xref: /openbmc/linux/arch/powerpc/kernel/head_40x.S (revision 65844828) 
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 *    Copyright (c) 1995-1996 Gary Thomas <gdt@linuxppc.org>
4 *      Initial PowerPC version.
5 *    Copyright (c) 1996 Cort Dougan <cort@cs.nmt.edu>
6 *      Rewritten for PReP
7 *    Copyright (c) 1996 Paul Mackerras <paulus@cs.anu.edu.au>
8 *      Low-level exception handers, MMU support, and rewrite.
9 *    Copyright (c) 1997 Dan Malek <dmalek@jlc.net>
10 *      PowerPC 8xx modifications.
11 *    Copyright (c) 1998-1999 TiVo, Inc.
12 *      PowerPC 403GCX modifications.
13 *    Copyright (c) 1999 Grant Erickson <grant@lcse.umn.edu>
14 *      PowerPC 403GCX/405GP modifications.
15 *    Copyright 2000 MontaVista Software Inc.
16 *	PPC405 modifications
17 *      PowerPC 403GCX/405GP modifications.
18 * 	Author: MontaVista Software, Inc.
19 *         	frank_rowand@mvista.com or source@mvista.com
20 * 	   	debbie_chu@mvista.com
21 *
22 *    Module name: head_4xx.S
23 *
24 *    Description:
25 *      Kernel execution entry point code.
26 */
27
28#include <linux/init.h>
29#include <linux/pgtable.h>
30#include <linux/sizes.h>
31#include <linux/linkage.h>
32
33#include <asm/processor.h>
34#include <asm/page.h>
35#include <asm/mmu.h>
36#include <asm/cputable.h>
37#include <asm/thread_info.h>
38#include <asm/ppc_asm.h>
39#include <asm/asm-offsets.h>
40#include <asm/ptrace.h>
41#include <asm/export.h>
42
43#include "head_32.h"
44
45/* As with the other PowerPC ports, it is expected that when code
46 * execution begins here, the following registers contain valid, yet
47 * optional, information:
48 *
49 *   r3 - Board info structure pointer (DRAM, frequency, MAC address, etc.)
50 *   r4 - Starting address of the init RAM disk
51 *   r5 - Ending address of the init RAM disk
52 *   r6 - Start of kernel command line string (e.g. "mem=96m")
53 *   r7 - End of kernel command line string
54 *
55 * This is all going to change RSN when we add bi_recs.......  -- Dan
56 */
57	__HEAD
58_GLOBAL(_stext);
59_GLOBAL(_start);
60
61	mr	r31,r3			/* save device tree ptr */
62
63	/* We have to turn on the MMU right away so we get cache modes
64	 * set correctly.
65	 */
66	bl	initial_mmu
67
68/* We now have the lower 16 Meg mapped into TLB entries, and the caches
69 * ready to work.
70 */
71turn_on_mmu:
72	lis	r0,MSR_KERNEL@h
73	ori	r0,r0,MSR_KERNEL@l
74	mtspr	SPRN_SRR1,r0
75	lis	r0,start_here@h
76	ori	r0,r0,start_here@l
77	mtspr	SPRN_SRR0,r0
78	rfi				/* enables MMU */
79	b	.			/* prevent prefetch past rfi */
80
81/*
82 * This area is used for temporarily saving registers during the
83 * critical exception prolog.
84 */
85	. = 0xc0
86crit_save:
87_GLOBAL(crit_r10)
88	.space	4
89_GLOBAL(crit_r11)
90	.space	4
91_GLOBAL(crit_srr0)
92	.space	4
93_GLOBAL(crit_srr1)
94	.space	4
95_GLOBAL(crit_r1)
96	.space	4
97_GLOBAL(crit_dear)
98	.space	4
99_GLOBAL(crit_esr)
100	.space	4
101
102/*
103 * Exception prolog for critical exceptions.  This is a little different
104 * from the normal exception prolog above since a critical exception
105 * can potentially occur at any point during normal exception processing.
106 * Thus we cannot use the same SPRG registers as the normal prolog above.
107 * Instead we use a couple of words of memory at low physical addresses.
108 * This is OK since we don't support SMP on these processors.
109 */
110.macro CRITICAL_EXCEPTION_PROLOG trapno name
111	stw	r10,crit_r10@l(0)	/* save two registers to work with */
112	stw	r11,crit_r11@l(0)
113	mfspr	r10,SPRN_SRR0
114	mfspr	r11,SPRN_SRR1
115	stw	r10,crit_srr0@l(0)
116	stw	r11,crit_srr1@l(0)
117	mfspr	r10,SPRN_DEAR
118	mfspr	r11,SPRN_ESR
119	stw	r10,crit_dear@l(0)
120	stw	r11,crit_esr@l(0)
121	mfcr	r10			/* save CR in r10 for now	   */
122	mfspr	r11,SPRN_SRR3		/* check whether user or kernel    */
123	andi.	r11,r11,MSR_PR
124	lis	r11,(critirq_ctx-PAGE_OFFSET)@ha
125	lwz	r11,(critirq_ctx-PAGE_OFFSET)@l(r11)
126	beq	1f
127	/* COMING FROM USER MODE */
128	mfspr	r11,SPRN_SPRG_THREAD	/* if from user, start at top of   */
129	lwz	r11,TASK_STACK-THREAD(r11) /* this thread's kernel stack */
1301:	stw	r1,crit_r1@l(0)
131	addi	r1,r11,THREAD_SIZE-INT_FRAME_SIZE /* Alloc an excpt frm  */
132	LOAD_REG_IMMEDIATE(r11, MSR_KERNEL & ~(MSR_ME|MSR_DE|MSR_CE)) /* re-enable MMU */
133	mtspr	SPRN_SRR1, r11
134	lis	r11, 1f@h
135	ori	r11, r11, 1f@l
136	mtspr	SPRN_SRR0, r11
137	rfi
138
139	.text
1401:
141\name\()_virt:
142	lwz	r11,crit_r1@l(0)
143	stw	r11,GPR1(r1)
144	stw	r11,0(r1)
145	mr	r11,r1
146	stw	r10,_CCR(r11)		/* save various registers	   */
147	stw	r12,GPR12(r11)
148	stw	r9,GPR9(r11)
149	mflr	r10
150	stw	r10,_LINK(r11)
151	lis	r9,PAGE_OFFSET@ha
152	lwz	r10,crit_r10@l(r9)
153	lwz	r12,crit_r11@l(r9)
154	stw	r10,GPR10(r11)
155	stw	r12,GPR11(r11)
156	lwz	r12,crit_dear@l(r9)
157	lwz	r9,crit_esr@l(r9)
158	stw	r12,_DEAR(r11)		/* since they may have had stuff   */
159	stw	r9,_ESR(r11)		/* exception was taken		   */
160	mfspr	r12,SPRN_SRR2
161	mfspr	r9,SPRN_SRR3
162	rlwinm	r9,r9,0,14,12		/* clear MSR_WE (necessary?)	   */
163	COMMON_EXCEPTION_PROLOG_END \trapno + 2
164_ASM_NOKPROBE_SYMBOL(\name\()_virt)
165.endm
166
167	/*
168	 * State at this point:
169	 * r9 saved in stack frame, now saved SRR3 & ~MSR_WE
170	 * r10 saved in crit_r10 and in stack frame, trashed
171	 * r11 saved in crit_r11 and in stack frame,
172	 *	now phys stack/exception frame pointer
173	 * r12 saved in stack frame, now saved SRR2
174	 * CR saved in stack frame, CR0.EQ = !SRR3.PR
175	 * LR, DEAR, ESR in stack frame
176	 * r1 saved in stack frame, now virt stack/excframe pointer
177	 * r0, r3-r8 saved in stack frame
178	 */
179
180/*
181 * Exception vectors.
182 */
183#define CRITICAL_EXCEPTION(n, label, hdlr)			\
184	START_EXCEPTION(n, label);				\
185	CRITICAL_EXCEPTION_PROLOG n label;				\
186	prepare_transfer_to_handler;				\
187	bl	hdlr;						\
188	b	ret_from_crit_exc
189
190/*
191 * 0x0100 - Critical Interrupt Exception
192 */
193	CRITICAL_EXCEPTION(0x0100, CriticalInterrupt, unknown_exception)
194
195/*
196 * 0x0200 - Machine Check Exception
197 */
198	CRITICAL_EXCEPTION(0x0200, MachineCheck, machine_check_exception)
199
200/*
201 * 0x0300 - Data Storage Exception
202 * This happens for just a few reasons.  U0 set (but we don't do that),
203 * or zone protection fault (user violation, write to protected page).
204 * The other Data TLB exceptions bail out to this point
205 * if they can't resolve the lightweight TLB fault.
206 */
207	START_EXCEPTION(0x0300,	DataStorage)
208	EXCEPTION_PROLOG 0x300 DataStorage handle_dar_dsisr=1
209	prepare_transfer_to_handler
210	bl	do_page_fault
211	b	interrupt_return
212
213/*
214 * 0x0400 - Instruction Storage Exception
215 * This is caused by a fetch from non-execute or guarded pages.
216 */
217	START_EXCEPTION(0x0400, InstructionAccess)
218	EXCEPTION_PROLOG 0x400 InstructionAccess
219	li	r5,0
220	stw	r5, _ESR(r11)		/* Zero ESR */
221	stw	r12, _DEAR(r11)		/* SRR0 as DEAR */
222	prepare_transfer_to_handler
223	bl	do_page_fault
224	b	interrupt_return
225
226/* 0x0500 - External Interrupt Exception */
227	EXCEPTION(0x0500, HardwareInterrupt, do_IRQ)
228
229/* 0x0600 - Alignment Exception */
230	START_EXCEPTION(0x0600, Alignment)
231	EXCEPTION_PROLOG 0x600 Alignment handle_dar_dsisr=1
232	prepare_transfer_to_handler
233	bl	alignment_exception
234	REST_NVGPRS(r1)
235	b	interrupt_return
236
237/* 0x0700 - Program Exception */
238	START_EXCEPTION(0x0700, ProgramCheck)
239	EXCEPTION_PROLOG 0x700 ProgramCheck handle_dar_dsisr=1
240	prepare_transfer_to_handler
241	bl	program_check_exception
242	REST_NVGPRS(r1)
243	b	interrupt_return
244
245	EXCEPTION(0x0800, Trap_08, unknown_exception)
246	EXCEPTION(0x0900, Trap_09, unknown_exception)
247	EXCEPTION(0x0A00, Trap_0A, unknown_exception)
248	EXCEPTION(0x0B00, Trap_0B, unknown_exception)
249
250/* 0x0C00 - System Call Exception */
251	START_EXCEPTION(0x0C00,	SystemCall)
252	SYSCALL_ENTRY	0xc00
253/*	Trap_0D is commented out to get more space for system call exception */
254
255/*	EXCEPTION(0x0D00, Trap_0D, unknown_exception) */
256	EXCEPTION(0x0E00, Trap_0E, unknown_exception)
257	EXCEPTION(0x0F00, Trap_0F, unknown_exception)
258
259/* 0x1000 - Programmable Interval Timer (PIT) Exception */
260	START_EXCEPTION(0x1000, DecrementerTrap)
261	b Decrementer
262
263/* 0x1010 - Fixed Interval Timer (FIT) Exception */
264	START_EXCEPTION(0x1010, FITExceptionTrap)
265	b FITException
266
267/* 0x1020 - Watchdog Timer (WDT) Exception */
268	START_EXCEPTION(0x1020, WDTExceptionTrap)
269	b WDTException
270
271/* 0x1100 - Data TLB Miss Exception
272 * As the name implies, translation is not in the MMU, so search the
273 * page tables and fix it.  The only purpose of this function is to
274 * load TLB entries from the page table if they exist.
275 */
276	START_EXCEPTION(0x1100,	DTLBMiss)
277	mtspr	SPRN_SPRG_SCRATCH5, r10 /* Save some working registers */
278	mtspr	SPRN_SPRG_SCRATCH6, r11
279	mtspr	SPRN_SPRG_SCRATCH3, r12
280	mtspr	SPRN_SPRG_SCRATCH4, r9
281	mfcr	r12
282	mfspr	r9, SPRN_PID
283	rlwimi	r12, r9, 0, 0xff
284	mfspr	r10, SPRN_DEAR		/* Get faulting address */
285
286	/* If we are faulting a kernel address, we have to use the
287	 * kernel page tables.
288	 */
289	lis	r11, PAGE_OFFSET@h
290	cmplw	r10, r11
291	blt+	3f
292	lis	r11, swapper_pg_dir@h
293	ori	r11, r11, swapper_pg_dir@l
294	li	r9, 0
295	mtspr	SPRN_PID, r9		/* TLB will have 0 TID */
296	b	4f
297
298	/* Get the PGD for the current thread.
299	 */
3003:
301	mfspr	r11,SPRN_SPRG_THREAD
302	lwz	r11,PGDIR(r11)
303#ifdef CONFIG_PPC_KUAP
304	rlwinm.	r9, r9, 0, 0xff
305	beq	5f			/* Kuap fault */
306#endif
3074:
308	tophys(r11, r11)
309	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */
310	lwz	r11, 0(r11)		/* Get L1 entry */
311	andi.	r9, r11, _PMD_PRESENT	/* Check if it points to a PTE page */
312	beq	2f			/* Bail if no table */
313
314	rlwimi	r11, r10, 22, 20, 29	/* Compute PTE address */
315	lwz	r11, 0(r11)		/* Get Linux PTE */
316	li	r9, _PAGE_PRESENT | _PAGE_ACCESSED
317	andc.	r9, r9, r11		/* Check permission */
318	bne	5f
319
320	rlwinm	r9, r11, 1, _PAGE_RW	/* dirty => rw */
321	and	r9, r9, r11		/* hwwrite = dirty & rw */
322	rlwimi	r11, r9, 0, _PAGE_RW	/* replace rw by hwwrite */
323
324	/* Create TLB tag.  This is the faulting address plus a static
325	 * set of bits.  These are size, valid, E, U0.
326	*/
327	li	r9, 0x00c0
328	rlwimi	r10, r9, 0, 20, 31
329
330	b	finish_tlb_load
331
3322:	/* Check for possible large-page pmd entry */
333	rlwinm.	r9, r11, 2, 22, 24
334	beq	5f
335
336	/* Create TLB tag.  This is the faulting address, plus a static
337	 * set of bits (valid, E, U0) plus the size from the PMD.
338	 */
339	ori	r9, r9, 0x40
340	rlwimi	r10, r9, 0, 20, 31
341
342	b	finish_tlb_load
343
3445:
345	/* The bailout.  Restore registers to pre-exception conditions
346	 * and call the heavyweights to help us out.
347	 */
348	mtspr	SPRN_PID, r12
349	mtcrf	0x80, r12
350	mfspr	r9, SPRN_SPRG_SCRATCH4
351	mfspr	r12, SPRN_SPRG_SCRATCH3
352	mfspr	r11, SPRN_SPRG_SCRATCH6
353	mfspr	r10, SPRN_SPRG_SCRATCH5
354	b	DataStorage
355
356/* 0x1200 - Instruction TLB Miss Exception
357 * Nearly the same as above, except we get our information from different
358 * registers and bailout to a different point.
359 */
360	START_EXCEPTION(0x1200,	ITLBMiss)
361	mtspr	SPRN_SPRG_SCRATCH5, r10	 /* Save some working registers */
362	mtspr	SPRN_SPRG_SCRATCH6, r11
363	mtspr	SPRN_SPRG_SCRATCH3, r12
364	mtspr	SPRN_SPRG_SCRATCH4, r9
365	mfcr	r12
366	mfspr	r9, SPRN_PID
367	rlwimi	r12, r9, 0, 0xff
368	mfspr	r10, SPRN_SRR0		/* Get faulting address */
369
370	/* If we are faulting a kernel address, we have to use the
371	 * kernel page tables.
372	 */
373	lis	r11, PAGE_OFFSET@h
374	cmplw	r10, r11
375	blt+	3f
376	lis	r11, swapper_pg_dir@h
377	ori	r11, r11, swapper_pg_dir@l
378	li	r9, 0
379	mtspr	SPRN_PID, r9		/* TLB will have 0 TID */
380	b	4f
381
382	/* Get the PGD for the current thread.
383	 */
3843:
385	mfspr	r11,SPRN_SPRG_THREAD
386	lwz	r11,PGDIR(r11)
387#ifdef CONFIG_PPC_KUAP
388	rlwinm.	r9, r9, 0, 0xff
389	beq	5f			/* Kuap fault */
390#endif
3914:
392	tophys(r11, r11)
393	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */
394	lwz	r11, 0(r11)		/* Get L1 entry */
395	andi.	r9, r11, _PMD_PRESENT	/* Check if it points to a PTE page */
396	beq	2f			/* Bail if no table */
397
398	rlwimi	r11, r10, 22, 20, 29	/* Compute PTE address */
399	lwz	r11, 0(r11)		/* Get Linux PTE */
400	li	r9, _PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_EXEC
401	andc.	r9, r9, r11		/* Check permission */
402	bne	5f
403
404	rlwinm	r9, r11, 1, _PAGE_RW	/* dirty => rw */
405	and	r9, r9, r11		/* hwwrite = dirty & rw */
406	rlwimi	r11, r9, 0, _PAGE_RW	/* replace rw by hwwrite */
407
408	/* Create TLB tag.  This is the faulting address plus a static
409	 * set of bits.  These are size, valid, E, U0.
410	*/
411	li	r9, 0x00c0
412	rlwimi	r10, r9, 0, 20, 31
413
414	b	finish_tlb_load
415
4162:	/* Check for possible large-page pmd entry */
417	rlwinm.	r9, r11, 2, 22, 24
418	beq	5f
419
420	/* Create TLB tag.  This is the faulting address, plus a static
421	 * set of bits (valid, E, U0) plus the size from the PMD.
422	 */
423	ori	r9, r9, 0x40
424	rlwimi	r10, r9, 0, 20, 31
425
426	b	finish_tlb_load
427
4285:
429	/* The bailout.  Restore registers to pre-exception conditions
430	 * and call the heavyweights to help us out.
431	 */
432	mtspr	SPRN_PID, r12
433	mtcrf	0x80, r12
434	mfspr	r9, SPRN_SPRG_SCRATCH4
435	mfspr	r12, SPRN_SPRG_SCRATCH3
436	mfspr	r11, SPRN_SPRG_SCRATCH6
437	mfspr	r10, SPRN_SPRG_SCRATCH5
438	b	InstructionAccess
439
440	EXCEPTION(0x1300, Trap_13, unknown_exception)
441	EXCEPTION(0x1400, Trap_14, unknown_exception)
442	EXCEPTION(0x1500, Trap_15, unknown_exception)
443	EXCEPTION(0x1600, Trap_16, unknown_exception)
444	EXCEPTION(0x1700, Trap_17, unknown_exception)
445	EXCEPTION(0x1800, Trap_18, unknown_exception)
446	EXCEPTION(0x1900, Trap_19, unknown_exception)
447	EXCEPTION(0x1A00, Trap_1A, unknown_exception)
448	EXCEPTION(0x1B00, Trap_1B, unknown_exception)
449	EXCEPTION(0x1C00, Trap_1C, unknown_exception)
450	EXCEPTION(0x1D00, Trap_1D, unknown_exception)
451	EXCEPTION(0x1E00, Trap_1E, unknown_exception)
452	EXCEPTION(0x1F00, Trap_1F, unknown_exception)
453
454/* Check for a single step debug exception while in an exception
455 * handler before state has been saved.  This is to catch the case
456 * where an instruction that we are trying to single step causes
457 * an exception (eg ITLB/DTLB miss) and thus the first instruction of
458 * the exception handler generates a single step debug exception.
459 *
460 * If we get a debug trap on the first instruction of an exception handler,
461 * we reset the MSR_DE in the _exception handler's_ MSR (the debug trap is
462 * a critical exception, so we are using SPRN_CSRR1 to manipulate the MSR).
463 * The exception handler was handling a non-critical interrupt, so it will
464 * save (and later restore) the MSR via SPRN_SRR1, which will still have
465 * the MSR_DE bit set.
466 */
467	/* 0x2000 - Debug Exception */
468	START_EXCEPTION(0x2000, DebugTrap)
469	CRITICAL_EXCEPTION_PROLOG 0x2000 DebugTrap
470
471	/*
472	 * If this is a single step or branch-taken exception in an
473	 * exception entry sequence, it was probably meant to apply to
474	 * the code where the exception occurred (since exception entry
475	 * doesn't turn off DE automatically).  We simulate the effect
476	 * of turning off DE on entry to an exception handler by turning
477	 * off DE in the SRR3 value and clearing the debug status.
478	 */
479	mfspr	r10,SPRN_DBSR		/* check single-step/branch taken */
480	andis.	r10,r10,DBSR_IC@h
481	beq+	2f
482
483	andi.	r10,r9,MSR_IR|MSR_PR	/* check supervisor + MMU off */
484	beq	1f			/* branch and fix it up */
485
486	mfspr   r10,SPRN_SRR2		/* Faulting instruction address */
487	cmplwi  r10,0x2100
488	bgt+    2f			/* address above exception vectors */
489
490	/* here it looks like we got an inappropriate debug exception. */
4911:	rlwinm	r9,r9,0,~MSR_DE		/* clear DE in the SRR3 value */
492	lis	r10,DBSR_IC@h		/* clear the IC event */
493	mtspr	SPRN_DBSR,r10
494	/* restore state and get out */
495	lwz	r10,_CCR(r11)
496	lwz	r0,GPR0(r11)
497	lwz	r1,GPR1(r11)
498	mtcrf	0x80,r10
499	mtspr	SPRN_SRR2,r12
500	mtspr	SPRN_SRR3,r9
501	lwz	r9,GPR9(r11)
502	lwz	r12,GPR12(r11)
503	lwz	r10,crit_r10@l(0)
504	lwz	r11,crit_r11@l(0)
505	rfci
506	b	.
507
508	/* continue normal handling for a critical exception... */
5092:	mfspr	r4,SPRN_DBSR
510	stw	r4,_ESR(r11)		/* DebugException takes DBSR in _ESR */
511	prepare_transfer_to_handler
512	bl	DebugException
513	b	ret_from_crit_exc
514
515	/* Programmable Interval Timer (PIT) Exception. (from 0x1000) */
516	__HEAD
517Decrementer:
518	EXCEPTION_PROLOG 0x1000 Decrementer
519	lis	r0,TSR_PIS@h
520	mtspr	SPRN_TSR,r0		/* Clear the PIT exception */
521	prepare_transfer_to_handler
522	bl	timer_interrupt
523	b	interrupt_return
524
525	/* Fixed Interval Timer (FIT) Exception. (from 0x1010) */
526	__HEAD
527FITException:
528	EXCEPTION_PROLOG 0x1010 FITException
529	prepare_transfer_to_handler
530	bl	unknown_exception
531	b	interrupt_return
532
533	/* Watchdog Timer (WDT) Exception. (from 0x1020) */
534	__HEAD
535WDTException:
536	CRITICAL_EXCEPTION_PROLOG 0x1020 WDTException
537	prepare_transfer_to_handler
538	bl	WatchdogException
539	b	ret_from_crit_exc
540
541/* Other PowerPC processors, namely those derived from the 6xx-series
542 * have vectors from 0x2100 through 0x2F00 defined, but marked as reserved.
543 * However, for the 4xx-series processors these are neither defined nor
544 * reserved.
545 */
546
547	__HEAD
548	/* Damn, I came up one instruction too many to fit into the
549	 * exception space :-).  Both the instruction and data TLB
550	 * miss get to this point to load the TLB.
551	 * 	r10 - TLB_TAG value
552	 * 	r11 - Linux PTE
553	 *	r9 - available to use
554	 *	PID - loaded with proper value when we get here
555	 *	Upon exit, we reload everything and RFI.
556	 * Actually, it will fit now, but oh well.....a common place
557	 * to load the TLB.
558	 */
559tlb_4xx_index:
560	.long	0
561finish_tlb_load:
562	/*
563	 * Clear out the software-only bits in the PTE to generate the
564	 * TLB_DATA value.  These are the bottom 2 bits of the RPM, the
565	 * top 3 bits of the zone field, and M.
566	 */
567	li	r9, 0x0ce2
568	andc	r11, r11, r9
569
570	/* load the next available TLB index. */
571	lwz	r9, tlb_4xx_index@l(0)
572	addi	r9, r9, 1
573	andi.	r9, r9, PPC40X_TLB_SIZE - 1
574	stw	r9, tlb_4xx_index@l(0)
575
576	tlbwe	r11, r9, TLB_DATA		/* Load TLB LO */
577	tlbwe	r10, r9, TLB_TAG		/* Load TLB HI */
578
579	/* Done...restore registers and get out of here.
580	*/
581	mtspr	SPRN_PID, r12
582	mtcrf	0x80, r12
583	mfspr	r9, SPRN_SPRG_SCRATCH4
584	mfspr	r12, SPRN_SPRG_SCRATCH3
585	mfspr	r11, SPRN_SPRG_SCRATCH6
586	mfspr	r10, SPRN_SPRG_SCRATCH5
587	rfi			/* Should sync shadow TLBs */
588	b	.		/* prevent prefetch past rfi */
589
590/* This is where the main kernel code starts.
591 */
592start_here:
593
594	/* ptr to current */
595	lis	r2,init_task@h
596	ori	r2,r2,init_task@l
597
598	/* ptr to phys current thread */
599	tophys(r4,r2)
600	addi	r4,r4,THREAD	/* init task's THREAD */
601	mtspr	SPRN_SPRG_THREAD,r4
602
603	/* stack */
604	lis	r1,init_thread_union@ha
605	addi	r1,r1,init_thread_union@l
606	li	r0,0
607	stwu	r0,THREAD_SIZE-STACK_FRAME_MIN_SIZE(r1)
608
609	bl	early_init	/* We have to do this with MMU on */
610
611/*
612 * Decide what sort of machine this is and initialize the MMU.
613 */
614#ifdef CONFIG_KASAN
615	bl	kasan_early_init
616#endif
617	li	r3,0
618	mr	r4,r31
619	bl	machine_init
620	bl	MMU_init
621
622/* Go back to running unmapped so we can load up new values
623 * and change to using our exception vectors.
624 * On the 4xx, all we have to do is invalidate the TLB to clear
625 * the old 16M byte TLB mappings.
626 */
627	lis	r4,2f@h
628	ori	r4,r4,2f@l
629	tophys(r4,r4)
630	lis	r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@h
631	ori	r3,r3,(MSR_KERNEL & ~(MSR_IR|MSR_DR))@l
632	mtspr	SPRN_SRR0,r4
633	mtspr	SPRN_SRR1,r3
634	rfi
635	b	.		/* prevent prefetch past rfi */
636
637/* Load up the kernel context */
6382:
639	sync			/* Flush to memory before changing TLB */
640	tlbia
641	isync			/* Flush shadow TLBs */
642
643	/* set up the PTE pointers for the Abatron bdiGDB.
644	*/
645	lis	r6, swapper_pg_dir@h
646	ori	r6, r6, swapper_pg_dir@l
647	lis	r5, abatron_pteptrs@h
648	ori	r5, r5, abatron_pteptrs@l
649	stw	r5, 0xf0(0)	/* Must match your Abatron config file */
650	tophys(r5,r5)
651	stw	r6, 0(r5)
652
653/* Now turn on the MMU for real! */
654	lis	r4,MSR_KERNEL@h
655	ori	r4,r4,MSR_KERNEL@l
656	lis	r3,start_kernel@h
657	ori	r3,r3,start_kernel@l
658	mtspr	SPRN_SRR0,r3
659	mtspr	SPRN_SRR1,r4
660	rfi			/* enable MMU and jump to start_kernel */
661	b	.		/* prevent prefetch past rfi */
662
663/* Set up the initial MMU state so we can do the first level of
664 * kernel initialization.  This maps the first 32 MBytes of memory 1:1
665 * virtual to physical and more importantly sets the cache mode.
666 */
667SYM_FUNC_START_LOCAL(initial_mmu)
668	tlbia			/* Invalidate all TLB entries */
669	isync
670
671	/* We should still be executing code at physical address 0x0000xxxx
672	 * at this point. However, start_here is at virtual address
673	 * 0xC000xxxx. So, set up a TLB mapping to cover this once
674	 * translation is enabled.
675	 */
676
677	lis	r3,KERNELBASE@h		/* Load the kernel virtual address */
678	ori	r3,r3,KERNELBASE@l
679	tophys(r4,r3)			/* Load the kernel physical address */
680
681	iccci	r0,r3			/* Invalidate the i-cache before use */
682
683	/* Load the kernel PID.
684	*/
685	li	r0,0
686	mtspr	SPRN_PID,r0
687	sync
688
689	/* Configure and load one entry into TLB slots 63 */
690	clrrwi	r4,r4,10		/* Mask off the real page number */
691	ori	r4,r4,(TLB_WR | TLB_EX)	/* Set the write and execute bits */
692
693	clrrwi	r3,r3,10		/* Mask off the effective page number */
694	ori	r3,r3,(TLB_VALID | TLB_PAGESZ(PAGESZ_16M))
695
696        li      r0,63                    /* TLB slot 63 */
697
698	tlbwe	r4,r0,TLB_DATA		/* Load the data portion of the entry */
699	tlbwe	r3,r0,TLB_TAG		/* Load the tag portion of the entry */
700
701	li	r0,62			/* TLB slot 62 */
702	addis	r4,r4,SZ_16M@h
703	addis	r3,r3,SZ_16M@h
704	tlbwe	r4,r0,TLB_DATA		/* Load the data portion of the entry */
705	tlbwe	r3,r0,TLB_TAG		/* Load the tag portion of the entry */
706
707	isync
708
709	/* Establish the exception vector base
710	*/
711	lis	r4,KERNELBASE@h		/* EVPR only uses the high 16-bits */
712	tophys(r0,r4)			/* Use the physical address */
713	mtspr	SPRN_EVPR,r0
714
715	blr
716SYM_FUNC_END(initial_mmu)
717
718_GLOBAL(abort)
719        mfspr   r13,SPRN_DBCR0
720        oris    r13,r13,DBCR0_RST_SYSTEM@h
721        mtspr   SPRN_DBCR0,r13
722