]>
Commit | Line | Data |
---|---|---|
2874c5fd | 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
14cf11af PM |
2 | /* |
3 | * Copyright (c) 1995-1996 Gary Thomas <gdt@linuxppc.org> | |
4 | * Initial PowerPC version. | |
5 | * Copyright (c) 1996 Cort Dougan <cort@cs.nmt.edu> | |
6 | * Rewritten for PReP | |
7 | * Copyright (c) 1996 Paul Mackerras <paulus@cs.anu.edu.au> | |
8 | * Low-level exception handers, MMU support, and rewrite. | |
9 | * Copyright (c) 1997 Dan Malek <dmalek@jlc.net> | |
10 | * PowerPC 8xx modifications. | |
11 | * Copyright (c) 1998-1999 TiVo, Inc. | |
12 | * PowerPC 403GCX modifications. | |
13 | * Copyright (c) 1999 Grant Erickson <grant@lcse.umn.edu> | |
14 | * PowerPC 403GCX/405GP modifications. | |
15 | * Copyright 2000 MontaVista Software Inc. | |
16 | * PPC405 modifications | |
17 | * PowerPC 403GCX/405GP modifications. | |
18 | * Author: MontaVista Software, Inc. | |
19 | * frank_rowand@mvista.com or source@mvista.com | |
20 | * debbie_chu@mvista.com | |
21 | * | |
14cf11af PM |
22 | * Module name: head_4xx.S |
23 | * | |
24 | * Description: | |
25 | * Kernel execution entry point code. | |
14cf11af PM |
26 | */ |
27 | ||
e7039845 | 28 | #include <linux/init.h> |
14cf11af PM |
29 | #include <asm/processor.h> |
30 | #include <asm/page.h> | |
31 | #include <asm/mmu.h> | |
32 | #include <asm/pgtable.h> | |
14cf11af PM |
33 | #include <asm/cputable.h> |
34 | #include <asm/thread_info.h> | |
35 | #include <asm/ppc_asm.h> | |
36 | #include <asm/asm-offsets.h> | |
46f52210 | 37 | #include <asm/ptrace.h> |
9445aa1a | 38 | #include <asm/export.h> |
36a7eeaf | 39 | #include <asm/asm-405.h> |
14cf11af | 40 | |
90f204b9 CL |
41 | #include "head_32.h" |
42 | ||
14cf11af PM |
43 | /* As with the other PowerPC ports, it is expected that when code |
44 | * execution begins here, the following registers contain valid, yet | |
45 | * optional, information: | |
46 | * | |
47 | * r3 - Board info structure pointer (DRAM, frequency, MAC address, etc.) | |
48 | * r4 - Starting address of the init RAM disk | |
49 | * r5 - Ending address of the init RAM disk | |
50 | * r6 - Start of kernel command line string (e.g. "mem=96m") | |
51 | * r7 - End of kernel command line string | |
52 | * | |
53 | * This is all going to change RSN when we add bi_recs....... -- Dan | |
54 | */ | |
e7039845 | 55 | __HEAD |
748a7683 KG |
56 | _ENTRY(_stext); |
57 | _ENTRY(_start); | |
14cf11af | 58 | |
6dece0eb | 59 | mr r31,r3 /* save device tree ptr */ |
14cf11af PM |
60 | |
61 | /* We have to turn on the MMU right away so we get cache modes | |
62 | * set correctly. | |
63 | */ | |
64 | bl initial_mmu | |
65 | ||
66 | /* We now have the lower 16 Meg mapped into TLB entries, and the caches | |
67 | * ready to work. | |
68 | */ | |
69 | turn_on_mmu: | |
70 | lis r0,MSR_KERNEL@h | |
71 | ori r0,r0,MSR_KERNEL@l | |
72 | mtspr SPRN_SRR1,r0 | |
73 | lis r0,start_here@h | |
74 | ori r0,r0,start_here@l | |
75 | mtspr SPRN_SRR0,r0 | |
76 | SYNC | |
77 | rfi /* enables MMU */ | |
78 | b . /* prevent prefetch past rfi */ | |
79 | ||
80 | /* | |
81 | * This area is used for temporarily saving registers during the | |
82 | * critical exception prolog. | |
83 | */ | |
84 | . = 0xc0 | |
85 | crit_save: | |
748a7683 | 86 | _ENTRY(crit_r10) |
14cf11af | 87 | .space 4 |
748a7683 | 88 | _ENTRY(crit_r11) |
14cf11af | 89 | .space 4 |
fca622c5 KG |
90 | _ENTRY(crit_srr0) |
91 | .space 4 | |
92 | _ENTRY(crit_srr1) | |
93 | .space 4 | |
94 | _ENTRY(saved_ksp_limit) | |
95 | .space 4 | |
14cf11af | 96 | |
14cf11af PM |
97 | /* |
98 | * Exception prolog for critical exceptions. This is a little different | |
99 | * from the normal exception prolog above since a critical exception | |
100 | * can potentially occur at any point during normal exception processing. | |
101 | * Thus we cannot use the same SPRG registers as the normal prolog above. | |
102 | * Instead we use a couple of words of memory at low physical addresses. | |
103 | * This is OK since we don't support SMP on these processors. | |
104 | */ | |
105 | #define CRITICAL_EXCEPTION_PROLOG \ | |
106 | stw r10,crit_r10@l(0); /* save two registers to work with */\ | |
107 | stw r11,crit_r11@l(0); \ | |
108 | mfcr r10; /* save CR in r10 for now */\ | |
109 | mfspr r11,SPRN_SRR3; /* check whether user or kernel */\ | |
110 | andi. r11,r11,MSR_PR; \ | |
bcf0b088 KG |
111 | lis r11,critirq_ctx@ha; \ |
112 | tophys(r11,r11); \ | |
113 | lwz r11,critirq_ctx@l(r11); \ | |
14cf11af PM |
114 | beq 1f; \ |
115 | /* COMING FROM USER MODE */ \ | |
ee43eb78 | 116 | mfspr r11,SPRN_SPRG_THREAD; /* if from user, start at top of */\ |
8c1fc5ab | 117 | lwz r11,TASK_STACK-THREAD(r11); /* this thread's kernel stack */\ |
bcf0b088 | 118 | 1: addi r11,r11,THREAD_SIZE-INT_FRAME_SIZE; /* Alloc an excpt frm */\ |
14cf11af PM |
119 | tophys(r11,r11); \ |
120 | stw r10,_CCR(r11); /* save various registers */\ | |
121 | stw r12,GPR12(r11); \ | |
122 | stw r9,GPR9(r11); \ | |
123 | mflr r10; \ | |
124 | stw r10,_LINK(r11); \ | |
125 | mfspr r12,SPRN_DEAR; /* save DEAR and ESR in the frame */\ | |
126 | stw r12,_DEAR(r11); /* since they may have had stuff */\ | |
127 | mfspr r9,SPRN_ESR; /* in them at the point where the */\ | |
128 | stw r9,_ESR(r11); /* exception was taken */\ | |
129 | mfspr r12,SPRN_SRR2; \ | |
130 | stw r1,GPR1(r11); \ | |
131 | mfspr r9,SPRN_SRR3; \ | |
132 | stw r1,0(r11); \ | |
133 | tovirt(r1,r11); \ | |
134 | rlwinm r9,r9,0,14,12; /* clear MSR_WE (necessary?) */\ | |
135 | stw r0,GPR0(r11); \ | |
bd82904d CL |
136 | lis r10, STACK_FRAME_REGS_MARKER@ha; /* exception frame marker */\ |
137 | addi r10, r10, STACK_FRAME_REGS_MARKER@l; \ | |
138 | stw r10, 8(r11); \ | |
14cf11af PM |
139 | SAVE_4GPRS(3, r11); \ |
140 | SAVE_2GPRS(7, r11) | |
141 | ||
142 | /* | |
143 | * State at this point: | |
144 | * r9 saved in stack frame, now saved SRR3 & ~MSR_WE | |
145 | * r10 saved in crit_r10 and in stack frame, trashed | |
146 | * r11 saved in crit_r11 and in stack frame, | |
147 | * now phys stack/exception frame pointer | |
148 | * r12 saved in stack frame, now saved SRR2 | |
149 | * CR saved in stack frame, CR0.EQ = !SRR3.PR | |
150 | * LR, DEAR, ESR in stack frame | |
151 | * r1 saved in stack frame, now virt stack/excframe pointer | |
152 | * r0, r3-r8 saved in stack frame | |
153 | */ | |
154 | ||
155 | /* | |
156 | * Exception vectors. | |
157 | */ | |
14cf11af PM |
158 | #define CRITICAL_EXCEPTION(n, label, hdlr) \ |
159 | START_EXCEPTION(n, label); \ | |
160 | CRITICAL_EXCEPTION_PROLOG; \ | |
161 | addi r3,r1,STACK_FRAME_OVERHEAD; \ | |
162 | EXC_XFER_TEMPLATE(hdlr, n+2, (MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)), \ | |
1ae99b4b | 163 | crit_transfer_to_handler, ret_from_crit_exc) |
14cf11af | 164 | |
14cf11af PM |
165 | /* |
166 | * 0x0100 - Critical Interrupt Exception | |
167 | */ | |
dc1c1ca3 | 168 | CRITICAL_EXCEPTION(0x0100, CriticalInterrupt, unknown_exception) |
14cf11af PM |
169 | |
170 | /* | |
171 | * 0x0200 - Machine Check Exception | |
172 | */ | |
dc1c1ca3 | 173 | CRITICAL_EXCEPTION(0x0200, MachineCheck, machine_check_exception) |
14cf11af PM |
174 | |
175 | /* | |
176 | * 0x0300 - Data Storage Exception | |
177 | * This happens for just a few reasons. U0 set (but we don't do that), | |
178 | * or zone protection fault (user violation, write to protected page). | |
179 | * If this is just an update of modified status, we do that quickly | |
180 | * and exit. Otherwise, we call heavywight functions to do the work. | |
181 | */ | |
182 | START_EXCEPTION(0x0300, DataStorage) | |
ee43eb78 BH |
183 | mtspr SPRN_SPRG_SCRATCH0, r10 /* Save some working registers */ |
184 | mtspr SPRN_SPRG_SCRATCH1, r11 | |
14cf11af PM |
185 | #ifdef CONFIG_403GCX |
186 | stw r12, 0(r0) | |
187 | stw r9, 4(r0) | |
188 | mfcr r11 | |
189 | mfspr r12, SPRN_PID | |
190 | stw r11, 8(r0) | |
191 | stw r12, 12(r0) | |
192 | #else | |
ee43eb78 BH |
193 | mtspr SPRN_SPRG_SCRATCH3, r12 |
194 | mtspr SPRN_SPRG_SCRATCH4, r9 | |
14cf11af PM |
195 | mfcr r11 |
196 | mfspr r12, SPRN_PID | |
ee43eb78 BH |
197 | mtspr SPRN_SPRG_SCRATCH6, r11 |
198 | mtspr SPRN_SPRG_SCRATCH5, r12 | |
14cf11af PM |
199 | #endif |
200 | ||
201 | /* First, check if it was a zone fault (which means a user | |
202 | * tried to access a kernel or read-protected page - always | |
203 | * a SEGV). All other faults here must be stores, so no | |
204 | * need to check ESR_DST as well. */ | |
205 | mfspr r10, SPRN_ESR | |
206 | andis. r10, r10, ESR_DIZ@h | |
207 | bne 2f | |
208 | ||
209 | mfspr r10, SPRN_DEAR /* Get faulting address */ | |
210 | ||
211 | /* If we are faulting a kernel address, we have to use the | |
212 | * kernel page tables. | |
213 | */ | |
8a13c4f9 | 214 | lis r11, PAGE_OFFSET@h |
14cf11af PM |
215 | cmplw r10, r11 |
216 | blt+ 3f | |
217 | lis r11, swapper_pg_dir@h | |
218 | ori r11, r11, swapper_pg_dir@l | |
219 | li r9, 0 | |
220 | mtspr SPRN_PID, r9 /* TLB will have 0 TID */ | |
221 | b 4f | |
222 | ||
223 | /* Get the PGD for the current thread. | |
224 | */ | |
225 | 3: | |
ee43eb78 | 226 | mfspr r11,SPRN_SPRG_THREAD |
14cf11af PM |
227 | lwz r11,PGDIR(r11) |
228 | 4: | |
229 | tophys(r11, r11) | |
230 | rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */ | |
231 | lwz r11, 0(r11) /* Get L1 entry */ | |
232 | rlwinm. r12, r11, 0, 0, 19 /* Extract L2 (pte) base address */ | |
233 | beq 2f /* Bail if no table */ | |
234 | ||
235 | rlwimi r12, r10, 22, 20, 29 /* Compute PTE address */ | |
236 | lwz r11, 0(r12) /* Get Linux PTE */ | |
237 | ||
238 | andi. r9, r11, _PAGE_RW /* Is it writeable? */ | |
239 | beq 2f /* Bail if not */ | |
240 | ||
241 | /* Update 'changed'. | |
242 | */ | |
243 | ori r11, r11, _PAGE_DIRTY|_PAGE_ACCESSED|_PAGE_HWWRITE | |
244 | stw r11, 0(r12) /* Update Linux page table */ | |
245 | ||
246 | /* Most of the Linux PTE is ready to load into the TLB LO. | |
247 | * We set ZSEL, where only the LS-bit determines user access. | |
248 | * We set execute, because we don't have the granularity to | |
249 | * properly set this at the page level (Linux problem). | |
250 | * If shared is set, we cause a zero PID->TID load. | |
251 | * Many of these bits are software only. Bits we don't set | |
252 | * here we (properly should) assume have the appropriate value. | |
253 | */ | |
254 | li r12, 0x0ce2 | |
255 | andc r11, r11, r12 /* Make sure 20, 21 are zero */ | |
256 | ||
257 | /* find the TLB index that caused the fault. It has to be here. | |
258 | */ | |
259 | tlbsx r9, 0, r10 | |
260 | ||
261 | tlbwe r11, r9, TLB_DATA /* Load TLB LO */ | |
262 | ||
263 | /* Done...restore registers and get out of here. | |
264 | */ | |
265 | #ifdef CONFIG_403GCX | |
266 | lwz r12, 12(r0) | |
267 | lwz r11, 8(r0) | |
268 | mtspr SPRN_PID, r12 | |
269 | mtcr r11 | |
270 | lwz r9, 4(r0) | |
271 | lwz r12, 0(r0) | |
272 | #else | |
ee43eb78 BH |
273 | mfspr r12, SPRN_SPRG_SCRATCH5 |
274 | mfspr r11, SPRN_SPRG_SCRATCH6 | |
14cf11af PM |
275 | mtspr SPRN_PID, r12 |
276 | mtcr r11 | |
ee43eb78 BH |
277 | mfspr r9, SPRN_SPRG_SCRATCH4 |
278 | mfspr r12, SPRN_SPRG_SCRATCH3 | |
14cf11af | 279 | #endif |
ee43eb78 BH |
280 | mfspr r11, SPRN_SPRG_SCRATCH1 |
281 | mfspr r10, SPRN_SPRG_SCRATCH0 | |
14cf11af PM |
282 | PPC405_ERR77_SYNC |
283 | rfi /* Should sync shadow TLBs */ | |
284 | b . /* prevent prefetch past rfi */ | |
285 | ||
286 | 2: | |
287 | /* The bailout. Restore registers to pre-exception conditions | |
288 | * and call the heavyweights to help us out. | |
289 | */ | |
290 | #ifdef CONFIG_403GCX | |
291 | lwz r12, 12(r0) | |
292 | lwz r11, 8(r0) | |
293 | mtspr SPRN_PID, r12 | |
294 | mtcr r11 | |
295 | lwz r9, 4(r0) | |
296 | lwz r12, 0(r0) | |
297 | #else | |
ee43eb78 BH |
298 | mfspr r12, SPRN_SPRG_SCRATCH5 |
299 | mfspr r11, SPRN_SPRG_SCRATCH6 | |
14cf11af PM |
300 | mtspr SPRN_PID, r12 |
301 | mtcr r11 | |
ee43eb78 BH |
302 | mfspr r9, SPRN_SPRG_SCRATCH4 |
303 | mfspr r12, SPRN_SPRG_SCRATCH3 | |
14cf11af | 304 | #endif |
ee43eb78 BH |
305 | mfspr r11, SPRN_SPRG_SCRATCH1 |
306 | mfspr r10, SPRN_SPRG_SCRATCH0 | |
14cf11af PM |
307 | b DataAccess |
308 | ||
309 | /* | |
310 | * 0x0400 - Instruction Storage Exception | |
311 | * This is caused by a fetch from non-execute or guarded pages. | |
312 | */ | |
313 | START_EXCEPTION(0x0400, InstructionAccess) | |
7271fc96 | 314 | EXCEPTION_PROLOG |
14cf11af | 315 | mr r4,r12 /* Pass SRR0 as arg2 */ |
1ca9db5b | 316 | stw r4, _DEAR(r11) |
14cf11af | 317 | li r5,0 /* Pass zero as arg3 */ |
a546498f | 318 | EXC_XFER_LITE(0x400, handle_page_fault) |
14cf11af PM |
319 | |
320 | /* 0x0500 - External Interrupt Exception */ | |
321 | EXCEPTION(0x0500, HardwareInterrupt, do_IRQ, EXC_XFER_LITE) | |
322 | ||
323 | /* 0x0600 - Alignment Exception */ | |
324 | START_EXCEPTION(0x0600, Alignment) | |
7271fc96 | 325 | EXCEPTION_PROLOG |
14cf11af PM |
326 | mfspr r4,SPRN_DEAR /* Grab the DEAR and save it */ |
327 | stw r4,_DEAR(r11) | |
328 | addi r3,r1,STACK_FRAME_OVERHEAD | |
642770dd | 329 | EXC_XFER_STD(0x600, alignment_exception) |
14cf11af PM |
330 | |
331 | /* 0x0700 - Program Exception */ | |
332 | START_EXCEPTION(0x0700, ProgramCheck) | |
7271fc96 | 333 | EXCEPTION_PROLOG |
14cf11af PM |
334 | mfspr r4,SPRN_ESR /* Grab the ESR and save it */ |
335 | stw r4,_ESR(r11) | |
336 | addi r3,r1,STACK_FRAME_OVERHEAD | |
dc1c1ca3 | 337 | EXC_XFER_STD(0x700, program_check_exception) |
14cf11af | 338 | |
642770dd CL |
339 | EXCEPTION(0x0800, Trap_08, unknown_exception, EXC_XFER_STD) |
340 | EXCEPTION(0x0900, Trap_09, unknown_exception, EXC_XFER_STD) | |
341 | EXCEPTION(0x0A00, Trap_0A, unknown_exception, EXC_XFER_STD) | |
342 | EXCEPTION(0x0B00, Trap_0B, unknown_exception, EXC_XFER_STD) | |
14cf11af PM |
343 | |
344 | /* 0x0C00 - System Call Exception */ | |
345 | START_EXCEPTION(0x0C00, SystemCall) | |
b86fb888 | 346 | SYSCALL_ENTRY 0xc00 |
249c9b0c | 347 | /* Trap_0D is commented out to get more space for system call exception */ |
14cf11af | 348 | |
249c9b0c | 349 | /* EXCEPTION(0x0D00, Trap_0D, unknown_exception, EXC_XFER_STD) */ |
642770dd CL |
350 | EXCEPTION(0x0E00, Trap_0E, unknown_exception, EXC_XFER_STD) |
351 | EXCEPTION(0x0F00, Trap_0F, unknown_exception, EXC_XFER_STD) | |
14cf11af PM |
352 | |
353 | /* 0x1000 - Programmable Interval Timer (PIT) Exception */ | |
1e18c17a JG |
354 | . = 0x1000 |
355 | b Decrementer | |
14cf11af PM |
356 | |
357 | /* 0x1010 - Fixed Interval Timer (FIT) Exception | |
358 | */ | |
1e18c17a JG |
359 | . = 0x1010 |
360 | b FITException | |
14cf11af PM |
361 | |
362 | /* 0x1020 - Watchdog Timer (WDT) Exception | |
363 | */ | |
1e18c17a JG |
364 | . = 0x1020 |
365 | b WDTException | |
14cf11af PM |
366 | |
367 | /* 0x1100 - Data TLB Miss Exception | |
368 | * As the name implies, translation is not in the MMU, so search the | |
369 | * page tables and fix it. The only purpose of this function is to | |
370 | * load TLB entries from the page table if they exist. | |
371 | */ | |
372 | START_EXCEPTION(0x1100, DTLBMiss) | |
ee43eb78 BH |
373 | mtspr SPRN_SPRG_SCRATCH0, r10 /* Save some working registers */ |
374 | mtspr SPRN_SPRG_SCRATCH1, r11 | |
14cf11af PM |
375 | #ifdef CONFIG_403GCX |
376 | stw r12, 0(r0) | |
377 | stw r9, 4(r0) | |
378 | mfcr r11 | |
379 | mfspr r12, SPRN_PID | |
380 | stw r11, 8(r0) | |
381 | stw r12, 12(r0) | |
382 | #else | |
ee43eb78 BH |
383 | mtspr SPRN_SPRG_SCRATCH3, r12 |
384 | mtspr SPRN_SPRG_SCRATCH4, r9 | |
14cf11af PM |
385 | mfcr r11 |
386 | mfspr r12, SPRN_PID | |
ee43eb78 BH |
387 | mtspr SPRN_SPRG_SCRATCH6, r11 |
388 | mtspr SPRN_SPRG_SCRATCH5, r12 | |
14cf11af PM |
389 | #endif |
390 | mfspr r10, SPRN_DEAR /* Get faulting address */ | |
391 | ||
392 | /* If we are faulting a kernel address, we have to use the | |
393 | * kernel page tables. | |
394 | */ | |
8a13c4f9 | 395 | lis r11, PAGE_OFFSET@h |
14cf11af PM |
396 | cmplw r10, r11 |
397 | blt+ 3f | |
398 | lis r11, swapper_pg_dir@h | |
399 | ori r11, r11, swapper_pg_dir@l | |
400 | li r9, 0 | |
401 | mtspr SPRN_PID, r9 /* TLB will have 0 TID */ | |
402 | b 4f | |
403 | ||
404 | /* Get the PGD for the current thread. | |
405 | */ | |
406 | 3: | |
ee43eb78 | 407 | mfspr r11,SPRN_SPRG_THREAD |
14cf11af PM |
408 | lwz r11,PGDIR(r11) |
409 | 4: | |
410 | tophys(r11, r11) | |
411 | rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */ | |
412 | lwz r12, 0(r11) /* Get L1 entry */ | |
413 | andi. r9, r12, _PMD_PRESENT /* Check if it points to a PTE page */ | |
414 | beq 2f /* Bail if no table */ | |
415 | ||
416 | rlwimi r12, r10, 22, 20, 29 /* Compute PTE address */ | |
417 | lwz r11, 0(r12) /* Get Linux PTE */ | |
418 | andi. r9, r11, _PAGE_PRESENT | |
419 | beq 5f | |
420 | ||
421 | ori r11, r11, _PAGE_ACCESSED | |
422 | stw r11, 0(r12) | |
423 | ||
424 | /* Create TLB tag. This is the faulting address plus a static | |
425 | * set of bits. These are size, valid, E, U0. | |
426 | */ | |
427 | li r12, 0x00c0 | |
428 | rlwimi r10, r12, 0, 20, 31 | |
429 | ||
430 | b finish_tlb_load | |
431 | ||
432 | 2: /* Check for possible large-page pmd entry */ | |
433 | rlwinm. r9, r12, 2, 22, 24 | |
434 | beq 5f | |
435 | ||
436 | /* Create TLB tag. This is the faulting address, plus a static | |
437 | * set of bits (valid, E, U0) plus the size from the PMD. | |
438 | */ | |
439 | ori r9, r9, 0x40 | |
440 | rlwimi r10, r9, 0, 20, 31 | |
441 | mr r11, r12 | |
442 | ||
443 | b finish_tlb_load | |
444 | ||
445 | 5: | |
446 | /* The bailout. Restore registers to pre-exception conditions | |
447 | * and call the heavyweights to help us out. | |
448 | */ | |
449 | #ifdef CONFIG_403GCX | |
450 | lwz r12, 12(r0) | |
451 | lwz r11, 8(r0) | |
452 | mtspr SPRN_PID, r12 | |
453 | mtcr r11 | |
454 | lwz r9, 4(r0) | |
455 | lwz r12, 0(r0) | |
456 | #else | |
ee43eb78 BH |
457 | mfspr r12, SPRN_SPRG_SCRATCH5 |
458 | mfspr r11, SPRN_SPRG_SCRATCH6 | |
14cf11af PM |
459 | mtspr SPRN_PID, r12 |
460 | mtcr r11 | |
ee43eb78 BH |
461 | mfspr r9, SPRN_SPRG_SCRATCH4 |
462 | mfspr r12, SPRN_SPRG_SCRATCH3 | |
14cf11af | 463 | #endif |
ee43eb78 BH |
464 | mfspr r11, SPRN_SPRG_SCRATCH1 |
465 | mfspr r10, SPRN_SPRG_SCRATCH0 | |
14cf11af PM |
466 | b DataAccess |
467 | ||
468 | /* 0x1200 - Instruction TLB Miss Exception | |
469 | * Nearly the same as above, except we get our information from different | |
470 | * registers and bailout to a different point. | |
471 | */ | |
472 | START_EXCEPTION(0x1200, ITLBMiss) | |
ee43eb78 BH |
473 | mtspr SPRN_SPRG_SCRATCH0, r10 /* Save some working registers */ |
474 | mtspr SPRN_SPRG_SCRATCH1, r11 | |
14cf11af PM |
475 | #ifdef CONFIG_403GCX |
476 | stw r12, 0(r0) | |
477 | stw r9, 4(r0) | |
478 | mfcr r11 | |
479 | mfspr r12, SPRN_PID | |
480 | stw r11, 8(r0) | |
481 | stw r12, 12(r0) | |
482 | #else | |
ee43eb78 BH |
483 | mtspr SPRN_SPRG_SCRATCH3, r12 |
484 | mtspr SPRN_SPRG_SCRATCH4, r9 | |
14cf11af PM |
485 | mfcr r11 |
486 | mfspr r12, SPRN_PID | |
ee43eb78 BH |
487 | mtspr SPRN_SPRG_SCRATCH6, r11 |
488 | mtspr SPRN_SPRG_SCRATCH5, r12 | |
14cf11af PM |
489 | #endif |
490 | mfspr r10, SPRN_SRR0 /* Get faulting address */ | |
491 | ||
492 | /* If we are faulting a kernel address, we have to use the | |
493 | * kernel page tables. | |
494 | */ | |
8a13c4f9 | 495 | lis r11, PAGE_OFFSET@h |
14cf11af PM |
496 | cmplw r10, r11 |
497 | blt+ 3f | |
498 | lis r11, swapper_pg_dir@h | |
499 | ori r11, r11, swapper_pg_dir@l | |
500 | li r9, 0 | |
501 | mtspr SPRN_PID, r9 /* TLB will have 0 TID */ | |
502 | b 4f | |
503 | ||
504 | /* Get the PGD for the current thread. | |
505 | */ | |
506 | 3: | |
ee43eb78 | 507 | mfspr r11,SPRN_SPRG_THREAD |
14cf11af PM |
508 | lwz r11,PGDIR(r11) |
509 | 4: | |
510 | tophys(r11, r11) | |
511 | rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */ | |
512 | lwz r12, 0(r11) /* Get L1 entry */ | |
513 | andi. r9, r12, _PMD_PRESENT /* Check if it points to a PTE page */ | |
514 | beq 2f /* Bail if no table */ | |
515 | ||
516 | rlwimi r12, r10, 22, 20, 29 /* Compute PTE address */ | |
517 | lwz r11, 0(r12) /* Get Linux PTE */ | |
518 | andi. r9, r11, _PAGE_PRESENT | |
519 | beq 5f | |
520 | ||
521 | ori r11, r11, _PAGE_ACCESSED | |
522 | stw r11, 0(r12) | |
523 | ||
524 | /* Create TLB tag. This is the faulting address plus a static | |
525 | * set of bits. These are size, valid, E, U0. | |
526 | */ | |
527 | li r12, 0x00c0 | |
528 | rlwimi r10, r12, 0, 20, 31 | |
529 | ||
530 | b finish_tlb_load | |
531 | ||
532 | 2: /* Check for possible large-page pmd entry */ | |
533 | rlwinm. r9, r12, 2, 22, 24 | |
534 | beq 5f | |
535 | ||
536 | /* Create TLB tag. This is the faulting address, plus a static | |
537 | * set of bits (valid, E, U0) plus the size from the PMD. | |
538 | */ | |
539 | ori r9, r9, 0x40 | |
540 | rlwimi r10, r9, 0, 20, 31 | |
541 | mr r11, r12 | |
542 | ||
543 | b finish_tlb_load | |
544 | ||
545 | 5: | |
546 | /* The bailout. Restore registers to pre-exception conditions | |
547 | * and call the heavyweights to help us out. | |
548 | */ | |
549 | #ifdef CONFIG_403GCX | |
550 | lwz r12, 12(r0) | |
551 | lwz r11, 8(r0) | |
552 | mtspr SPRN_PID, r12 | |
553 | mtcr r11 | |
554 | lwz r9, 4(r0) | |
555 | lwz r12, 0(r0) | |
556 | #else | |
ee43eb78 BH |
557 | mfspr r12, SPRN_SPRG_SCRATCH5 |
558 | mfspr r11, SPRN_SPRG_SCRATCH6 | |
14cf11af PM |
559 | mtspr SPRN_PID, r12 |
560 | mtcr r11 | |
ee43eb78 BH |
561 | mfspr r9, SPRN_SPRG_SCRATCH4 |
562 | mfspr r12, SPRN_SPRG_SCRATCH3 | |
14cf11af | 563 | #endif |
ee43eb78 BH |
564 | mfspr r11, SPRN_SPRG_SCRATCH1 |
565 | mfspr r10, SPRN_SPRG_SCRATCH0 | |
14cf11af PM |
566 | b InstructionAccess |
567 | ||
642770dd CL |
568 | EXCEPTION(0x1300, Trap_13, unknown_exception, EXC_XFER_STD) |
569 | EXCEPTION(0x1400, Trap_14, unknown_exception, EXC_XFER_STD) | |
570 | EXCEPTION(0x1500, Trap_15, unknown_exception, EXC_XFER_STD) | |
571 | EXCEPTION(0x1600, Trap_16, unknown_exception, EXC_XFER_STD) | |
14cf11af PM |
572 | #ifdef CONFIG_IBM405_ERR51 |
573 | /* 405GP errata 51 */ | |
574 | START_EXCEPTION(0x1700, Trap_17) | |
575 | b DTLBMiss | |
576 | #else | |
642770dd | 577 | EXCEPTION(0x1700, Trap_17, unknown_exception, EXC_XFER_STD) |
14cf11af | 578 | #endif |
642770dd CL |
579 | EXCEPTION(0x1800, Trap_18, unknown_exception, EXC_XFER_STD) |
580 | EXCEPTION(0x1900, Trap_19, unknown_exception, EXC_XFER_STD) | |
581 | EXCEPTION(0x1A00, Trap_1A, unknown_exception, EXC_XFER_STD) | |
582 | EXCEPTION(0x1B00, Trap_1B, unknown_exception, EXC_XFER_STD) | |
583 | EXCEPTION(0x1C00, Trap_1C, unknown_exception, EXC_XFER_STD) | |
584 | EXCEPTION(0x1D00, Trap_1D, unknown_exception, EXC_XFER_STD) | |
585 | EXCEPTION(0x1E00, Trap_1E, unknown_exception, EXC_XFER_STD) | |
586 | EXCEPTION(0x1F00, Trap_1F, unknown_exception, EXC_XFER_STD) | |
14cf11af PM |
587 | |
588 | /* Check for a single step debug exception while in an exception | |
589 | * handler before state has been saved. This is to catch the case | |
590 | * where an instruction that we are trying to single step causes | |
591 | * an exception (eg ITLB/DTLB miss) and thus the first instruction of | |
592 | * the exception handler generates a single step debug exception. | |
593 | * | |
594 | * If we get a debug trap on the first instruction of an exception handler, | |
595 | * we reset the MSR_DE in the _exception handler's_ MSR (the debug trap is | |
596 | * a critical exception, so we are using SPRN_CSRR1 to manipulate the MSR). | |
597 | * The exception handler was handling a non-critical interrupt, so it will | |
598 | * save (and later restore) the MSR via SPRN_SRR1, which will still have | |
599 | * the MSR_DE bit set. | |
600 | */ | |
601 | /* 0x2000 - Debug Exception */ | |
602 | START_EXCEPTION(0x2000, DebugTrap) | |
603 | CRITICAL_EXCEPTION_PROLOG | |
604 | ||
605 | /* | |
606 | * If this is a single step or branch-taken exception in an | |
607 | * exception entry sequence, it was probably meant to apply to | |
608 | * the code where the exception occurred (since exception entry | |
609 | * doesn't turn off DE automatically). We simulate the effect | |
610 | * of turning off DE on entry to an exception handler by turning | |
611 | * off DE in the SRR3 value and clearing the debug status. | |
612 | */ | |
613 | mfspr r10,SPRN_DBSR /* check single-step/branch taken */ | |
614 | andis. r10,r10,DBSR_IC@h | |
615 | beq+ 2f | |
616 | ||
617 | andi. r10,r9,MSR_IR|MSR_PR /* check supervisor + MMU off */ | |
618 | beq 1f /* branch and fix it up */ | |
619 | ||
620 | mfspr r10,SPRN_SRR2 /* Faulting instruction address */ | |
621 | cmplwi r10,0x2100 | |
622 | bgt+ 2f /* address above exception vectors */ | |
623 | ||
624 | /* here it looks like we got an inappropriate debug exception. */ | |
625 | 1: rlwinm r9,r9,0,~MSR_DE /* clear DE in the SRR3 value */ | |
626 | lis r10,DBSR_IC@h /* clear the IC event */ | |
627 | mtspr SPRN_DBSR,r10 | |
628 | /* restore state and get out */ | |
629 | lwz r10,_CCR(r11) | |
630 | lwz r0,GPR0(r11) | |
631 | lwz r1,GPR1(r11) | |
632 | mtcrf 0x80,r10 | |
633 | mtspr SPRN_SRR2,r12 | |
634 | mtspr SPRN_SRR3,r9 | |
635 | lwz r9,GPR9(r11) | |
636 | lwz r12,GPR12(r11) | |
637 | lwz r10,crit_r10@l(0) | |
638 | lwz r11,crit_r11@l(0) | |
639 | PPC405_ERR77_SYNC | |
640 | rfci | |
641 | b . | |
642 | ||
643 | /* continue normal handling for a critical exception... */ | |
644 | 2: mfspr r4,SPRN_DBSR | |
645 | addi r3,r1,STACK_FRAME_OVERHEAD | |
646 | EXC_XFER_TEMPLATE(DebugException, 0x2002, \ | |
647 | (MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)), \ | |
1ae99b4b | 648 | crit_transfer_to_handler, ret_from_crit_exc) |
14cf11af | 649 | |
1e18c17a JG |
650 | /* Programmable Interval Timer (PIT) Exception. (from 0x1000) */ |
651 | Decrementer: | |
7271fc96 | 652 | EXCEPTION_PROLOG |
1e18c17a JG |
653 | lis r0,TSR_PIS@h |
654 | mtspr SPRN_TSR,r0 /* Clear the PIT exception */ | |
655 | addi r3,r1,STACK_FRAME_OVERHEAD | |
656 | EXC_XFER_LITE(0x1000, timer_interrupt) | |
657 | ||
658 | /* Fixed Interval Timer (FIT) Exception. (from 0x1010) */ | |
659 | FITException: | |
7271fc96 | 660 | EXCEPTION_PROLOG |
1e18c17a | 661 | addi r3,r1,STACK_FRAME_OVERHEAD; |
642770dd | 662 | EXC_XFER_STD(0x1010, unknown_exception) |
1e18c17a JG |
663 | |
664 | /* Watchdog Timer (WDT) Exception. (from 0x1020) */ | |
665 | WDTException: | |
666 | CRITICAL_EXCEPTION_PROLOG; | |
667 | addi r3,r1,STACK_FRAME_OVERHEAD; | |
668 | EXC_XFER_TEMPLATE(WatchdogException, 0x1020+2, | |
669 | (MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)), | |
1ae99b4b | 670 | crit_transfer_to_handler, ret_from_crit_exc) |
1e18c17a | 671 | |
14cf11af PM |
672 | /* |
673 | * The other Data TLB exceptions bail out to this point | |
674 | * if they can't resolve the lightweight TLB fault. | |
675 | */ | |
676 | DataAccess: | |
7271fc96 | 677 | EXCEPTION_PROLOG |
14cf11af PM |
678 | mfspr r5,SPRN_ESR /* Grab the ESR, save it, pass arg3 */ |
679 | stw r5,_ESR(r11) | |
680 | mfspr r4,SPRN_DEAR /* Grab the DEAR, save it, pass arg2 */ | |
1ca9db5b | 681 | stw r4, _DEAR(r11) |
a546498f | 682 | EXC_XFER_LITE(0x300, handle_page_fault) |
14cf11af PM |
683 | |
684 | /* Other PowerPC processors, namely those derived from the 6xx-series | |
685 | * have vectors from 0x2100 through 0x2F00 defined, but marked as reserved. | |
686 | * However, for the 4xx-series processors these are neither defined nor | |
687 | * reserved. | |
688 | */ | |
689 | ||
690 | /* Damn, I came up one instruction too many to fit into the | |
691 | * exception space :-). Both the instruction and data TLB | |
692 | * miss get to this point to load the TLB. | |
693 | * r10 - TLB_TAG value | |
694 | * r11 - Linux PTE | |
25985edc | 695 | * r12, r9 - available to use |
14cf11af PM |
696 | * PID - loaded with proper value when we get here |
697 | * Upon exit, we reload everything and RFI. | |
698 | * Actually, it will fit now, but oh well.....a common place | |
699 | * to load the TLB. | |
700 | */ | |
701 | tlb_4xx_index: | |
702 | .long 0 | |
703 | finish_tlb_load: | |
704 | /* load the next available TLB index. | |
705 | */ | |
706 | lwz r9, tlb_4xx_index@l(0) | |
707 | addi r9, r9, 1 | |
4d922c8d | 708 | andi. r9, r9, (PPC40X_TLB_SIZE-1) |
14cf11af PM |
709 | stw r9, tlb_4xx_index@l(0) |
710 | ||
711 | 6: | |
712 | /* | |
713 | * Clear out the software-only bits in the PTE to generate the | |
714 | * TLB_DATA value. These are the bottom 2 bits of the RPM, the | |
715 | * top 3 bits of the zone field, and M. | |
716 | */ | |
717 | li r12, 0x0ce2 | |
718 | andc r11, r11, r12 | |
719 | ||
720 | tlbwe r11, r9, TLB_DATA /* Load TLB LO */ | |
721 | tlbwe r10, r9, TLB_TAG /* Load TLB HI */ | |
722 | ||
723 | /* Done...restore registers and get out of here. | |
724 | */ | |
725 | #ifdef CONFIG_403GCX | |
726 | lwz r12, 12(r0) | |
727 | lwz r11, 8(r0) | |
728 | mtspr SPRN_PID, r12 | |
729 | mtcr r11 | |
730 | lwz r9, 4(r0) | |
731 | lwz r12, 0(r0) | |
732 | #else | |
ee43eb78 BH |
733 | mfspr r12, SPRN_SPRG_SCRATCH5 |
734 | mfspr r11, SPRN_SPRG_SCRATCH6 | |
14cf11af PM |
735 | mtspr SPRN_PID, r12 |
736 | mtcr r11 | |
ee43eb78 BH |
737 | mfspr r9, SPRN_SPRG_SCRATCH4 |
738 | mfspr r12, SPRN_SPRG_SCRATCH3 | |
14cf11af | 739 | #endif |
ee43eb78 BH |
740 | mfspr r11, SPRN_SPRG_SCRATCH1 |
741 | mfspr r10, SPRN_SPRG_SCRATCH0 | |
14cf11af PM |
742 | PPC405_ERR77_SYNC |
743 | rfi /* Should sync shadow TLBs */ | |
744 | b . /* prevent prefetch past rfi */ | |
745 | ||
14cf11af PM |
746 | /* This is where the main kernel code starts. |
747 | */ | |
748 | start_here: | |
749 | ||
750 | /* ptr to current */ | |
751 | lis r2,init_task@h | |
752 | ori r2,r2,init_task@l | |
753 | ||
754 | /* ptr to phys current thread */ | |
755 | tophys(r4,r2) | |
756 | addi r4,r4,THREAD /* init task's THREAD */ | |
ee43eb78 | 757 | mtspr SPRN_SPRG_THREAD,r4 |
14cf11af PM |
758 | |
759 | /* stack */ | |
760 | lis r1,init_thread_union@ha | |
761 | addi r1,r1,init_thread_union@l | |
762 | li r0,0 | |
763 | stwu r0,THREAD_SIZE-STACK_FRAME_OVERHEAD(r1) | |
764 | ||
765 | bl early_init /* We have to do this with MMU on */ | |
766 | ||
767 | /* | |
768 | * Decide what sort of machine this is and initialize the MMU. | |
769 | */ | |
2edb16ef CL |
770 | #ifdef CONFIG_KASAN |
771 | bl kasan_early_init | |
772 | #endif | |
6dece0eb SW |
773 | li r3,0 |
774 | mr r4,r31 | |
14cf11af PM |
775 | bl machine_init |
776 | bl MMU_init | |
777 | ||
778 | /* Go back to running unmapped so we can load up new values | |
779 | * and change to using our exception vectors. | |
780 | * On the 4xx, all we have to do is invalidate the TLB to clear | |
781 | * the old 16M byte TLB mappings. | |
782 | */ | |
783 | lis r4,2f@h | |
784 | ori r4,r4,2f@l | |
785 | tophys(r4,r4) | |
786 | lis r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@h | |
787 | ori r3,r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@l | |
788 | mtspr SPRN_SRR0,r4 | |
789 | mtspr SPRN_SRR1,r3 | |
790 | rfi | |
791 | b . /* prevent prefetch past rfi */ | |
792 | ||
793 | /* Load up the kernel context */ | |
794 | 2: | |
795 | sync /* Flush to memory before changing TLB */ | |
796 | tlbia | |
797 | isync /* Flush shadow TLBs */ | |
798 | ||
799 | /* set up the PTE pointers for the Abatron bdiGDB. | |
800 | */ | |
801 | lis r6, swapper_pg_dir@h | |
802 | ori r6, r6, swapper_pg_dir@l | |
803 | lis r5, abatron_pteptrs@h | |
804 | ori r5, r5, abatron_pteptrs@l | |
805 | stw r5, 0xf0(r0) /* Must match your Abatron config file */ | |
806 | tophys(r5,r5) | |
807 | stw r6, 0(r5) | |
808 | ||
809 | /* Now turn on the MMU for real! */ | |
810 | lis r4,MSR_KERNEL@h | |
811 | ori r4,r4,MSR_KERNEL@l | |
812 | lis r3,start_kernel@h | |
813 | ori r3,r3,start_kernel@l | |
814 | mtspr SPRN_SRR0,r3 | |
815 | mtspr SPRN_SRR1,r4 | |
816 | rfi /* enable MMU and jump to start_kernel */ | |
817 | b . /* prevent prefetch past rfi */ | |
818 | ||
819 | /* Set up the initial MMU state so we can do the first level of | |
820 | * kernel initialization. This maps the first 16 MBytes of memory 1:1 | |
821 | * virtual to physical and more importantly sets the cache mode. | |
822 | */ | |
823 | initial_mmu: | |
824 | tlbia /* Invalidate all TLB entries */ | |
825 | isync | |
826 | ||
827 | /* We should still be executing code at physical address 0x0000xxxx | |
828 | * at this point. However, start_here is at virtual address | |
829 | * 0xC000xxxx. So, set up a TLB mapping to cover this once | |
830 | * translation is enabled. | |
831 | */ | |
832 | ||
833 | lis r3,KERNELBASE@h /* Load the kernel virtual address */ | |
834 | ori r3,r3,KERNELBASE@l | |
835 | tophys(r4,r3) /* Load the kernel physical address */ | |
836 | ||
837 | iccci r0,r3 /* Invalidate the i-cache before use */ | |
838 | ||
839 | /* Load the kernel PID. | |
840 | */ | |
841 | li r0,0 | |
842 | mtspr SPRN_PID,r0 | |
843 | sync | |
844 | ||
cd3db0c4 | 845 | /* Configure and load one entry into TLB slots 63 */ |
14cf11af PM |
846 | clrrwi r4,r4,10 /* Mask off the real page number */ |
847 | ori r4,r4,(TLB_WR | TLB_EX) /* Set the write and execute bits */ | |
848 | ||
849 | clrrwi r3,r3,10 /* Mask off the effective page number */ | |
850 | ori r3,r3,(TLB_VALID | TLB_PAGESZ(PAGESZ_16M)) | |
851 | ||
852 | li r0,63 /* TLB slot 63 */ | |
853 | ||
854 | tlbwe r4,r0,TLB_DATA /* Load the data portion of the entry */ | |
855 | tlbwe r3,r0,TLB_TAG /* Load the tag portion of the entry */ | |
856 | ||
14cf11af PM |
857 | isync |
858 | ||
859 | /* Establish the exception vector base | |
860 | */ | |
861 | lis r4,KERNELBASE@h /* EVPR only uses the high 16-bits */ | |
862 | tophys(r0,r4) /* Use the physical address */ | |
863 | mtspr SPRN_EVPR,r0 | |
864 | ||
865 | blr | |
866 | ||
867 | _GLOBAL(abort) | |
868 | mfspr r13,SPRN_DBCR0 | |
869 | oris r13,r13,DBCR0_RST_SYSTEM@h | |
870 | mtspr SPRN_DBCR0,r13 | |
871 | ||
872 | _GLOBAL(set_context) | |
873 | ||
874 | #ifdef CONFIG_BDI_SWITCH | |
875 | /* Context switch the PTE pointer for the Abatron BDI2000. | |
876 | * The PGDIR is the second parameter. | |
877 | */ | |
40058337 CL |
878 | lis r5, abatron_pteptrs@ha |
879 | stw r4, abatron_pteptrs@l + 0x4(r5) | |
14cf11af PM |
880 | #endif |
881 | sync | |
882 | mtspr SPRN_PID,r3 | |
883 | isync /* Need an isync to flush shadow */ | |
884 | /* TLBs after changing PID */ | |
885 | blr | |
886 | ||
887 | /* We put a few things here that have to be page-aligned. This stuff | |
888 | * goes at the beginning of the data segment, which is page-aligned. | |
889 | */ | |
890 | .data | |
ea703ce2 KG |
891 | .align 12 |
892 | .globl sdata | |
893 | sdata: | |
894 | .globl empty_zero_page | |
895 | empty_zero_page: | |
14cf11af | 896 | .space 4096 |
9445aa1a | 897 | EXPORT_SYMBOL(empty_zero_page) |
ea703ce2 KG |
898 | .globl swapper_pg_dir |
899 | swapper_pg_dir: | |
bee86f14 | 900 | .space PGD_TABLE_SIZE |
14cf11af | 901 | |
14cf11af PM |
902 | /* Room for two PTE pointers, usually the kernel and current user pointers |
903 | * to their respective root page table. | |
904 | */ | |
905 | abatron_pteptrs: | |
906 | .space 8 |