvalid /* return if access not permitted */ 585 ori r3,r3,_PAGE_ACCESSED /* set _PAGE_ACCESSED in pte */ 586 /* 587 * NOTE! We are assuming this is not an SMP system, otherwise 588 * we would need to update the pte atomically with lwarx/stwcx. 589 */ 590 stw r3,0(r2) /* update PTE (accessed bit) */ 591 /* Convert linux-style PTE to low word of PPC-style PTE */ 592 rlwinm r1,r3,32-10,31,31 /* _PAGE_RW -> PP lsb */ 593 rlwinm r2,r3,32-7,31,31 /* _PAGE_DIRTY -> PP lsb */ 594 and r1,r1,r2 /* writable if _RW and _DIRTY */ 595 rlwimi r3,r3,32-1,30,30 /* _PAGE_USER -> PP msb */ 596 rlwimi r3,r3,32-1,31,31 /* _PAGE_USER -> PP lsb */ 597 ori r1,r1,0xe14 /* clear out reserved bits and M */ 598 andc r1,r3,r1 /* PP = user? (rw&dirty? 2: 3): 0 */ 599 mtspr SPRN_RPA,r1 600 mfspr r3,SPRN_DMISS 601 tlbld r3 602 mfspr r3,SPRN_SRR1 /* Need to restore CR0 */ 603 mtcrf 0x80,r3 604 rfi 605DataAddressInvalid: 606 mfspr r3,SPRN_SRR1 607 rlwinm r1,r3,9,6,6 /* Get load/store bit */ 608 addis r1,r1,0x2000 609 mtspr SPRN_DSISR,r1 610 mtctr r0 /* Restore CTR */ 611 andi. r2,r3,0xFFFF /* Clear upper bits of SRR1 */ 612 mtspr SPRN_SRR1,r2 613 mfspr r1,SPRN_DMISS /* Get failing address */ 614 rlwinm. r2,r2,0,31,31 /* Check for little endian access */ 615 beq 20f /* Jump if big endian */ 616 xori r1,r1,3 61720: mtspr SPRN_DAR,r1 /* Set fault address */ 618 mfmsr r0 /* Restore "normal" registers */ 619 xoris r0,r0,MSR_TGPR>>16 620 mtcrf 0x80,r3 /* Restore CR0 */ 621 mtmsr r0 622 b DataAccess 623 624/* 625 * Handle TLB miss for DATA Store on 603/603e 626 */ 627 . = 0x1200 628DataStoreTLBMiss: 629/* 630 * r0: stored ctr 631 * r1: linux style pte ( later becomes ppc hardware pte ) 632 * r2: ptr to linux-style pte 633 * r3: scratch 634 */ 635 mfctr r0 636 /* Get PTE (linux-style) and check access */ 637 mfspr r3,SPRN_DMISS 638 lis r1,KERNELBASE@h /* check if kernel address */ 639 cmplw 0,r3,r1 640 mfspr r2,SPRN_SPRG3 641 li r1,_PAGE_RW|_PAGE_USER|_PAGE_PRESENT /* access flags */ 642 lwz r2,PGDIR(r2) 643 blt+ 112f 644 lis r2,swapper_pg_dir@ha /* if kernel address, use */ 645 addi r2,r2,swapper_pg_dir@l /* kernel page table */ 646 mfspr r1,SPRN_SRR1 /* and MSR_PR bit from SRR1 */ 647 rlwinm r1,r1,32-12,29,29 /* shift MSR_PR to _PAGE_USER posn */ 648112: tophys(r2,r2) 649 rlwimi r2,r3,12,20,29 /* insert top 10 bits of address */ 650 lwz r2,0(r2) /* get pmd entry */ 651 rlwinm. r2,r2,0,0,19 /* extract address of pte page */ 652 beq- DataAddressInvalid /* return if no mapping */ 653 rlwimi r2,r3,22,20,29 /* insert next 10 bits of address */ 654 lwz r3,0(r2) /* get linux-style pte */ 655 andc. r1,r1,r3 /* check access & ~permission */ 656 bne- DataAddressInvalid /* return if access not permitted */ 657 ori r3,r3,_PAGE_ACCESSED|_PAGE_DIRTY 658 /* 659 * NOTE! We are assuming this is not an SMP system, otherwise 660 * we would need to update the pte atomically with lwarx/stwcx. 661 */ 662 stw r3,0(r2) /* update PTE (accessed/dirty bits) */ 663 /* Convert linux-style PTE to low word of PPC-style PTE */ 664 rlwimi r3,r3,32-1,30,30 /* _PAGE_USER -> PP msb */ 665 li r1,0xe15 /* clear out reserved bits and M */ 666 andc r1,r3,r1 /* PP = user? 2: 0 */ 667 mtspr SPRN_RPA,r1 668 mfspr r3,SPRN_DMISS 669 tlbld r3 670 mfspr r3,SPRN_SRR1 /* Need to restore CR0 */ 671 mtcrf 0x80,r3 672 rfi 673 674#ifndef CONFIG_ALTIVEC 675#define altivec_assist_exception unknown_exception 676#endif 677 678 EXCEPTION(0x1300, Trap_13, instruction_breakpoint_exception, EXC_XFER_EE) 679 EXCEPTION(0x1400, SMI, SMIException, EXC_XFER_EE) 680 EXCEPTION(0x1500, Trap_15, unknown_exception, EXC_XFER_EE) 681 EXCEPTION(0x1600, Trap_16, altivec_assist_exception, EXC_XFER_EE) 682 EXCEPTION(0x1700, Trap_17, TAUException, EXC_XFER_STD) 683 EXCEPTION(0x1800, Trap_18, unknown_exception, EXC_XFER_EE) 684 EXCEPTION(0x1900, Trap_19, unknown_exception, EXC_XFER_EE) 685 EXCEPTION(0x1a00, Trap_1a, unknown_exception, EXC_XFER_EE) 686 EXCEPTION(0x1b00, Trap_1b, unknown_exception, EXC_XFER_EE) 687 EXCEPTION(0x1c00, Trap_1c, unknown_exception, EXC_XFER_EE) 688 EXCEPTION(0x1d00, Trap_1d, unknown_exception, EXC_XFER_EE) 689 EXCEPTION(0x1e00, Trap_1e, unknown_exception, EXC_XFER_EE) 690 EXCEPTION(0x1f00, Trap_1f, unknown_exception, EXC_XFER_EE) 691 EXCEPTION(0x2000, RunMode, RunModeException, EXC_XFER_EE) 692 EXCEPTION(0x2100, Trap_21, unknown_exception, EXC_XFER_EE) 693 EXCEPTION(0x2200, Trap_22, unknown_exception, EXC_XFER_EE) 694 EXCEPTION(0x2300, Trap_23, unknown_exception, EXC_XFER_EE) 695 EXCEPTION(0x2400, Trap_24, unknown_exception, EXC_XFER_EE) 696 EXCEPTION(0x2500, Trap_25, unknown_exception, EXC_XFER_EE) 697 EXCEPTION(0x2600, Trap_26, unknown_exception, EXC_XFER_EE) 698 EXCEPTION(0x2700, Trap_27, unknown_exception, EXC_XFER_EE) 699 EXCEPTION(0x2800, Trap_28, unknown_exception, EXC_XFER_EE) 700 EXCEPTION(0x2900, Trap_29, unknown_exception, EXC_XFER_EE) 701 EXCEPTION(0x2a00, Trap_2a, unknown_exception, EXC_XFER_EE) 702 EXCEPTION(0x2b00, Trap_2b, unknown_exception, EXC_XFER_EE) 703 EXCEPTION(0x2c00, Trap_2c, unknown_exception, EXC_XFER_EE) 704 EXCEPTION(0x2d00, Trap_2d, unknown_exception, EXC_XFER_EE) 705 EXCEPTION(0x2e00, Trap_2e, unknown_exception, EXC_XFER_EE) 706 EXCEPTION(0x2f00, MOLTrampoline, unknown_exception, EXC_XFER_EE_LITE) 707 708 .globl mol_trampoline 709 .set mol_trampoline, i0x2f00 710 711 . = 0x3000 712 713AltiVecUnavailable: 714 EXCEPTION_PROLOG 715#ifdef CONFIG_ALTIVEC 716 bne load_up_altivec /* if from user, just load it up */ 717#endif /* CONFIG_ALTIVEC */ 718 addi r3,r1,STACK_FRAME_OVERHEAD 719 EXC_XFER_EE_LITE(0xf20, altivec_unavailable_exception) 720 721PerformanceMonitor: 722 EXCEPTION_PROLOG 723 addi r3,r1,STACK_FRAME_OVERHEAD 724 EXC_XFER_STD(0xf00, performance_monitor_exception) 725 726#ifdef CONFIG_ALTIVEC 727/* Note that the AltiVec support is closely modeled after the FP 728 * support. Changes to one are likely to be applicable to the 729 * other! */ 730load_up_altivec: 731/* 732 * Disable AltiVec for the task which had AltiVec previously, 733 * and save its AltiVec registers in its thread_struct. 734 * Enables AltiVec for use in the kernel on return. 735 * On SMP we know the AltiVec units are free, since we give it up every 736 * switch. -- Kumar 737 */ 738 mfmsr r5 739 oris r5,r5,MSR_VEC@h 740 MTMSRD(r5) /* enable use of AltiVec now */ 741 isync 742/* 743 * For SMP, we don't do lazy AltiVec switching because it just gets too 744 * horrendously complex, especially when a task switches from one CPU 745 * to another. Instead we call giveup_altivec in switch_to. 746 */ 747#ifndef CONFIG_SMP 748 tophys(r6,0) 749 addis r3,r6,last_task_used_altivec@ha 750 lwz r4,last_task_used_altivec@l(r3) 751 cmpwi 0,r4,0 752 beq 1f 753 add r4,r4,r6 754 addi r4,r4,THREAD /* want THREAD of last_task_used_altivec */ 755 SAVE_32VRS(0,r10,r4) 756 mfvscr vr0 757 li r10,THREAD_VSCR 758 stvx vr0,r10,r4 759 lwz r5,PT_REGS(r4) 760 add r5,r5,r6 761 lwz r4,_MSR-STACK_FRAME_OVERHEAD(r5) 762 lis r10,MSR_VEC@h 763 andc r4,r4,r10 /* disable altivec for previous task */ 764 stw r4,_MSR-STACK_FRAME_OVERHEAD(r5) 7651: 766#endif /* CONFIG_SMP */ 767 /* enable use of AltiVec after return */ 768 oris r9,r9,MSR_VEC@h 769 mfspr r5,SPRN_SPRG3 /* current task's THREAD (phys) */ 770 li r4,1 771 li r10,THREAD_VSCR 772 stw r4,THREAD_USED_VR(r5) 773 lvx vr0,r10,r5 774 mtvscr vr0 775 REST_32VRS(0,r10,r5) 776#ifndef CONFIG_SMP 777 subi r4,r5,THREAD 778 sub r4,r4,r6 779 stw r4,last_task_used_altivec@l(r3) 780#endif /* CONFIG_SMP */ 781 /* restore registers and return */ 782 /* we haven't used ctr or xer or lr */ 783 b fast_exception_return 784 785/* 786 * AltiVec unavailable trap from kernel - print a message, but let 787 * the task use AltiVec in the kernel until it returns to user mode. 788 */ 789KernelAltiVec: 790 lwz r3,_MSR(r1) 791 oris r3,r3,MSR_VEC@h 792 stw r3,_MSR(r1) /* enable use of AltiVec after return */ 793 lis r3,87f@h 794 ori r3,r3,87f@l 795 mr r4,r2 /* current */ 796 lwz r5,_NIP(r1) 797 bl printk 798 b ret_from_except 79987: .string "AltiVec used in kernel (task=%p, pc=%x) \n" 800 .align 4,0 801 802/* 803 * giveup_altivec(tsk) 804 * Disable AltiVec for the task given as the argument, 805 * and save the AltiVec registers in its thread_struct. 806 * Enables AltiVec for use in the kernel on return. 807 */ 808 809 .globl giveup_altivec 810giveup_altivec: 811 mfmsr r5 812 oris r5,r5,MSR_VEC@h 813 SYNC 814 MTMSRD(r5) /* enable use of AltiVec now */ 815 isync 816 cmpwi 0,r3,0 817 beqlr- /* if no previous owner, done */ 818 addi r3,r3,THREAD /* want THREAD of task */ 819 lwz r5,PT_REGS(r3) 820 cmpwi 0,r5,0 821 SAVE_32VRS(0, r4, r3) 822 mfvscr vr0 823 li r4,THREAD_VSCR 824 stvx vr0,r4,r3 825 beq 1f 826 lwz r4,_MSR-STACK_FRAME_OVERHEAD(r5) 827 lis r3,MSR_VEC@h 828 andc r4,r4,r3 /* disable AltiVec for previous task */ 829 stw r4,_MSR-STACK_FRAME_OVERHEAD(r5) 8301: 831#ifndef CONFIG_SMP 832 li r5,0 833 lis r4,last_task_used_altivec@ha 834 stw r5,last_task_used_altivec@l(r4) 835#endif /* CONFIG_SMP */ 836 blr 837#endif /* CONFIG_ALTIVEC */ 838 839/* 840 * This code is jumped to from the startup code to copy 841 * the kernel image to physical address 0. 842 */ 843relocate_kernel: 844 addis r9,r26,klimit@ha /* fetch klimit */ 845 lwz r25,klimit@l(r9) 846 addis r25,r25,-KERNELBASE@h 847 li r3,0 /* Destination base address */ 848 li r6,0 /* Destination offset */ 849 li r5,0x4000 /* # bytes of memory to copy */ 850 bl copy_and_flush /* copy the first 0x4000 bytes */ 851 addi r0,r3,4f@l /* jump to the address of 4f */ 852 mtctr r0 /* in copy and do the rest. */ 853 bctr /* jump to the copy */ 8544: mr r5,r25 855 bl copy_and_flush /* copy the rest */ 856 b turn_on_mmu 857 858/* 859 * Copy routine used to copy the kernel to start at physical address 0 860 * and flush and invalidate the caches as needed. 861 * r3 = dest addr, r4 = source addr, r5 = copy limit, r6 = start offset 862 * on exit, r3, r4, r5 are unchanged, r6 is updated to be >= r5. 863 */ 864_GLOBAL(copy_and_flush) 865 addi r5,r5,-4 866 addi r6,r6,-4 8674: li r0,L1_CACHE_BYTES/4 868 mtctr r0 8693: addi r6,r6,4 /* copy a cache line */ 870 lwzx r0,r6,r4 871 stwx r0,r6,r3 872 bdnz 3b 873 dcbst r6,r3 /* write it to memory */ 874 sync 875 icbi r6,r3 /* flush the icache line */ 876 cmplw 0,r6,r5 877 blt 4b 878 sync /* additional sync needed on g4 */ 879 isync 880 addi r5,r5,4 881 addi r6,r6,4 882 blr 883 884#ifdef CONFIG_APUS 885/* 886 * On APUS the physical base address of the kernel is not known at compile 887 * time, which means the __pa/__va constants used are incorrect. In the 888 * __init section is recorded the virtual addresses of instructions using 889 * these constants, so all that has to be done is fix these before 890 * continuing the kernel boot. 891 * 892 * r4 = The physical address of the kernel base. 893 */ 894fix_mem_constants: 895 mr r10,r4 896 addis r10,r10,-KERNELBASE@h /* virt_to_phys constant */ 897 neg r11,r10 /* phys_to_virt constant */ 898 899 lis r12,__vtop_table_begin@h 900 ori r12,r12,__vtop_table_begin@l 901 add r12,r12,r10 /* table begin phys address */ 902 lis r13,__vtop_table_end@h 903 ori r13,r13,__vtop_table_end@l 904 add r13,r13,r10 /* table end phys address */ 905 subi r12,r12,4 906 subi r13,r13,4 9071: lwzu r14,4(r12) /* virt address of instruction */ 908 add r14,r14,r10 /* phys address of instruction */ 909 lwz r15,0(r14) /* instruction, now insert top */ 910 rlwimi r15,r10,16,16,31 /* half of vp const in low half */ 911 stw r15,0(r14) /* of instruction and restore. */ 912 dcbst r0,r14 /* write it to memory */ 913 sync 914 icbi r0,r14 /* flush the icache line */ 915 cmpw r12,r13 916 bne 1b 917 sync /* additional sync needed on g4 */ 918 isync 919 920/* 921 * Map the memory where the exception handlers will 922 * be copied to when hash constants have been patched. 923 */ 924#ifdef CONFIG_APUS_FAST_EXCEPT 925 lis r8,0xfff0 926#else 927 lis r8,0 928#endif 929 ori r8,r8,0x2 /* 128KB, supervisor */ 930 mtspr SPRN_DBAT3U,r8 931 mtspr SPRN_DBAT3L,r8 932 933 lis r12,__ptov_table_begin@h 934 ori r12,r12,__ptov_table_begin@l 935 add r12,r12,r10 /* table begin phys address */ 936 lis r13,__ptov_table_end@h 937 ori r13,r13,__ptov_table_end@l 938 add r13,r13,r10 /* table end phys address */ 939 subi r12,r12,4 940 subi r13,r13,4 9411: lwzu r14,4(r12) /* virt address of instruction */ 942 add r14,r14,r10 /* phys address of instruction */ 943 lwz r15,0(r14) /* instruction, now insert top */ 944 rlwimi r15,r11,16,16,31 /* half of pv const in low half*/ 945 stw r15,0(r14) /* of instruction and restore. */ 946 dcbst r0,r14 /* write it to memory */ 947 sync 948 icbi r0,r14 /* flush the icache line */ 949 cmpw r12,r13 950 bne 1b 951 952 sync /* additional sync needed on g4 */ 953 isync /* No speculative loading until now */ 954 blr 955 956/*********************************************************************** 957 * Please note that on APUS the exception handlers are located at the 958 * physical address 0xfff0000. For this reason, the exception handlers 959 * cannot use relative branches to access the code below. 960 ***********************************************************************/ 961#endif /* CONFIG_APUS */ 962 963#ifdef CONFIG_SMP 964#ifdef CONFIG_GEMINI 965 .globl __secondary_start_gemini 966__secondary_start_gemini: 967 mfspr r4,SPRN_HID0 968 ori r4,r4,HID0_ICFI 969 li r3,0 970 ori r3,r3,HID0_ICE 971 andc r4,r4,r3 972 mtspr SPRN_HID0,r4 973 sync 974 b __secondary_start 975#endif /* CONFIG_GEMINI */ 976 977 .globl __secondary_start_mpc86xx 978__secondary_start_mpc86xx: 979 mfspr r3, SPRN_PIR 980 stw r3, __secondary_hold_acknowledge@l(0) 981 mr r24, r3 /* cpu # */ 982 b __secondary_start 983 984 .globl __secondary_start_pmac_0 985__secondary_start_pmac_0: 986 /* NB the entries for cpus 0, 1, 2 must each occupy 8 bytes. */ 987 li r24,0 988 b 1f 989 li r24,1 990 b 1f 991 li r24,2 992 b 1f 993 li r24,3 9941: 995 /* on powersurge, we come in here with IR=0 and DR=1, and DBAT 0 996 set to map the 0xf0000000 - 0xffffffff region */ 997 mfmsr r0 998 rlwinm r0,r0,0,28,26 /* clear DR (0x10) */ 999 SYNC 1000 mtmsr r0 1001 isync 1002 1003 .globl __secondary_start 1004__secondary_start: 1005 /* Copy some CPU settings from CPU 0 */ 1006 bl __restore_cpu_setup 1007 1008 lis r3,-KERNELBASE@h 1009 mr r4,r24 1010 bl call_setup_cpu /* Call setup_cpu for this CPU */ 1011#ifdef CONFIG_6xx 1012 lis r3,-KERNELBASE@h 1013 bl init_idle_6xx 1014#endif /* CONFIG_6xx */ 1015 1016 /* get current_thread_info and current */ 1017 lis r1,secondary_ti@ha 1018 tophys(r1,r1) 1019 lwz r1,secondary_ti@l(r1) 1020 tophys(r2,r1) 1021 lwz r2,TI_TASK(r2) 1022 1023 /* stack */ 1024 addi r1,r1,THREAD_SIZE-STACK_FRAME_OVERHEAD 1025 li r0,0 1026 tophys(r3,r1) 1027 stw r0,0(r3) 1028 1029 /* load up the MMU */ 1030 bl load_up_mmu 1031 1032 /* ptr to phys current thread */ 1033 tophys(r4,r2) 1034 addi r4,r4,THREAD /* phys address of our thread_struct */ 1035 CLR_TOP32(r4) 1036 mtspr SPRN_SPRG3,r4 1037 li r3,0 1038 mtspr SPRN_SPRG2,r3 /* 0 => not in RTAS */ 1039 1040 /* enable MMU and jump to start_secondary */ 1041 li r4,MSR_KERNEL 1042 FIX_SRR1(r4,r5) 1043 lis r3,start_secondary@h 1044 ori r3,r3,start_secondary@l 1045 mtspr SPRN_SRR0,r3 1046 mtspr SPRN_SRR1,r4 1047 SYNC 1048 RFI 1049#endif /* CONFIG_SMP */ 1050 1051/* 1052 * Those generic dummy functions are kept for CPUs not 1053 * included in CONFIG_6xx 1054 */ 1055#if !defined(CONFIG_6xx) 1056_GLOBAL(__save_cpu_setup) 1057 blr 1058_GLOBAL(__restore_cpu_setup) 1059 blr 1060#endif /* !defined(CONFIG_6xx) */ 1061 1062 1063/* 1064 * Load stuff into the MMU. Intended to be called with 1065 * IR=0 and DR=0. 1066 */ 1067load_up_mmu: 1068 sync /* Force all PTE updates to finish */ 1069 isync 1070 tlbia /* Clear all TLB entries */ 1071 sync /* wait for tlbia/tlbie to finish */ 1072 TLBSYNC /* ... on all CPUs */ 1073 /* Load the SDR1 register (hash table base & size) */ 1074 lis r6,_SDR1@ha 1075 tophys(r6,r6) 1076 lwz r6,_SDR1@l(r6) 1077 mtspr SPRN_SDR1,r6 1078 li r0,16 /* load up segment register values */ 1079 mtctr r0 /* for context 0 */ 1080 lis r3,0x2000 /* Ku = 1, VSID = 0 */ 1081 li r4,0 10823: mtsrin r3,r4 1083 addi r3,r3,0x111 /* increment VSID */ 1084 addis r4,r4,0x1000 /* address of next segment */ 1085 bdnz 3b 1086 1087/* Load the BAT registers with the values set up by MMU_init. 1088 MMU_init takes care of whether we're on a 601 or not. */ 1089 mfpvr r3 1090 srwi r3,r3,16 1091 cmpwi r3,1 1092 lis r3,BATS@ha 1093 addi r3,r3,BATS@l 1094 tophys(r3,r3) 1095 LOAD_BAT(0,r3,r4,r5) 1096 LOAD_BAT(1,r3,r4,r5) 1097 LOAD_BAT(2,r3,r4,r5) 1098 LOAD_BAT(3,r3,r4,r5) 1099BEGIN_FTR_SECTION 1100 LOAD_BAT(4,r3,r4,r5) 1101 LOAD_BAT(5,r3,r4,r5) 1102 LOAD_BAT(6,r3,r4,r5) 1103 LOAD_BAT(7,r3,r4,r5) 1104END_FTR_SECTION_IFSET(CPU_FTR_HAS_HIGH_BATS) 1105 blr 1106 1107/* 1108 * This is where the main kernel code starts. 1109 */ 1110start_here: 1111 /* ptr to current */ 1112 lis r2,init_task@h 1113 ori r2,r2,init_task@l 1114 /* Set up for using our exception vectors */ 1115 /* ptr to phys current thread */ 1116 tophys(r4,r2) 1117 addi r4,r4,THREAD /* init task's THREAD */ 1118 CLR_TOP32(r4) 1119 mtspr SPRN_SPRG3,r4 1120 li r3,0 1121 mtspr SPRN_SPRG2,r3 /* 0 => not in RTAS */ 1122 1123 /* stack */ 1124 lis r1,init_thread_union@ha 1125 addi r1,r1,init_thread_union@l 1126 li r0,0 1127 stwu r0,THREAD_SIZE-STACK_FRAME_OVERHEAD(r1) 1128/* 1129 * Do early platform-specific initialization, 1130 * and set up the MMU. 1131 */ 1132 mr r3,r31 1133 mr r4,r30 1134 bl machine_init 1135 bl __save_cpu_setup 1136 bl MMU_init 1137 1138#ifdef CONFIG_APUS 1139 /* Copy exception code to exception vector base on APUS. */ 1140 lis r4,KERNELBASE@h 1141#ifdef CONFIG_APUS_FAST_EXCEPT 1142 lis r3,0xfff0 /* Copy to 0xfff00000 */ 1143#else 1144 lis r3,0 /* Copy to 0x00000000 */ 1145#endif 1146 li r5,0x4000 /* # bytes of memory to copy */ 1147 li r6,0 1148 bl copy_and_flush /* copy the first 0x4000 bytes */ 1149#endif /* CONFIG_APUS */ 1150 1151/* 1152 * Go back to running unmapped so we can load up new values 1153 * for SDR1 (hash table pointer) and the segment registers 1154 * and change to using our exception vectors. 1155 */ 1156 lis r4,2f@h 1157 ori r4,r4,2f@l 1158 tophys(r4,r4) 1159 li r3,MSR_KERNEL & ~(MSR_IR|MSR_DR) 1160 FIX_SRR1(r3,r5) 1161 mtspr SPRN_SRR0,r4 1162 mtspr SPRN_SRR1,r3 1163 SYNC 1164 RFI 1165/* Load up the kernel context */ 11662: bl load_up_mmu 1167 1168#ifdef CONFIG_BDI_SWITCH 1169 /* Add helper information for the Abatron bdiGDB debugger. 1170 * We do this here because we know the mmu is disabled, and 1171 * will be enabled for real in just a few instructions. 1172 */ 1173 lis r5, abatron_pteptrs@h 1174 ori r5, r5, abatron_pteptrs@l 1175 stw r5, 0xf0(r0) /* This much match your Abatron config */ 1176 lis r6, swapper_pg_dir@h 1177 ori r6, r6, swapper_pg_dir@l 1178 tophys(r5, r5) 1179 stw r6, 0(r5) 1180#endif /* CONFIG_BDI_SWITCH */ 1181 1182/* Now turn on the MMU for real! */ 1183 li r4,MSR_KERNEL 1184 FIX_SRR1(r4,r5) 1185 lis r3,start_kernel@h 1186 ori r3,r3,start_kernel@l 1187 mtspr SPRN_SRR0,r3 1188 mtspr SPRN_SRR1,r4 1189 SYNC 1190 RFI 1191 1192/* 1193 * Set up the segment registers for a new context. 1194 */ 1195_GLOBAL(set_context) 1196 mulli r3,r3,897 /* multiply context by skew factor */ 1197 rlwinm r3,r3,4,8,27 /* VSID = (context & 0xfffff) << 4 */ 1198 addis r3,r3,0x6000 /* Set Ks, Ku bits */ 1199 li r0,NUM_USER_SEGMENTS 1200 mtctr r0 1201 1202#ifdef CONFIG_BDI_SWITCH 1203 /* Context switch the PTE pointer for the Abatron BDI2000. 1204 * The PGDIR is passed as second argument. 1205 */ 1206 lis r5, KERNELBASE@h 1207 lwz r5, 0xf0(r5) 1208 stw r4, 0x4(r5) 1209#endif 1210 li r4,0 1211 isync 12123: 1213 mtsrin r3,r4 1214 addi r3,r3,0x111 /* next VSID */ 1215 rlwinm r3,r3,0,8,3 /* clear out any overflow from VSID field */ 1216 addis r4,r4,0x1000 /* address of next segment */ 1217 bdnz 3b 1218 sync 1219 isync 1220 blr 1221 1222/* 1223 * An undocumented "feature" of 604e requires that the v bit 1224 * be cleared before changing BAT values. 1225 * 1226 * Also, newer IBM firmware does not clear bat3 and 4 so 1227 * this makes sure it's done. 1228 * -- Cort 1229 */ 1230clear_bats: 1231 li r10,0 1232 mfspr r9,SPRN_PVR 1233 rlwinm r9,r9,16,16,31 /* r9 = 1 for 601, 4 for 604 */ 1234 cmpwi r9, 1 1235 beq 1f 1236 1237 mtspr SPRN_DBAT0U,r10 1238 mtspr SPRN_DBAT0L,r10 1239 mtspr SPRN_DBAT1U,r10 1240 mtspr SPRN_DBAT1L,r10 1241 mtspr SPRN_DBAT2U,r10 1242 mtspr SPRN_DBAT2L,r10 1243 mtspr SPRN_DBAT3U,r10 1244 mtspr SPRN_DBAT3L,r10 12451: 1246 mtspr SPRN_IBAT0U,r10 1247 mtspr SPRN_IBAT0L,r10 1248 mtspr SPRN_IBAT1U,r10 1249 mtspr SPRN_IBAT1L,r10 1250 mtspr SPRN_IBAT2U,r10 1251 mtspr SPRN_IBAT2L,r10 1252 mtspr SPRN_IBAT3U,r10 1253 mtspr SPRN_IBAT3L,r10 1254BEGIN_FTR_SECTION 1255 /* Here's a tweak: at this point, CPU setup have 1256 * not been called yet, so HIGH_BAT_EN may not be 1257 * set in HID0 for the 745x processors. However, it 1258 * seems that doesn't affect our ability to actually 1259 * write to these SPRs. 1260 */ 1261 mtspr SPRN_DBAT4U,r10 1262 mtspr SPRN_DBAT4L,r10 1263 mtspr SPRN_DBAT5U,r10 1264 mtspr SPRN_DBAT5L,r10 1265 mtspr SPRN_DBAT6U,r10 1266 mtspr SPRN_DBAT6L,r10 1267 mtspr SPRN_DBAT7U,r10 1268 mtspr SPRN_DBAT7L,r10 1269 mtspr SPRN_IBAT4U,r10 1270 mtspr SPRN_IBAT4L,r10 1271 mtspr SPRN_IBAT5U,r10 1272 mtspr SPRN_IBAT5L,r10 1273 mtspr SPRN_IBAT6U,r10 1274 mtspr SPRN_IBAT6L,r10 1275 mtspr SPRN_IBAT7U,r10 1276 mtspr SPRN_IBAT7L,r10 1277END_FTR_SECTION_IFSET(CPU_FTR_HAS_HIGH_BATS) 1278 blr 1279 1280flush_tlbs: 1281 lis r10, 0x40 12821: addic. r10, r10, -0x1000 1283 tlbie r10 1284 blt 1b 1285 sync 1286 blr 1287 1288mmu_off: 1289 addi r4, r3, __after_mmu_off - _start 1290 mfmsr r3 1291 andi. r0,r3,MSR_DR|MSR_IR /* MMU enabled? */ 1292 beqlr 1293 andc r3,r3,r0 1294 mtspr SPRN_SRR0,r4 1295 mtspr SPRN_SRR1,r3 1296 sync 1297 RFI 1298 1299/* 1300 * Use the first pair of BAT registers to map the 1st 16MB 1301 * of RAM to KERNELBASE. From this point on we can't safely 1302 * call OF any more. 1303 */ 1304initial_bats: 1305 lis r11,KERNELBASE@h 1306 mfspr r9,SPRN_PVR 1307 rlwinm r9,r9,16,16,31 /* r9 = 1 for 601, 4 for 604 */ 1308 cmpwi 0,r9,1 1309 bne 4f 1310 ori r11,r11,4 /* set up BAT registers for 601 */ 1311 li r8,0x7f /* valid, block length = 8MB */ 1312 oris r9,r11,0x800000@h /* set up BAT reg for 2nd 8M */ 1313 oris r10,r8,0x800000@h /* set up BAT reg for 2nd 8M */ 1314 mtspr SPRN_IBAT0U,r11 /* N.B. 601 has valid bit in */ 1315 mtspr SPRN_IBAT0L,r8 /* lower BAT register */ 1316 mtspr SPRN_IBAT1U,r9 1317 mtspr SPRN_IBAT1L,r10 1318 isync 1319 blr 1320 13214: tophys(r8,r11) 1322#ifdef CONFIG_SMP 1323 ori r8,r8,0x12 /* R/W access, M=1 */ 1324#else 1325 ori r8,r8,2 /* R/W access */ 1326#endif /* CONFIG_SMP */ 1327#ifdef CONFIG_APUS 1328 ori r11,r11,BL_8M<<2|0x2 /* set up 8MB BAT registers for 604 */ 1329#else 1330 ori r11,r11,BL_256M<<2|0x2 /* set up BAT registers for 604 */ 1331#endif /* CONFIG_APUS */ 1332 1333 mtspr SPRN_DBAT0L,r8 /* N.B. 6xx (not 601) have valid */ 1334 mtspr SPRN_DBAT0U,r11 /* bit in upper BAT register */ 1335 mtspr SPRN_IBAT0L,r8 1336 mtspr SPRN_IBAT0U,r11 1337 isync 1338 blr 1339 1340 1341#if !defined(CONFIG_APUS) && defined(CONFIG_BOOTX_TEXT) 1342setup_disp_bat: 1343 /* 1344 * setup the display bat prepared for us in prom.c 1345 */ 1346 mflr r8 1347 bl reloc_offset 1348 mtlr r8 1349 addis r8,r3,disp_BAT@ha 1350 addi r8,r8,disp_BAT@l 1351 cmpwi cr0,r8,0 1352 beqlr 1353 lwz r11,0(r8) 1354 lwz r8,4(r8) 1355 mfspr r9,SPRN_PVR 1356 rlwinm r9,r9,16,16,31 /* r9 = 1 for 601, 4 for 604 */ 1357 cmpwi 0,r9,1 1358 beq 1f 1359 mtspr SPRN_DBAT3L,r8 1360 mtspr SPRN_DBAT3U,r11 1361 blr 13621: mtspr SPRN_IBAT3L,r8 1363 mtspr SPRN_IBAT3U,r11 1364 blr 1365#endif /* !defined(CONFIG_APUS) && defined(CONFIG_BOOTX_TEXT) */ 1366 1367#ifdef CONFIG_8260 1368/* Jump into the system reset for the rom. 1369 * We first disable the MMU, and then jump to the ROM reset address. 1370 * 1371 * r3 is the board info structure, r4 is the location for starting. 1372 * I use this for building a small kernel that can load other kernels, 1373 * rather than trying to write or rely on a rom monitor that can tftp load. 1374 */ 1375 .globl m8260_gorom 1376m8260_gorom: 1377 mfmsr r0 1378 rlwinm r0,r0,0,17,15 /* clear MSR_EE in r0 */ 1379 sync 1380 mtmsr r0 1381 sync 1382 mfspr r11, SPRN_HID0 1383 lis r10, 0 1384 ori r10,r10,HID0_ICE|HID0_DCE 1385 andc r11, r11, r10 1386 mtspr SPRN_HID0, r11 1387 isync 1388 li r5, MSR_ME|MSR_RI 1389 lis r6,2f@h 1390 addis r6,r6,-KERNELBASE@h 1391 ori r6,r6,2f@l 1392 mtspr SPRN_SRR0,r6 1393 mtspr SPRN_SRR1,r5 1394 isync 1395 sync 1396 rfi 13972: 1398 mtlr r4 1399 blr 1400#endif 1401 1402 1403/* 1404 * We put a few things here that have to be page-aligned. 1405 * This stuff goes at the beginning of the data segment, 1406 * which is page-aligned. 1407 */ 1408 .data 1409 .globl sdata 1410sdata: 1411 .globl empty_zero_page 1412empty_zero_page: 1413 .space 4096 1414 1415 .globl swapper_pg_dir 1416swapper_pg_dir: 1417 .space 4096 1418 1419/* 1420 * This space gets a copy of optional info passed to us by the bootstrap 1421 * Used to pass parameters into the kernel like root=/dev/sda1, etc. 1422 */ 1423 .globl cmd_line 1424cmd_line: 1425 .space 512 1426 1427 .globl intercept_table 1428intercept_table: 1429 .long 0, 0, i0x200, i0x300, i0x400, 0, i0x600, i0x700 1430 .long i0x800, 0, 0, 0, 0, i0xd00, 0, 0 1431 .long 0, 0, 0, i0x1300, 0, 0, 0, 0 1432 .long 0, 0, 0, 0, 0, 0, 0, 0 1433 .long 0, 0, 0, 0, 0, 0, 0, 0 1434 .long 0, 0, 0, 0, 0, 0, 0, 0 1435 1436/* Room for two PTE pointers, usually the kernel and current user pointers 1437 * to their respective root page table. 1438 */ 1439abatron_pteptrs: 1440 .space 8 1441