1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * linux/arch/arm/boot/compressed/head.S 4 * 5 * Copyright (C) 1996-2002 Russell King 6 * Copyright (C) 2004 Hyok S. Choi (MPU support) 7 */ 8#include <linux/linkage.h> 9#include <asm/assembler.h> 10#include <asm/v7m.h> 11 12#include "efi-header.S" 13 14#ifdef __ARMEB__ 15#define OF_DT_MAGIC 0xd00dfeed 16#else 17#define OF_DT_MAGIC 0xedfe0dd0 18#endif 19 20 AR_CLASS( .arch armv7-a ) 21 M_CLASS( .arch armv7-m ) 22 23/* 24 * Debugging stuff 25 * 26 * Note that these macros must not contain any code which is not 27 * 100% relocatable. Any attempt to do so will result in a crash. 28 * Please select one of the following when turning on debugging. 29 */ 30#ifdef DEBUG 31 32#if defined(CONFIG_DEBUG_ICEDCC) 33 34#if defined(CONFIG_CPU_V6) || defined(CONFIG_CPU_V6K) || defined(CONFIG_CPU_V7) 35 .macro loadsp, rb, tmp1, tmp2 36 .endm 37 .macro writeb, ch, rb, tmp 38 mcr p14, 0, \ch, c0, c5, 0 39 .endm 40#elif defined(CONFIG_CPU_XSCALE) 41 .macro loadsp, rb, tmp1, tmp2 42 .endm 43 .macro writeb, ch, rb, tmp 44 mcr p14, 0, \ch, c8, c0, 0 45 .endm 46#else 47 .macro loadsp, rb, tmp1, tmp2 48 .endm 49 .macro writeb, ch, rb, tmp 50 mcr p14, 0, \ch, c1, c0, 0 51 .endm 52#endif 53 54#else 55 56#include CONFIG_DEBUG_LL_INCLUDE 57 58 .macro writeb, ch, rb, tmp 59#ifdef CONFIG_DEBUG_UART_FLOW_CONTROL 60 waituartcts \tmp, \rb 61#endif 62 waituarttxrdy \tmp, \rb 63 senduart \ch, \rb 64 busyuart \tmp, \rb 65 .endm 66 67#if defined(CONFIG_ARCH_SA1100) 68 .macro loadsp, rb, tmp1, tmp2 69 mov \rb, #0x80000000 @ physical base address 70 add \rb, \rb, #0x00010000 @ Ser1 71 .endm 72#else 73 .macro loadsp, rb, tmp1, tmp2 74 addruart \rb, \tmp1, \tmp2 75 .endm 76#endif 77#endif 78#endif 79 80 .macro kputc,val 81 mov r0, \val 82 bl putc 83 .endm 84 85 .macro kphex,val,len 86 mov r0, \val 87 mov r1, #\len 88 bl phex 89 .endm 90 91 /* 92 * Debug kernel copy by printing the memory addresses involved 93 */ 94 .macro dbgkc, begin, end, cbegin, cend 95#ifdef DEBUG 96 kputc #'C' 97 kputc #':' 98 kputc #'0' 99 kputc #'x' 100 kphex \begin, 8 /* Start of compressed kernel */ 101 kputc #'-' 102 kputc #'0' 103 kputc #'x' 104 kphex \end, 8 /* End of compressed kernel */ 105 kputc #'-' 106 kputc #'>' 107 kputc #'0' 108 kputc #'x' 109 kphex \cbegin, 8 /* Start of kernel copy */ 110 kputc #'-' 111 kputc #'0' 112 kputc #'x' 113 kphex \cend, 8 /* End of kernel copy */ 114 kputc #'\n' 115#endif 116 .endm 117 118 /* 119 * Debug print of the final appended DTB location 120 */ 121 .macro dbgadtb, begin, size 122#ifdef DEBUG 123 kputc #'D' 124 kputc #'T' 125 kputc #'B' 126 kputc #':' 127 kputc #'0' 128 kputc #'x' 129 kphex \begin, 8 /* Start of appended DTB */ 130 kputc #' ' 131 kputc #'(' 132 kputc #'0' 133 kputc #'x' 134 kphex \size, 8 /* Size of appended DTB */ 135 kputc #')' 136 kputc #'\n' 137#endif 138 .endm 139 140 .macro enable_cp15_barriers, reg 141 mrc p15, 0, \reg, c1, c0, 0 @ read SCTLR 142 tst \reg, #(1 << 5) @ CP15BEN bit set? 143 bne .L_\@ 144 orr \reg, \reg, #(1 << 5) @ CP15 barrier instructions 145 mcr p15, 0, \reg, c1, c0, 0 @ write SCTLR 146 ARM( .inst 0xf57ff06f @ v7+ isb ) 147 THUMB( isb ) 148.L_\@: 149 .endm 150 151 /* 152 * The kernel build system appends the size of the 153 * decompressed kernel at the end of the compressed data 154 * in little-endian form. 155 */ 156 .macro get_inflated_image_size, res:req, tmp1:req, tmp2:req 157 adr \res, .Linflated_image_size_offset 158 ldr \tmp1, [\res] 159 add \tmp1, \tmp1, \res @ address of inflated image size 160 161 ldrb \res, [\tmp1] @ get_unaligned_le32 162 ldrb \tmp2, [\tmp1, #1] 163 orr \res, \res, \tmp2, lsl #8 164 ldrb \tmp2, [\tmp1, #2] 165 ldrb \tmp1, [\tmp1, #3] 166 orr \res, \res, \tmp2, lsl #16 167 orr \res, \res, \tmp1, lsl #24 168 .endm 169 170 .macro be32tocpu, val, tmp 171#ifndef __ARMEB__ 172 /* convert to little endian */ 173 rev_l \val, \tmp 174#endif 175 .endm 176 177 .section ".start", "ax" 178/* 179 * sort out different calling conventions 180 */ 181 .align 182 /* 183 * Always enter in ARM state for CPUs that support the ARM ISA. 184 * As of today (2014) that's exactly the members of the A and R 185 * classes. 186 */ 187 AR_CLASS( .arm ) 188start: 189 .type start,#function 190 /* 191 * These 7 nops along with the 1 nop immediately below for 192 * !THUMB2 form 8 nops that make the compressed kernel bootable 193 * on legacy ARM systems that were assuming the kernel in a.out 194 * binary format. The boot loaders on these systems would 195 * jump 32 bytes into the image to skip the a.out header. 196 * with these 8 nops filling exactly 32 bytes, things still 197 * work as expected on these legacy systems. Thumb2 mode keeps 198 * 7 of the nops as it turns out that some boot loaders 199 * were patching the initial instructions of the kernel, i.e 200 * had started to exploit this "patch area". 201 */ 202 __initial_nops 203 .rept 5 204 __nop 205 .endr 206#ifndef CONFIG_THUMB2_KERNEL 207 __nop 208#else 209 AR_CLASS( sub pc, pc, #3 ) @ A/R: switch to Thumb2 mode 210 M_CLASS( nop.w ) @ M: already in Thumb2 mode 211 .thumb 212#endif 213 W(b) 1f 214 215 .word _magic_sig @ Magic numbers to help the loader 216 .word _magic_start @ absolute load/run zImage address 217 .word _magic_end @ zImage end address 218 .word 0x04030201 @ endianness flag 219 .word 0x45454545 @ another magic number to indicate 220 .word _magic_table @ additional data table 221 222 __EFI_HEADER 2231: 224 ARM_BE8( setend be ) @ go BE8 if compiled for BE8 225 AR_CLASS( mrs r9, cpsr ) 226#ifdef CONFIG_ARM_VIRT_EXT 227 bl __hyp_stub_install @ get into SVC mode, reversibly 228#endif 229 mov r7, r1 @ save architecture ID 230 mov r8, r2 @ save atags pointer 231 232#ifndef CONFIG_CPU_V7M 233 /* 234 * Booting from Angel - need to enter SVC mode and disable 235 * FIQs/IRQs (numeric definitions from angel arm.h source). 236 * We only do this if we were in user mode on entry. 237 */ 238 mrs r2, cpsr @ get current mode 239 tst r2, #3 @ not user? 240 bne not_angel 241 mov r0, #0x17 @ angel_SWIreason_EnterSVC 242 ARM( swi 0x123456 ) @ angel_SWI_ARM 243 THUMB( svc 0xab ) @ angel_SWI_THUMB 244not_angel: 245 safe_svcmode_maskall r0 246 msr spsr_cxsf, r9 @ Save the CPU boot mode in 247 @ SPSR 248#endif 249 /* 250 * Note that some cache flushing and other stuff may 251 * be needed here - is there an Angel SWI call for this? 252 */ 253 254 /* 255 * some architecture specific code can be inserted 256 * by the linker here, but it should preserve r7, r8, and r9. 257 */ 258 259 .text 260 261#ifdef CONFIG_AUTO_ZRELADDR 262 /* 263 * Find the start of physical memory. As we are executing 264 * without the MMU on, we are in the physical address space. 265 * We just need to get rid of any offset by aligning the 266 * address. 267 * 268 * This alignment is a balance between the requirements of 269 * different platforms - we have chosen 128MB to allow 270 * platforms which align the start of their physical memory 271 * to 128MB to use this feature, while allowing the zImage 272 * to be placed within the first 128MB of memory on other 273 * platforms. Increasing the alignment means we place 274 * stricter alignment requirements on the start of physical 275 * memory, but relaxing it means that we break people who 276 * are already placing their zImage in (eg) the top 64MB 277 * of this range. 278 */ 279 mov r0, pc 280 and r0, r0, #0xf8000000 281#ifdef CONFIG_USE_OF 282 adr r1, LC1 283#ifdef CONFIG_ARM_APPENDED_DTB 284 /* 285 * Look for an appended DTB. If found, we cannot use it to 286 * validate the calculated start of physical memory, as its 287 * memory nodes may need to be augmented by ATAGS stored at 288 * an offset from the same start of physical memory. 289 */ 290 ldr r2, [r1, #4] @ get &_edata 291 add r2, r2, r1 @ relocate it 292 ldr r2, [r2] @ get DTB signature 293 ldr r3, =OF_DT_MAGIC 294 cmp r2, r3 @ do we have a DTB there? 295 beq 1f @ if yes, skip validation 296#endif /* CONFIG_ARM_APPENDED_DTB */ 297 298 /* 299 * Make sure we have some stack before calling C code. 300 * No GOT fixup has occurred yet, but none of the code we're 301 * about to call uses any global variables. 302 */ 303 ldr sp, [r1] @ get stack location 304 add sp, sp, r1 @ apply relocation 305 306 /* Validate calculated start against passed DTB */ 307 mov r1, r8 308 bl fdt_check_mem_start 3091: 310#endif /* CONFIG_USE_OF */ 311 /* Determine final kernel image address. */ 312 add r4, r0, #TEXT_OFFSET 313#else 314 ldr r4, =zreladdr 315#endif 316 317 /* 318 * Set up a page table only if it won't overwrite ourself. 319 * That means r4 < pc || r4 - 16k page directory > &_end. 320 * Given that r4 > &_end is most unfrequent, we add a rough 321 * additional 1MB of room for a possible appended DTB. 322 */ 323 mov r0, pc 324 cmp r0, r4 325 ldrcc r0, .Lheadroom 326 addcc r0, r0, pc 327 cmpcc r4, r0 328 orrcc r4, r4, #1 @ remember we skipped cache_on 329 blcs cache_on 330 331restart: adr r0, LC1 332 ldr sp, [r0] 333 ldr r6, [r0, #4] 334 add sp, sp, r0 335 add r6, r6, r0 336 337 get_inflated_image_size r9, r10, lr 338 339#ifndef CONFIG_ZBOOT_ROM 340 /* malloc space is above the relocated stack (64k max) */ 341 add r10, sp, #MALLOC_SIZE 342#else 343 /* 344 * With ZBOOT_ROM the bss/stack is non relocatable, 345 * but someone could still run this code from RAM, 346 * in which case our reference is _edata. 347 */ 348 mov r10, r6 349#endif 350 351 mov r5, #0 @ init dtb size to 0 352#ifdef CONFIG_ARM_APPENDED_DTB 353/* 354 * r4 = final kernel address (possibly with LSB set) 355 * r5 = appended dtb size (still unknown) 356 * r6 = _edata 357 * r7 = architecture ID 358 * r8 = atags/device tree pointer 359 * r9 = size of decompressed image 360 * r10 = end of this image, including bss/stack/malloc space if non XIP 361 * sp = stack pointer 362 * 363 * if there are device trees (dtb) appended to zImage, advance r10 so that the 364 * dtb data will get relocated along with the kernel if necessary. 365 */ 366 367 ldr lr, [r6, #0] 368 ldr r1, =OF_DT_MAGIC 369 cmp lr, r1 370 bne dtb_check_done @ not found 371 372#ifdef CONFIG_ARM_ATAG_DTB_COMPAT 373 /* 374 * OK... Let's do some funky business here. 375 * If we do have a DTB appended to zImage, and we do have 376 * an ATAG list around, we want the later to be translated 377 * and folded into the former here. No GOT fixup has occurred 378 * yet, but none of the code we're about to call uses any 379 * global variable. 380 */ 381 382 /* Get the initial DTB size */ 383 ldr r5, [r6, #4] 384 be32tocpu r5, r1 385 dbgadtb r6, r5 386 /* 50% DTB growth should be good enough */ 387 add r5, r5, r5, lsr #1 388 /* preserve 64-bit alignment */ 389 add r5, r5, #7 390 bic r5, r5, #7 391 /* clamp to 32KB min and 1MB max */ 392 cmp r5, #(1 << 15) 393 movlo r5, #(1 << 15) 394 cmp r5, #(1 << 20) 395 movhi r5, #(1 << 20) 396 /* temporarily relocate the stack past the DTB work space */ 397 add sp, sp, r5 398 399 mov r0, r8 400 mov r1, r6 401 mov r2, r5 402 bl atags_to_fdt 403 404 /* 405 * If returned value is 1, there is no ATAG at the location 406 * pointed by r8. Try the typical 0x100 offset from start 407 * of RAM and hope for the best. 408 */ 409 cmp r0, #1 410 sub r0, r4, #TEXT_OFFSET 411 bic r0, r0, #1 412 add r0, r0, #0x100 413 mov r1, r6 414 mov r2, r5 415 bleq atags_to_fdt 416 417 sub sp, sp, r5 418#endif 419 420 mov r8, r6 @ use the appended device tree 421 422 /* 423 * Make sure that the DTB doesn't end up in the final 424 * kernel's .bss area. To do so, we adjust the decompressed 425 * kernel size to compensate if that .bss size is larger 426 * than the relocated code. 427 */ 428 ldr r5, =_kernel_bss_size 429 adr r1, wont_overwrite 430 sub r1, r6, r1 431 subs r1, r5, r1 432 addhi r9, r9, r1 433 434 /* Get the current DTB size */ 435 ldr r5, [r6, #4] 436 be32tocpu r5, r1 437 438 /* preserve 64-bit alignment */ 439 add r5, r5, #7 440 bic r5, r5, #7 441 442 /* relocate some pointers past the appended dtb */ 443 add r6, r6, r5 444 add r10, r10, r5 445 add sp, sp, r5 446dtb_check_done: 447#endif 448 449/* 450 * Check to see if we will overwrite ourselves. 451 * r4 = final kernel address (possibly with LSB set) 452 * r9 = size of decompressed image 453 * r10 = end of this image, including bss/stack/malloc space if non XIP 454 * We basically want: 455 * r4 - 16k page directory >= r10 -> OK 456 * r4 + image length <= address of wont_overwrite -> OK 457 * Note: the possible LSB in r4 is harmless here. 458 */ 459 add r10, r10, #16384 460 cmp r4, r10 461 bhs wont_overwrite 462 add r10, r4, r9 463 adr r9, wont_overwrite 464 cmp r10, r9 465 bls wont_overwrite 466 467/* 468 * Relocate ourselves past the end of the decompressed kernel. 469 * r6 = _edata 470 * r10 = end of the decompressed kernel 471 * Because we always copy ahead, we need to do it from the end and go 472 * backward in case the source and destination overlap. 473 */ 474 /* 475 * Bump to the next 256-byte boundary with the size of 476 * the relocation code added. This avoids overwriting 477 * ourself when the offset is small. 478 */ 479 add r10, r10, #((reloc_code_end - restart + 256) & ~255) 480 bic r10, r10, #255 481 482 /* Get start of code we want to copy and align it down. */ 483 adr r5, restart 484 bic r5, r5, #31 485 486/* Relocate the hyp vector base if necessary */ 487#ifdef CONFIG_ARM_VIRT_EXT 488 mrs r0, spsr 489 and r0, r0, #MODE_MASK 490 cmp r0, #HYP_MODE 491 bne 1f 492 493 /* 494 * Compute the address of the hyp vectors after relocation. 495 * Call __hyp_set_vectors with the new address so that we 496 * can HVC again after the copy. 497 */ 498 adr_l r0, __hyp_stub_vectors 499 sub r0, r0, r5 500 add r0, r0, r10 501 bl __hyp_set_vectors 5021: 503#endif 504 505 sub r9, r6, r5 @ size to copy 506 add r9, r9, #31 @ rounded up to a multiple 507 bic r9, r9, #31 @ ... of 32 bytes 508 add r6, r9, r5 509 add r9, r9, r10 510 511#ifdef DEBUG 512 sub r10, r6, r5 513 sub r10, r9, r10 514 /* 515 * We are about to copy the kernel to a new memory area. 516 * The boundaries of the new memory area can be found in 517 * r10 and r9, whilst r5 and r6 contain the boundaries 518 * of the memory we are going to copy. 519 * Calling dbgkc will help with the printing of this 520 * information. 521 */ 522 dbgkc r5, r6, r10, r9 523#endif 524 5251: ldmdb r6!, {r0 - r3, r10 - r12, lr} 526 cmp r6, r5 527 stmdb r9!, {r0 - r3, r10 - r12, lr} 528 bhi 1b 529 530 /* Preserve offset to relocated code. */ 531 sub r6, r9, r6 532 533 mov r0, r9 @ start of relocated zImage 534 add r1, sp, r6 @ end of relocated zImage 535 bl cache_clean_flush 536 537 badr r0, restart 538 add r0, r0, r6 539 mov pc, r0 540 541wont_overwrite: 542 adr r0, LC0 543 ldmia r0, {r1, r2, r3, r11, r12} 544 sub r0, r0, r1 @ calculate the delta offset 545 546/* 547 * If delta is zero, we are running at the address we were linked at. 548 * r0 = delta 549 * r2 = BSS start 550 * r3 = BSS end 551 * r4 = kernel execution address (possibly with LSB set) 552 * r5 = appended dtb size (0 if not present) 553 * r7 = architecture ID 554 * r8 = atags pointer 555 * r11 = GOT start 556 * r12 = GOT end 557 * sp = stack pointer 558 */ 559 orrs r1, r0, r5 560 beq not_relocated 561 562 add r11, r11, r0 563 add r12, r12, r0 564 565#ifndef CONFIG_ZBOOT_ROM 566 /* 567 * If we're running fully PIC === CONFIG_ZBOOT_ROM = n, 568 * we need to fix up pointers into the BSS region. 569 * Note that the stack pointer has already been fixed up. 570 */ 571 add r2, r2, r0 572 add r3, r3, r0 573 574 /* 575 * Relocate all entries in the GOT table. 576 * Bump bss entries to _edata + dtb size 577 */ 5781: ldr r1, [r11, #0] @ relocate entries in the GOT 579 add r1, r1, r0 @ This fixes up C references 580 cmp r1, r2 @ if entry >= bss_start && 581 cmphs r3, r1 @ bss_end > entry 582 addhi r1, r1, r5 @ entry += dtb size 583 str r1, [r11], #4 @ next entry 584 cmp r11, r12 585 blo 1b 586 587 /* bump our bss pointers too */ 588 add r2, r2, r5 589 add r3, r3, r5 590 591#else 592 593 /* 594 * Relocate entries in the GOT table. We only relocate 595 * the entries that are outside the (relocated) BSS region. 596 */ 5971: ldr r1, [r11, #0] @ relocate entries in the GOT 598 cmp r1, r2 @ entry < bss_start || 599 cmphs r3, r1 @ _end < entry 600 addlo r1, r1, r0 @ table. This fixes up the 601 str r1, [r11], #4 @ C references. 602 cmp r11, r12 603 blo 1b 604#endif 605 606not_relocated: mov r0, #0 6071: str r0, [r2], #4 @ clear bss 608 str r0, [r2], #4 609 str r0, [r2], #4 610 str r0, [r2], #4 611 cmp r2, r3 612 blo 1b 613 614 /* 615 * Did we skip the cache setup earlier? 616 * That is indicated by the LSB in r4. 617 * Do it now if so. 618 */ 619 tst r4, #1 620 bic r4, r4, #1 621 blne cache_on 622 623/* 624 * The C runtime environment should now be setup sufficiently. 625 * Set up some pointers, and start decompressing. 626 * r4 = kernel execution address 627 * r7 = architecture ID 628 * r8 = atags pointer 629 */ 630 mov r0, r4 631 mov r1, sp @ malloc space above stack 632 add r2, sp, #MALLOC_SIZE @ 64k max 633 mov r3, r7 634 bl decompress_kernel 635 636 get_inflated_image_size r1, r2, r3 637 638 mov r0, r4 @ start of inflated image 639 add r1, r1, r0 @ end of inflated image 640 bl cache_clean_flush 641 bl cache_off 642 643#ifdef CONFIG_ARM_VIRT_EXT 644 mrs r0, spsr @ Get saved CPU boot mode 645 and r0, r0, #MODE_MASK 646 cmp r0, #HYP_MODE @ if not booted in HYP mode... 647 bne __enter_kernel @ boot kernel directly 648 649 adr_l r0, __hyp_reentry_vectors 650 bl __hyp_set_vectors 651 __HVC(0) @ otherwise bounce to hyp mode 652 653 b . @ should never be reached 654#else 655 b __enter_kernel 656#endif 657 658 .align 2 659 .type LC0, #object 660LC0: .word LC0 @ r1 661 .word __bss_start @ r2 662 .word _end @ r3 663 .word _got_start @ r11 664 .word _got_end @ ip 665 .size LC0, . - LC0 666 667 .type LC1, #object 668LC1: .word .L_user_stack_end - LC1 @ sp 669 .word _edata - LC1 @ r6 670 .size LC1, . - LC1 671 672.Lheadroom: 673 .word _end - restart + 16384 + 1024*1024 674 675.Linflated_image_size_offset: 676 .long (input_data_end - 4) - . 677 678#ifdef CONFIG_ARCH_RPC 679 .globl params 680params: ldr r0, =0x10000100 @ params_phys for RPC 681 mov pc, lr 682 .ltorg 683 .align 684#endif 685 686/* 687 * dcache_line_size - get the minimum D-cache line size from the CTR register 688 * on ARMv7. 689 */ 690 .macro dcache_line_size, reg, tmp 691#ifdef CONFIG_CPU_V7M 692 movw \tmp, #:lower16:BASEADDR_V7M_SCB + V7M_SCB_CTR 693 movt \tmp, #:upper16:BASEADDR_V7M_SCB + V7M_SCB_CTR 694 ldr \tmp, [\tmp] 695#else 696 mrc p15, 0, \tmp, c0, c0, 1 @ read ctr 697#endif 698 lsr \tmp, \tmp, #16 699 and \tmp, \tmp, #0xf @ cache line size encoding 700 mov \reg, #4 @ bytes per word 701 mov \reg, \reg, lsl \tmp @ actual cache line size 702 .endm 703 704/* 705 * Turn on the cache. We need to setup some page tables so that we 706 * can have both the I and D caches on. 707 * 708 * We place the page tables 16k down from the kernel execution address, 709 * and we hope that nothing else is using it. If we're using it, we 710 * will go pop! 711 * 712 * On entry, 713 * r4 = kernel execution address 714 * r7 = architecture number 715 * r8 = atags pointer 716 * On exit, 717 * r0, r1, r2, r3, r9, r10, r12 corrupted 718 * This routine must preserve: 719 * r4, r7, r8 720 */ 721 .align 5 722cache_on: mov r3, #8 @ cache_on function 723 b call_cache_fn 724 725/* 726 * Initialize the highest priority protection region, PR7 727 * to cover all 32bit address and cacheable and bufferable. 728 */ 729__armv4_mpu_cache_on: 730 mov r0, #0x3f @ 4G, the whole 731 mcr p15, 0, r0, c6, c7, 0 @ PR7 Area Setting 732 mcr p15, 0, r0, c6, c7, 1 733 734 mov r0, #0x80 @ PR7 735 mcr p15, 0, r0, c2, c0, 0 @ D-cache on 736 mcr p15, 0, r0, c2, c0, 1 @ I-cache on 737 mcr p15, 0, r0, c3, c0, 0 @ write-buffer on 738 739 mov r0, #0xc000 740 mcr p15, 0, r0, c5, c0, 1 @ I-access permission 741 mcr p15, 0, r0, c5, c0, 0 @ D-access permission 742 743 mov r0, #0 744 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 745 mcr p15, 0, r0, c7, c5, 0 @ flush(inval) I-Cache 746 mcr p15, 0, r0, c7, c6, 0 @ flush(inval) D-Cache 747 mrc p15, 0, r0, c1, c0, 0 @ read control reg 748 @ ...I .... ..D. WC.M 749 orr r0, r0, #0x002d @ .... .... ..1. 11.1 750 orr r0, r0, #0x1000 @ ...1 .... .... .... 751 752 mcr p15, 0, r0, c1, c0, 0 @ write control reg 753 754 mov r0, #0 755 mcr p15, 0, r0, c7, c5, 0 @ flush(inval) I-Cache 756 mcr p15, 0, r0, c7, c6, 0 @ flush(inval) D-Cache 757 mov pc, lr 758 759__armv3_mpu_cache_on: 760 mov r0, #0x3f @ 4G, the whole 761 mcr p15, 0, r0, c6, c7, 0 @ PR7 Area Setting 762 763 mov r0, #0x80 @ PR7 764 mcr p15, 0, r0, c2, c0, 0 @ cache on 765 mcr p15, 0, r0, c3, c0, 0 @ write-buffer on 766 767 mov r0, #0xc000 768 mcr p15, 0, r0, c5, c0, 0 @ access permission 769 770 mov r0, #0 771 mcr p15, 0, r0, c7, c0, 0 @ invalidate whole cache v3 772 /* 773 * ?? ARMv3 MMU does not allow reading the control register, 774 * does this really work on ARMv3 MPU? 775 */ 776 mrc p15, 0, r0, c1, c0, 0 @ read control reg 777 @ .... .... .... WC.M 778 orr r0, r0, #0x000d @ .... .... .... 11.1 779 /* ?? this overwrites the value constructed above? */ 780 mov r0, #0 781 mcr p15, 0, r0, c1, c0, 0 @ write control reg 782 783 /* ?? invalidate for the second time? */ 784 mcr p15, 0, r0, c7, c0, 0 @ invalidate whole cache v3 785 mov pc, lr 786 787#ifdef CONFIG_CPU_DCACHE_WRITETHROUGH 788#define CB_BITS 0x08 789#else 790#define CB_BITS 0x0c 791#endif 792 793__setup_mmu: sub r3, r4, #16384 @ Page directory size 794 bic r3, r3, #0xff @ Align the pointer 795 bic r3, r3, #0x3f00 796/* 797 * Initialise the page tables, turning on the cacheable and bufferable 798 * bits for the RAM area only. 799 */ 800 mov r0, r3 801 mov r9, r0, lsr #18 802 mov r9, r9, lsl #18 @ start of RAM 803 add r10, r9, #0x10000000 @ a reasonable RAM size 804 mov r1, #0x12 @ XN|U + section mapping 805 orr r1, r1, #3 << 10 @ AP=11 806 add r2, r3, #16384 8071: cmp r1, r9 @ if virt > start of RAM 808 cmphs r10, r1 @ && end of RAM > virt 809 bic r1, r1, #0x1c @ clear XN|U + C + B 810 orrlo r1, r1, #0x10 @ Set XN|U for non-RAM 811 orrhs r1, r1, r6 @ set RAM section settings 812 str r1, [r0], #4 @ 1:1 mapping 813 add r1, r1, #1048576 814 teq r0, r2 815 bne 1b 816/* 817 * If ever we are running from Flash, then we surely want the cache 818 * to be enabled also for our execution instance... We map 2MB of it 819 * so there is no map overlap problem for up to 1 MB compressed kernel. 820 * If the execution is in RAM then we would only be duplicating the above. 821 */ 822 orr r1, r6, #0x04 @ ensure B is set for this 823 orr r1, r1, #3 << 10 824 mov r2, pc 825 mov r2, r2, lsr #20 826 orr r1, r1, r2, lsl #20 827 add r0, r3, r2, lsl #2 828 str r1, [r0], #4 829 add r1, r1, #1048576 830 str r1, [r0] 831 mov pc, lr 832ENDPROC(__setup_mmu) 833 834@ Enable unaligned access on v6, to allow better code generation 835@ for the decompressor C code: 836__armv6_mmu_cache_on: 837 mrc p15, 0, r0, c1, c0, 0 @ read SCTLR 838 bic r0, r0, #2 @ A (no unaligned access fault) 839 orr r0, r0, #1 << 22 @ U (v6 unaligned access model) 840 mcr p15, 0, r0, c1, c0, 0 @ write SCTLR 841 b __armv4_mmu_cache_on 842 843__arm926ejs_mmu_cache_on: 844#ifdef CONFIG_CPU_DCACHE_WRITETHROUGH 845 mov r0, #4 @ put dcache in WT mode 846 mcr p15, 7, r0, c15, c0, 0 847#endif 848 849__armv4_mmu_cache_on: 850 mov r12, lr 851#ifdef CONFIG_MMU 852 mov r6, #CB_BITS | 0x12 @ U 853 bl __setup_mmu 854 mov r0, #0 855 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 856 mcr p15, 0, r0, c8, c7, 0 @ flush I,D TLBs 857 mrc p15, 0, r0, c1, c0, 0 @ read control reg 858 orr r0, r0, #0x5000 @ I-cache enable, RR cache replacement 859 orr r0, r0, #0x0030 860 ARM_BE8( orr r0, r0, #1 << 25 ) @ big-endian page tables 861 bl __common_mmu_cache_on 862 mov r0, #0 863 mcr p15, 0, r0, c8, c7, 0 @ flush I,D TLBs 864#endif 865 mov pc, r12 866 867__armv7_mmu_cache_on: 868 enable_cp15_barriers r11 869 mov r12, lr 870#ifdef CONFIG_MMU 871 mrc p15, 0, r11, c0, c1, 4 @ read ID_MMFR0 872 tst r11, #0xf @ VMSA 873 movne r6, #CB_BITS | 0x02 @ !XN 874 blne __setup_mmu 875 mov r0, #0 876 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 877 tst r11, #0xf @ VMSA 878 mcrne p15, 0, r0, c8, c7, 0 @ flush I,D TLBs 879#endif 880 mrc p15, 0, r0, c1, c0, 0 @ read control reg 881 bic r0, r0, #1 << 28 @ clear SCTLR.TRE 882 orr r0, r0, #0x5000 @ I-cache enable, RR cache replacement 883 orr r0, r0, #0x003c @ write buffer 884 bic r0, r0, #2 @ A (no unaligned access fault) 885 orr r0, r0, #1 << 22 @ U (v6 unaligned access model) 886 @ (needed for ARM1176) 887#ifdef CONFIG_MMU 888 ARM_BE8( orr r0, r0, #1 << 25 ) @ big-endian page tables 889 mrcne p15, 0, r6, c2, c0, 2 @ read ttb control reg 890 orrne r0, r0, #1 @ MMU enabled 891 movne r1, #0xfffffffd @ domain 0 = client 892 bic r6, r6, #1 << 31 @ 32-bit translation system 893 bic r6, r6, #(7 << 0) | (1 << 4) @ use only ttbr0 894 mcrne p15, 0, r3, c2, c0, 0 @ load page table pointer 895 mcrne p15, 0, r1, c3, c0, 0 @ load domain access control 896 mcrne p15, 0, r6, c2, c0, 2 @ load ttb control 897#endif 898 mcr p15, 0, r0, c7, c5, 4 @ ISB 899 mcr p15, 0, r0, c1, c0, 0 @ load control register 900 mrc p15, 0, r0, c1, c0, 0 @ and read it back 901 mov r0, #0 902 mcr p15, 0, r0, c7, c5, 4 @ ISB 903 mov pc, r12 904 905__fa526_cache_on: 906 mov r12, lr 907 mov r6, #CB_BITS | 0x12 @ U 908 bl __setup_mmu 909 mov r0, #0 910 mcr p15, 0, r0, c7, c7, 0 @ Invalidate whole cache 911 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 912 mcr p15, 0, r0, c8, c7, 0 @ flush UTLB 913 mrc p15, 0, r0, c1, c0, 0 @ read control reg 914 orr r0, r0, #0x1000 @ I-cache enable 915 bl __common_mmu_cache_on 916 mov r0, #0 917 mcr p15, 0, r0, c8, c7, 0 @ flush UTLB 918 mov pc, r12 919 920__common_mmu_cache_on: 921#ifndef CONFIG_THUMB2_KERNEL 922#ifndef DEBUG 923 orr r0, r0, #0x000d @ Write buffer, mmu 924#endif 925 mov r1, #-1 926 mcr p15, 0, r3, c2, c0, 0 @ load page table pointer 927 mcr p15, 0, r1, c3, c0, 0 @ load domain access control 928 b 1f 929 .align 5 @ cache line aligned 9301: mcr p15, 0, r0, c1, c0, 0 @ load control register 931 mrc p15, 0, r0, c1, c0, 0 @ and read it back to 932 sub pc, lr, r0, lsr #32 @ properly flush pipeline 933#endif 934 935#define PROC_ENTRY_SIZE (4*5) 936 937/* 938 * Here follow the relocatable cache support functions for the 939 * various processors. This is a generic hook for locating an 940 * entry and jumping to an instruction at the specified offset 941 * from the start of the block. Please note this is all position 942 * independent code. 943 * 944 * r1 = corrupted 945 * r2 = corrupted 946 * r3 = block offset 947 * r9 = corrupted 948 * r12 = corrupted 949 */ 950 951call_cache_fn: adr r12, proc_types 952#ifdef CONFIG_CPU_CP15 953 mrc p15, 0, r9, c0, c0 @ get processor ID 954#elif defined(CONFIG_CPU_V7M) 955 /* 956 * On v7-M the processor id is located in the V7M_SCB_CPUID 957 * register, but as cache handling is IMPLEMENTATION DEFINED on 958 * v7-M (if existant at all) we just return early here. 959 * If V7M_SCB_CPUID were used the cpu ID functions (i.e. 960 * __armv7_mmu_cache_{on,off,flush}) would be selected which 961 * use cp15 registers that are not implemented on v7-M. 962 */ 963 bx lr 964#else 965 ldr r9, =CONFIG_PROCESSOR_ID 966#endif 9671: ldr r1, [r12, #0] @ get value 968 ldr r2, [r12, #4] @ get mask 969 eor r1, r1, r9 @ (real ^ match) 970 tst r1, r2 @ & mask 971 ARM( addeq pc, r12, r3 ) @ call cache function 972 THUMB( addeq r12, r3 ) 973 THUMB( moveq pc, r12 ) @ call cache function 974 add r12, r12, #PROC_ENTRY_SIZE 975 b 1b 976 977/* 978 * Table for cache operations. This is basically: 979 * - CPU ID match 980 * - CPU ID mask 981 * - 'cache on' method instruction 982 * - 'cache off' method instruction 983 * - 'cache flush' method instruction 984 * 985 * We match an entry using: ((real_id ^ match) & mask) == 0 986 * 987 * Writethrough caches generally only need 'on' and 'off' 988 * methods. Writeback caches _must_ have the flush method 989 * defined. 990 */ 991 .align 2 992 .type proc_types,#object 993proc_types: 994 .word 0x41000000 @ old ARM ID 995 .word 0xff00f000 996 mov pc, lr 997 THUMB( nop ) 998 mov pc, lr 999 THUMB( nop ) 1000 mov pc, lr 1001 THUMB( nop ) 1002 1003 .word 0x41007000 @ ARM7/710 1004 .word 0xfff8fe00 1005 mov pc, lr 1006 THUMB( nop ) 1007 mov pc, lr 1008 THUMB( nop ) 1009 mov pc, lr 1010 THUMB( nop ) 1011 1012 .word 0x41807200 @ ARM720T (writethrough) 1013 .word 0xffffff00 1014 W(b) __armv4_mmu_cache_on 1015 W(b) __armv4_mmu_cache_off 1016 mov pc, lr 1017 THUMB( nop ) 1018 1019 .word 0x41007400 @ ARM74x 1020 .word 0xff00ff00 1021 W(b) __armv3_mpu_cache_on 1022 W(b) __armv3_mpu_cache_off 1023 W(b) __armv3_mpu_cache_flush 1024 1025 .word 0x41009400 @ ARM94x 1026 .word 0xff00ff00 1027 W(b) __armv4_mpu_cache_on 1028 W(b) __armv4_mpu_cache_off 1029 W(b) __armv4_mpu_cache_flush 1030 1031 .word 0x41069260 @ ARM926EJ-S (v5TEJ) 1032 .word 0xff0ffff0 1033 W(b) __arm926ejs_mmu_cache_on 1034 W(b) __armv4_mmu_cache_off 1035 W(b) __armv5tej_mmu_cache_flush 1036 1037 .word 0x00007000 @ ARM7 IDs 1038 .word 0x0000f000 1039 mov pc, lr 1040 THUMB( nop ) 1041 mov pc, lr 1042 THUMB( nop ) 1043 mov pc, lr 1044 THUMB( nop ) 1045 1046 @ Everything from here on will be the new ID system. 1047 1048 .word 0x4401a100 @ sa110 / sa1100 1049 .word 0xffffffe0 1050 W(b) __armv4_mmu_cache_on 1051 W(b) __armv4_mmu_cache_off 1052 W(b) __armv4_mmu_cache_flush 1053 1054 .word 0x6901b110 @ sa1110 1055 .word 0xfffffff0 1056 W(b) __armv4_mmu_cache_on 1057 W(b) __armv4_mmu_cache_off 1058 W(b) __armv4_mmu_cache_flush 1059 1060 .word 0x56056900 1061 .word 0xffffff00 @ PXA9xx 1062 W(b) __armv4_mmu_cache_on 1063 W(b) __armv4_mmu_cache_off 1064 W(b) __armv4_mmu_cache_flush 1065 1066 .word 0x56158000 @ PXA168 1067 .word 0xfffff000 1068 W(b) __armv4_mmu_cache_on 1069 W(b) __armv4_mmu_cache_off 1070 W(b) __armv5tej_mmu_cache_flush 1071 1072 .word 0x56050000 @ Feroceon 1073 .word 0xff0f0000 1074 W(b) __armv4_mmu_cache_on 1075 W(b) __armv4_mmu_cache_off 1076 W(b) __armv5tej_mmu_cache_flush 1077 1078#ifdef CONFIG_CPU_FEROCEON_OLD_ID 1079 /* this conflicts with the standard ARMv5TE entry */ 1080 .long 0x41009260 @ Old Feroceon 1081 .long 0xff00fff0 1082 b __armv4_mmu_cache_on 1083 b __armv4_mmu_cache_off 1084 b __armv5tej_mmu_cache_flush 1085#endif 1086 1087 .word 0x66015261 @ FA526 1088 .word 0xff01fff1 1089 W(b) __fa526_cache_on 1090 W(b) __armv4_mmu_cache_off 1091 W(b) __fa526_cache_flush 1092 1093 @ These match on the architecture ID 1094 1095 .word 0x00020000 @ ARMv4T 1096 .word 0x000f0000 1097 W(b) __armv4_mmu_cache_on 1098 W(b) __armv4_mmu_cache_off 1099 W(b) __armv4_mmu_cache_flush 1100 1101 .word 0x00050000 @ ARMv5TE 1102 .word 0x000f0000 1103 W(b) __armv4_mmu_cache_on 1104 W(b) __armv4_mmu_cache_off 1105 W(b) __armv4_mmu_cache_flush 1106 1107 .word 0x00060000 @ ARMv5TEJ 1108 .word 0x000f0000 1109 W(b) __armv4_mmu_cache_on 1110 W(b) __armv4_mmu_cache_off 1111 W(b) __armv5tej_mmu_cache_flush 1112 1113 .word 0x0007b000 @ ARMv6 1114 .word 0x000ff000 1115 W(b) __armv6_mmu_cache_on 1116 W(b) __armv4_mmu_cache_off 1117 W(b) __armv6_mmu_cache_flush 1118 1119 .word 0x000f0000 @ new CPU Id 1120 .word 0x000f0000 1121 W(b) __armv7_mmu_cache_on 1122 W(b) __armv7_mmu_cache_off 1123 W(b) __armv7_mmu_cache_flush 1124 1125 .word 0 @ unrecognised type 1126 .word 0 1127 mov pc, lr 1128 THUMB( nop ) 1129 mov pc, lr 1130 THUMB( nop ) 1131 mov pc, lr 1132 THUMB( nop ) 1133 1134 .size proc_types, . - proc_types 1135 1136 /* 1137 * If you get a "non-constant expression in ".if" statement" 1138 * error from the assembler on this line, check that you have 1139 * not accidentally written a "b" instruction where you should 1140 * have written W(b). 1141 */ 1142 .if (. - proc_types) % PROC_ENTRY_SIZE != 0 1143 .error "The size of one or more proc_types entries is wrong." 1144 .endif 1145 1146/* 1147 * Turn off the Cache and MMU. ARMv3 does not support 1148 * reading the control register, but ARMv4 does. 1149 * 1150 * On exit, 1151 * r0, r1, r2, r3, r9, r12 corrupted 1152 * This routine must preserve: 1153 * r4, r7, r8 1154 */ 1155 .align 5 1156cache_off: mov r3, #12 @ cache_off function 1157 b call_cache_fn 1158 1159__armv4_mpu_cache_off: 1160 mrc p15, 0, r0, c1, c0 1161 bic r0, r0, #0x000d 1162 mcr p15, 0, r0, c1, c0 @ turn MPU and cache off 1163 mov r0, #0 1164 mcr p15, 0, r0, c7, c10, 4 @ drain write buffer 1165 mcr p15, 0, r0, c7, c6, 0 @ flush D-Cache 1166 mcr p15, 0, r0, c7, c5, 0 @ flush I-Cache 1167 mov pc, lr 1168 1169__armv3_mpu_cache_off: 1170 mrc p15, 0, r0, c1, c0 1171 bic r0, r0, #0x000d 1172 mcr p15, 0, r0, c1, c0, 0 @ turn MPU and cache off 1173 mov r0, #0 1174 mcr p15, 0, r0, c7, c0, 0 @ invalidate whole cache v3 1175 mov pc, lr 1176 1177__armv4_mmu_cache_off: 1178#ifdef CONFIG_MMU 1179 mrc p15, 0, r0, c1, c0 1180 bic r0, r0, #0x000d 1181 mcr p15, 0, r0, c1, c0 @ turn MMU and cache off 1182 mov r0, #0 1183 mcr p15, 0, r0, c7, c7 @ invalidate whole cache v4 1184 mcr p15, 0, r0, c8, c7 @ invalidate whole TLB v4 1185#endif 1186 mov pc, lr 1187 1188__armv7_mmu_cache_off: 1189 mrc p15, 0, r0, c1, c0 1190#ifdef CONFIG_MMU 1191 bic r0, r0, #0x0005 1192#else 1193 bic r0, r0, #0x0004 1194#endif 1195 mcr p15, 0, r0, c1, c0 @ turn MMU and cache off 1196 mov r0, #0 1197#ifdef CONFIG_MMU 1198 mcr p15, 0, r0, c8, c7, 0 @ invalidate whole TLB 1199#endif 1200 mcr p15, 0, r0, c7, c5, 6 @ invalidate BTC 1201 mcr p15, 0, r0, c7, c10, 4 @ DSB 1202 mcr p15, 0, r0, c7, c5, 4 @ ISB 1203 mov pc, lr 1204 1205/* 1206 * Clean and flush the cache to maintain consistency. 1207 * 1208 * On entry, 1209 * r0 = start address 1210 * r1 = end address (exclusive) 1211 * On exit, 1212 * r1, r2, r3, r9, r10, r11, r12 corrupted 1213 * This routine must preserve: 1214 * r4, r6, r7, r8 1215 */ 1216 .align 5 1217cache_clean_flush: 1218 mov r3, #16 1219 mov r11, r1 1220 b call_cache_fn 1221 1222__armv4_mpu_cache_flush: 1223 tst r4, #1 1224 movne pc, lr 1225 mov r2, #1 1226 mov r3, #0 1227 mcr p15, 0, ip, c7, c6, 0 @ invalidate D cache 1228 mov r1, #7 << 5 @ 8 segments 12291: orr r3, r1, #63 << 26 @ 64 entries 12302: mcr p15, 0, r3, c7, c14, 2 @ clean & invalidate D index 1231 subs r3, r3, #1 << 26 1232 bcs 2b @ entries 63 to 0 1233 subs r1, r1, #1 << 5 1234 bcs 1b @ segments 7 to 0 1235 1236 teq r2, #0 1237 mcrne p15, 0, ip, c7, c5, 0 @ invalidate I cache 1238 mcr p15, 0, ip, c7, c10, 4 @ drain WB 1239 mov pc, lr 1240 1241__fa526_cache_flush: 1242 tst r4, #1 1243 movne pc, lr 1244 mov r1, #0 1245 mcr p15, 0, r1, c7, c14, 0 @ clean and invalidate D cache 1246 mcr p15, 0, r1, c7, c5, 0 @ flush I cache 1247 mcr p15, 0, r1, c7, c10, 4 @ drain WB 1248 mov pc, lr 1249 1250__armv6_mmu_cache_flush: 1251 mov r1, #0 1252 tst r4, #1 1253 mcreq p15, 0, r1, c7, c14, 0 @ clean+invalidate D 1254 mcr p15, 0, r1, c7, c5, 0 @ invalidate I+BTB 1255 mcreq p15, 0, r1, c7, c15, 0 @ clean+invalidate unified 1256 mcr p15, 0, r1, c7, c10, 4 @ drain WB 1257 mov pc, lr 1258 1259__armv7_mmu_cache_flush: 1260 enable_cp15_barriers r10 1261 tst r4, #1 1262 bne iflush 1263 mrc p15, 0, r10, c0, c1, 5 @ read ID_MMFR1 1264 tst r10, #0xf << 16 @ hierarchical cache (ARMv7) 1265 mov r10, #0 1266 beq hierarchical 1267 mcr p15, 0, r10, c7, c14, 0 @ clean+invalidate D 1268 b iflush 1269hierarchical: 1270 dcache_line_size r1, r2 @ r1 := dcache min line size 1271 sub r2, r1, #1 @ r2 := line size mask 1272 bic r0, r0, r2 @ round down start to line size 1273 sub r11, r11, #1 @ end address is exclusive 1274 bic r11, r11, r2 @ round down end to line size 12750: cmp r0, r11 @ finished? 1276 bgt iflush 1277 mcr p15, 0, r0, c7, c14, 1 @ Dcache clean/invalidate by VA 1278 add r0, r0, r1 1279 b 0b 1280iflush: 1281 mcr p15, 0, r10, c7, c10, 4 @ DSB 1282 mcr p15, 0, r10, c7, c5, 0 @ invalidate I+BTB 1283 mcr p15, 0, r10, c7, c10, 4 @ DSB 1284 mcr p15, 0, r10, c7, c5, 4 @ ISB 1285 mov pc, lr 1286 1287__armv5tej_mmu_cache_flush: 1288 tst r4, #1 1289 movne pc, lr 12901: mrc p15, 0, APSR_nzcv, c7, c14, 3 @ test,clean,invalidate D cache 1291 bne 1b 1292 mcr p15, 0, r0, c7, c5, 0 @ flush I cache 1293 mcr p15, 0, r0, c7, c10, 4 @ drain WB 1294 mov pc, lr 1295 1296__armv4_mmu_cache_flush: 1297 tst r4, #1 1298 movne pc, lr 1299 mov r2, #64*1024 @ default: 32K dcache size (*2) 1300 mov r11, #32 @ default: 32 byte line size 1301 mrc p15, 0, r3, c0, c0, 1 @ read cache type 1302 teq r3, r9 @ cache ID register present? 1303 beq no_cache_id 1304 mov r1, r3, lsr #18 1305 and r1, r1, #7 1306 mov r2, #1024 1307 mov r2, r2, lsl r1 @ base dcache size *2 1308 tst r3, #1 << 14 @ test M bit 1309 addne r2, r2, r2, lsr #1 @ +1/2 size if M == 1 1310 mov r3, r3, lsr #12 1311 and r3, r3, #3 1312 mov r11, #8 1313 mov r11, r11, lsl r3 @ cache line size in bytes 1314no_cache_id: 1315 mov r1, pc 1316 bic r1, r1, #63 @ align to longest cache line 1317 add r2, r1, r2 13181: 1319 ARM( ldr r3, [r1], r11 ) @ s/w flush D cache 1320 THUMB( ldr r3, [r1] ) @ s/w flush D cache 1321 THUMB( add r1, r1, r11 ) 1322 teq r1, r2 1323 bne 1b 1324 1325 mcr p15, 0, r1, c7, c5, 0 @ flush I cache 1326 mcr p15, 0, r1, c7, c6, 0 @ flush D cache 1327 mcr p15, 0, r1, c7, c10, 4 @ drain WB 1328 mov pc, lr 1329 1330__armv3_mmu_cache_flush: 1331__armv3_mpu_cache_flush: 1332 tst r4, #1 1333 movne pc, lr 1334 mov r1, #0 1335 mcr p15, 0, r1, c7, c0, 0 @ invalidate whole cache v3 1336 mov pc, lr 1337 1338/* 1339 * Various debugging routines for printing hex characters and 1340 * memory, which again must be relocatable. 1341 */ 1342#ifdef DEBUG 1343 .align 2 1344 .type phexbuf,#object 1345phexbuf: .space 12 1346 .size phexbuf, . - phexbuf 1347 1348@ phex corrupts {r0, r1, r2, r3} 1349phex: adr r3, phexbuf 1350 mov r2, #0 1351 strb r2, [r3, r1] 13521: subs r1, r1, #1 1353 movmi r0, r3 1354 bmi puts 1355 and r2, r0, #15 1356 mov r0, r0, lsr #4 1357 cmp r2, #10 1358 addge r2, r2, #7 1359 add r2, r2, #'0' 1360 strb r2, [r3, r1] 1361 b 1b 1362 1363@ puts corrupts {r0, r1, r2, r3} 1364puts: loadsp r3, r2, r1 13651: ldrb r2, [r0], #1 1366 teq r2, #0 1367 moveq pc, lr 13682: writeb r2, r3, r1 1369 mov r1, #0x00020000 13703: subs r1, r1, #1 1371 bne 3b 1372 teq r2, #'\n' 1373 moveq r2, #'\r' 1374 beq 2b 1375 teq r0, #0 1376 bne 1b 1377 mov pc, lr 1378@ putc corrupts {r0, r1, r2, r3} 1379putc: 1380 mov r2, r0 1381 loadsp r3, r1, r0 1382 mov r0, #0 1383 b 2b 1384 1385@ memdump corrupts {r0, r1, r2, r3, r10, r11, r12, lr} 1386memdump: mov r12, r0 1387 mov r10, lr 1388 mov r11, #0 13892: mov r0, r11, lsl #2 1390 add r0, r0, r12 1391 mov r1, #8 1392 bl phex 1393 mov r0, #':' 1394 bl putc 13951: mov r0, #' ' 1396 bl putc 1397 ldr r0, [r12, r11, lsl #2] 1398 mov r1, #8 1399 bl phex 1400 and r0, r11, #7 1401 teq r0, #3 1402 moveq r0, #' ' 1403 bleq putc 1404 and r0, r11, #7 1405 add r11, r11, #1 1406 teq r0, #7 1407 bne 1b 1408 mov r0, #'\n' 1409 bl putc 1410 cmp r11, #64 1411 blt 2b 1412 mov pc, r10 1413#endif 1414 1415 .ltorg 1416 1417#ifdef CONFIG_ARM_VIRT_EXT 1418.align 5 1419__hyp_reentry_vectors: 1420 W(b) . @ reset 1421 W(b) . @ undef 1422#ifdef CONFIG_EFI_STUB 1423 W(b) __enter_kernel_from_hyp @ hvc from HYP 1424#else 1425 W(b) . @ svc 1426#endif 1427 W(b) . @ pabort 1428 W(b) . @ dabort 1429 W(b) __enter_kernel @ hyp 1430 W(b) . @ irq 1431 W(b) . @ fiq 1432#endif /* CONFIG_ARM_VIRT_EXT */ 1433 1434__enter_kernel: 1435 mov r0, #0 @ must be 0 1436 mov r1, r7 @ restore architecture number 1437 mov r2, r8 @ restore atags pointer 1438 ARM( mov pc, r4 ) @ call kernel 1439 M_CLASS( add r4, r4, #1 ) @ enter in Thumb mode for M class 1440 THUMB( bx r4 ) @ entry point is always ARM for A/R classes 1441 1442reloc_code_end: 1443 1444#ifdef CONFIG_EFI_STUB 1445__enter_kernel_from_hyp: 1446 mrc p15, 4, r0, c1, c0, 0 @ read HSCTLR 1447 bic r0, r0, #0x5 @ disable MMU and caches 1448 mcr p15, 4, r0, c1, c0, 0 @ write HSCTLR 1449 isb 1450 b __enter_kernel 1451 1452ENTRY(efi_enter_kernel) 1453 mov r4, r0 @ preserve image base 1454 mov r8, r1 @ preserve DT pointer 1455 1456 adr_l r0, call_cache_fn 1457 adr r1, 0f @ clean the region of code we 1458 bl cache_clean_flush @ may run with the MMU off 1459 1460#ifdef CONFIG_ARM_VIRT_EXT 1461 @ 1462 @ The EFI spec does not support booting on ARM in HYP mode, 1463 @ since it mandates that the MMU and caches are on, with all 1464 @ 32-bit addressable DRAM mapped 1:1 using short descriptors. 1465 @ 1466 @ While the EDK2 reference implementation adheres to this, 1467 @ U-Boot might decide to enter the EFI stub in HYP mode 1468 @ anyway, with the MMU and caches either on or off. 1469 @ 1470 mrs r0, cpsr @ get the current mode 1471 msr spsr_cxsf, r0 @ record boot mode 1472 and r0, r0, #MODE_MASK @ are we running in HYP mode? 1473 cmp r0, #HYP_MODE 1474 bne .Lefi_svc 1475 1476 mrc p15, 4, r1, c1, c0, 0 @ read HSCTLR 1477 tst r1, #0x1 @ MMU enabled at HYP? 1478 beq 1f 1479 1480 @ 1481 @ When running in HYP mode with the caches on, we're better 1482 @ off just carrying on using the cached 1:1 mapping that the 1483 @ firmware provided. Set up the HYP vectors so HVC instructions 1484 @ issued from HYP mode take us to the correct handler code. We 1485 @ will disable the MMU before jumping to the kernel proper. 1486 @ 1487 ARM( bic r1, r1, #(1 << 30) ) @ clear HSCTLR.TE 1488 THUMB( orr r1, r1, #(1 << 30) ) @ set HSCTLR.TE 1489 mcr p15, 4, r1, c1, c0, 0 1490 adr r0, __hyp_reentry_vectors 1491 mcr p15, 4, r0, c12, c0, 0 @ set HYP vector base (HVBAR) 1492 isb 1493 b .Lefi_hyp 1494 1495 @ 1496 @ When running in HYP mode with the caches off, we need to drop 1497 @ into SVC mode now, and let the decompressor set up its cached 1498 @ 1:1 mapping as usual. 1499 @ 15001: mov r9, r4 @ preserve image base 1501 bl __hyp_stub_install @ install HYP stub vectors 1502 safe_svcmode_maskall r1 @ drop to SVC mode 1503 msr spsr_cxsf, r0 @ record boot mode 1504 orr r4, r9, #1 @ restore image base and set LSB 1505 b .Lefi_hyp 1506.Lefi_svc: 1507#endif 1508 mrc p15, 0, r0, c1, c0, 0 @ read SCTLR 1509 tst r0, #0x1 @ MMU enabled? 1510 orreq r4, r4, #1 @ set LSB if not 1511 1512.Lefi_hyp: 1513 mov r0, r8 @ DT start 1514 add r1, r8, r2 @ DT end 1515 bl cache_clean_flush 1516 1517 adr r0, 0f @ switch to our stack 1518 ldr sp, [r0] 1519 add sp, sp, r0 1520 1521 mov r5, #0 @ appended DTB size 1522 mov r7, #0xFFFFFFFF @ machine ID 1523 b wont_overwrite 1524ENDPROC(efi_enter_kernel) 15250: .long .L_user_stack_end - . 1526#endif 1527 1528 .align 1529 .section ".stack", "aw", %nobits 1530.L_user_stack: .space 4096 1531.L_user_stack_end: 1532